Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá, hoje quando fui acessar minha conta no site do Itaú, notei que estava em uma página fake.
Mesmo digitando o site corretamente, continuo na página fake...
Se puderem me ajudar, eu agradeço muito!
Abaixo o log do HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:23:15, on 01/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\POWERT~1\LOGOME~1.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Windows\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 7522 bytes
Wings, acho que o problema não era de nenhum malware não e sim problema na segurança do próprio site do banco.
No final da tarde de ontem o site do banco já havia voltado ao normal... (Alguém deve ter invadido, talvez)
Mas por via das dúvidas, aí vão os logs
======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 17:04:26 on 02/04/2011, Normal boot
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Windows@WINDOWS-PC (Hewlett-Packard HP Pavilion dv2500 Notebook PC)
============== ACTION(S) ==============
File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
File deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\prefs.js.ask.bak
File deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\searchplugins\ask.uk.xml
Folder deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\conduit
Folder deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\ConduitEngine
Folder deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\extensions\engine@conduit.com
File deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\searchplugins\conduit.xml
Folder deleted: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant
Folder deleted: C:\Program Files\Ask Search Assistant
Folder deleted: C:\Users\Windows\AppData\Local\Conduit
Folder deleted: C:\Users\Windows\AppData\LocalLow\Conduit
Folder deleted: C:\Program Files\Conduit
Folder deleted: C:\Users\Windows\AppData\LocalLow\ConduitEngine
Folder deleted: C:\Program Files\ConduitEngine
Folder deleted: C:\Users\Windows\AppData\LocalLow\PriceGong
(!) -- Temporary files deleted.
-- File opened: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\Prefs.js --
Line deleted: user_pref("CT2567694.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...
Line deleted: user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Line deleted: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2567694,ConduitEngine");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2567694");
Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 01 2011 17:28:56 GMT-0300 (Hora ...
Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.locale", "en");
Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Apr 01 2011 17:28:56 GMT-0300 (Hora ofic...
Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line deleted: user_pref("CommunityToolbar.alert.userId", "29ec6adb-941a-4852-b1d2-ca2e88c2d720");Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed May 26 2010 12:42:51 GMT-0300 (Hor...
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2567694");
Line deleted: user_pref("ConduitEngine.CTID", "ConduitEngine");
Line deleted: user_pref("ConduitEngine.FirstServerDate", "01/06/2011 15");
Line deleted: user_pref("ConduitEngine.FirstTime", true);
Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line deleted: user_pref("ConduitEngine.Initialize", true);
Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line deleted: user_pref("ConduitEngine.InstalledDate", "Thu Jan 06 2011 10:35:40 GMT-0200");
Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 02 2011 12:16:33 GMT-0300 (Hora oficia...
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Apr 02 2011 16:58:17 GMT-0300 (Hora oficial do Bra...
Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 02 2011 16:58:17 GMT-0300 (Hora oficial do...
Line deleted: user_pref("ConduitEngine.UserID", "UN86381982200296769");
Line deleted: user_pref("ConduitEngine.componentAlertEnabled", true);
Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 02 2011 12:16:33 GMT-0300 (Hora ...
Line deleted: user_pref("ConduitEngine.initDone", true);
Line deleted: user_pref("ConduitEngine.usagesFlag", 1);Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&Sea...
Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=");
-- File closed --
Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Classes\CLSID\{434AAC41-79DF-4783-8184-7FF74B96CC8A}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434AAC41-79DF-4783-8184-7FF74B96CC8A}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2567694
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\conduitEngine
Key deleted: HKCU\Software\AskSearchAsst
Key deleted: HKCU\Software\AppDataLow\Toolbar
Key deleted: HKCU\Software\AppDataLow\Software\Conduit
Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine
Key deleted: HKCU\Software\AppDataLow\Software\PriceGong
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FD2AFC4-4648-4DAF-8AA1-2DB5FFB45423}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
============== ADDITIONNAL SCAN ==============
** Mozilla Firefox Version [3.6.16 (pt-BR)] **
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
-- C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default --
Extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} (Messenger Plus Live Brazil Community Toolbar)
Prefs.js - browser.download.dir, C:\\Users\\Windows\\Documents\\Download Firefox
Prefs.js - browser.download.lastDir, C:\\Users\\Windows\\Desktop
Prefs.js - browser.search.defaultenginename, Live Search
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.plusnetwork.com
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16
========================================
** Internet Explorer Version [8.0.6001.19019] **
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll)
HKLM_URLSearchHooks|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll)
HKCU_Toolbar\WebBrowser|{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll)
HKLM_Toolbar|{1DBAB667-A486-421e-AFE4-CF07DD0088E5} (C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll)
HKLM_Toolbar|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll)
HKLM_ElevationPolicy\65b8d5b4-8102-46a2-9a80-78c3f7e4e089 - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?)
HKLM_ElevationPolicy\ef590da3-45ee-40f1-bc12-29ab94686cb5 - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?)
HKLM_ElevationPolicy\fd51d65d-a18c-4e25-8d7c-9af4e94c15a9 - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?)
HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{9F2344DB-1698-4D81-BE4E-B33DF44A7A64} - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?)
HKLM_ElevationPolicy\{ADABAAD2-92BF-48F4-B71A-574CF5F11016} - C:\Users\Windows\AppData\Local\Conduit\CT2567694\Messenger_Plus_Live_BrazilAutoUpdaterHelper.exe (x)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll)
BHO\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 161 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)
C:\Ad-Report-CLEAN[1].txt - 02/04/2011 17:04:39 (13451 Byte(s))
End at: 17:06:24, 02/04/2011
============== E.O.F ==============
_______________________________________________________________
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2011-04-02 - 17:12
-------------------------------------------------------
Lista de Definição: 2011-03-01-1 | CORE: 2010-12-28-6
=======================================================
----- Fim -------------------------
_____________________________________________________
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 6248
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
02/04/2011 19:21:02
mbam-log-2011-04-02 (19-21-02).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 353922
Tempo decorrido: 1 hora(s), 50 minuto(s), 8 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
OK...
1.
*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]
2.
*Baixe o OTL e salve-o no desktop
*Execute-o e selecione a opção:
[X] Verificar All Users
*Clique [Verificação Rápida] e cole os relatórios apresentados (OTL.txt e Extras.txt localizados no desktop)
Caso os relatórios fiquem demasiadamente grandes...
*Acesse este link
*Clique [Enviar arquivo]
*Localize o arquivo OTL.txt no desktop
*Clique [Abrir] > [Créer le lien Cjoint]
*Cole o endereço criado
Desculpa a demora =)
Aí vão os logs!
OTL logfile created on: 07/04/2011 13:22:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Windows\Desktop\malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 169,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138,99 Gb Total Space | 68,58 Gb Free Space | 49,34% Space Free | Partition Type: NTFS
Drive D: | 10,06 Gb Total Space | 0,85 Gb Free Space | 8,45% Space Free | Partition Type: NTFS
Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/07 13:21:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\malware\OTL.exe
PRC - [2011/03/23 20:15:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/11/24 20:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 20:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 20:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 20:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 14:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
========== Modules (SafeList) ==========
MOD - [2011/04/07 13:21:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\malware\OTL.exe
MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/11/24 20:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 20:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 20:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 20:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/07 08:39:44 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 04:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/18 23:23:00 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/05/18 23:22:58 | 000,266,339 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 18:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005/08/09 11:27:56 | 001,019,904 | ---- | M] (Language Engineering Corporation, LLC) [Disabled | Stopped] -- C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe -- (LEC TranslateDotNet Server)
========== Driver Services (SafeList) ==========
DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/11/24 20:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 20:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 20:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 20:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 20:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/12/22 15:11:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - [2008/12/22 15:11:19 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/12/06 18:37:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/01 07:42:32 | 000,164,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/07 02:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/19 18:21:00 | 007,563,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/21 04:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 10:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/23 20:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 05:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/22 22:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 14:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1C 1F AD 98 9B CA 01 [binary data]
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com"
FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:3.2.5.2
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 12:33:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:15:43 | 000,000,000 | ---D | M]
[2008/11/03 12:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions
[2011/04/06 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\3gv1bp7u.default\extensions
[2010/04/27 22:52:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\3gv1bp7u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/06 09:35:26 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Community Toolbar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\3gv1bp7u.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}
[2009/02/20 11:08:14 | 000,001,632 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1bp7u.default\searchplugins\live-search.xml
[2011/04/06 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/07 16:28:13 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2011/03/07 16:28:13 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2011/03/07 16:28:13 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2011/03/07 16:28:13 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml
O1 HOSTS File: ([2011/04/02 17:13:29 | 000,000,759 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LEC) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Brazil Toolbar) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\WINDOWS\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\WINDOWS\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab) (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab) (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab) (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab) (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab) (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab) (Java Plug-in 1.6.0_11)O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab (Instalador Remoto UOL)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Windows\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Windows\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/19 21:26:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 12:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{37f99a90-2221-11dd-9edd-001a6bf17a62}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{37f99a90-2221-11dd-9edd-001a6bf17a62}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{37f99a90-2221-11dd-9edd-001a6bf17a62}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{73bbceb7-8c38-11dd-9016-001a6bf17a62}\Shell\AutoRun\command - "" = F:\b0j6j16.bat
O33 - MountPoints2\{73bbceb7-8c38-11dd-9016-001a6bf17a62}\Shell\explore\Command - "" = F:\b0j6j16.bat
O33 - MountPoints2\{73bbceb7-8c38-11dd-9016-001a6bf17a62}\Shell\open\Command - "" = F:\b0j6j16.bat
O33 - MountPoints2\{a6ddd74f-7b3e-11dd-aed8-001a6bf17a62}\Shell\AutoRun\command - "" = cv8j.exe
O33 - MountPoints2\{a6ddd74f-7b3e-11dd-aed8-001a6bf17a62}\Shell\open\Command - "" = cv8j.exe
O33 - MountPoints2\{b5246893-0a68-11de-8d75-001a6bf17a62}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{c9a88f5a-a141-11dd-997b-001a6bf17a62}\Shell\AutoRun\command - "" = F:\NTruntr.exe
O33 - MountPoints2\{c9a88f5a-a141-11dd-997b-001a6bf17a62}\Shell\explore\Command - "" = F:\NTruntr.exe
O33 - MountPoints2\{c9a88f5a-a141-11dd-997b-001a6bf17a62}\Shell\open\Command - "" = F:\NTruntr.exe
O33 - MountPoints2\{d7b034df-c3de-11dd-9f90-001a6bf17a62}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b034df-c3de-11dd-9f90-001a6bf17a62}\Shell\AutoRun\command - "" = F:\RunGame.exe
O33 - MountPoints2\{eea691a7-ab80-11dd-8ab6-001a6bf17a62}\Shell\AutoRun\command - "" = F:\abk.bat
O33 - MountPoints2\{eea691a7-ab80-11dd-8ab6-001a6bf17a62}\Shell\explore\Command - "" = F:\abk.bat
O33 - MountPoints2\{eea691a7-ab80-11dd-8ab6-001a6bf17a62}\Shell\open\Command - "" = F:\abk.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/02 17:14:50 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Malwarebytes
[2011/04/02 17:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/02 17:14:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/02 17:14:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/02 17:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 17:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/02 17:12:11 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva
[2011/04/02 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\Desktop\malware
[2011/04/01 13:21:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Windows\Desktop\HiJackThis.exe
[2011/04/01 12:49:05 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\Users\Windows\Desktop\51942_bankerfix_30.exe
[2011/03/29 12:03:23 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\projeto
[2011/03/17 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\Windows\Desktop\Boletos
[2011/03/14 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\RECEITAS
========== Files - Modified Within 30 Days ==========
[2011/04/07 12:47:57 | 000,590,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/07 12:47:57 | 000,102,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/07 12:47:57 | 000,023,320 | ---- | M] () -- C:\WINDOWS\System32\prfh0416.dat
[2011/04/07 12:47:57 | 000,008,686 | ---- | M] () -- C:\WINDOWS\System32\prfc0416.dat
[2011/04/07 12:41:43 | 000,005,152 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 12:41:43 | 000,005,152 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 12:41:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 12:41:26 | 1005,481,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 12:41:23 | 148,728,602 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/04/06 23:06:45 | 000,004,268 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/04/04 13:30:00 | 000,054,503 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\nvModes.001
[2011/04/02 19:44:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/02 17:14:42 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 13:22:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Windows\Desktop\HiJackThis.exe
[2011/04/01 12:49:24 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\Users\Windows\Desktop\51942_bankerfix_30.exe
[2011/03/29 12:07:39 | 000,000,570 | ---- | M] () -- C:\Users\Windows\Desktop\Nutrilife 7.0.lnk
[2011/03/29 11:36:57 | 001,529,768 | ---- | M] () -- C:\Users\Windows\Desktop\tv.exe
========== Files Created - No Company Name ==========
[2011/04/07 12:41:23 | 148,728,602 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2011/04/02 17:14:42 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/29 12:07:39 | 000,000,570 | ---- | C] () -- C:\Users\Windows\Desktop\Nutrilife 7.0.lnk
[2011/03/29 11:36:45 | 001,529,768 | ---- | C] () -- C:\Users\Windows\Desktop\tv.exe
[2010/12/06 10:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2010/05/03 11:08:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/11 13:22:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2010/01/12 18:14:30 | 000,000,931 | ---- | C] () -- C:\WINDOWS\curricul.ini
[2010/01/12 18:14:26 | 000,003,946 | ---- | C] () -- C:\WINDOWS\Cpcsrpts.ini
[2009/12/17 11:09:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/17 11:09:03 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/05 10:52:24 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\EhStorAuthn.dll
[2009/10/05 10:52:24 | 000,107,612 | ---- | C] () -- C:\WINDOWS\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/23 20:45:58 | 000,000,669 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/26 12:25:08 | 000,157,736 | ---- | C] () -- C:\WINDOWS\hpoins19.dat
[2009/04/26 12:24:47 | 000,026,952 | ---- | C] () -- C:\WINDOWS\hpomdl19.dat
[2008/12/22 14:56:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/02 14:44:29 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/27 13:55:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\winsot2.dat
[2008/08/23 13:44:57 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\StructuredQuerySchemaTrivial.bin
[2008/07/18 20:06:40 | 000,023,320 | ---- | C] () -- C:\WINDOWS\System32\prfh0416.dat
[2008/07/18 20:06:40 | 000,008,686 | ---- | C] () -- C:\WINDOWS\System32\prfc0416.dat
[2008/06/27 12:00:06 | 000,007,944 | ---- | C] () -- C:\Users\Windows\AppData\Local\d3d9caps.dat
[2008/04/20 20:45:34 | 000,020,992 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/30 12:25:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/29 17:05:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/03/28 15:11:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/28 15:11:21 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/28 15:11:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/28 15:11:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/28 15:11:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/28 14:27:09 | 000,054,503 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\nvModes.dat
[2008/03/28 14:27:09 | 000,054,503 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\nvModes.001
[2008/03/24 08:47:10 | 000,000,418 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/22 15:36:40 | 000,004,268 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/19 21:14:10 | 000,103,437 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2007/10/19 20:01:42 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/02/27 17:43:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/20 12:00:12 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\btwhidcs.dll
[2006/12/14 03:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/12/14 03:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/11/02 09:57:28 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/11/02 09:47:37 | 000,439,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\sysprepMCE.dll
[2006/11/02 07:33:01 | 000,590,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/11/02 07:33:01 | 000,287,440 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/02 07:33:01 | 000,102,106 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/11/02 07:33:01 | 000,030,674 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/02 07:25:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\igfxTMM.dll
[2006/11/02 07:23:21 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/02 05:58:30 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2006/11/02 05:19:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\WINDOWS\System32\pacerprf.ini
[2006/11/02 04:25:31 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/04/15 05:59:04 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010/08/01 13:44:36 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\abgx360
[2008/12/06 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools
[2009/06/14 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Image Zone Express
[2010/08/01 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ImgBurn
[2009/12/17 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite
[2009/04/28 14:36:59 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Printer Info Cache
[2009/12/17 11:08:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung
[2009/04/03 16:49:09 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TeamViewer
[2008/03/28 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\WildTangent
[2011/04/06 23:06:41 | 000,032,550 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
_______________________________________________________________________________
OTL Extras logfile created on: 07/04/2011 13:22:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Windows\Desktop\malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy
958,00 Mb Total Physical Memory | 169,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138,99 Gb Total Space | 68,58 Gb Free Space | 49,34% Space Free | Partition Type: NTFS
Drive D: | 10,06 Gb Total Space | 0,85 Gb Free Space | 8,45% Space Free | Partition Type: NTFS
Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3833004201-26704471-1502707015-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CAC7D04-06DA-4131-8EAC-8DCCA9CA104D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{851A2BBC-EB25-4D3E-8F08-12F25DFF21F6}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2543215E-ED9C-45B7-A28D-EB8788B28FB5}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{31315214-F12B-443B-80BF-EA8B3BFE249C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{33E96E23-84DB-405F-BC39-F5CFDE6A6705}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{40D57FDD-8AE1-4B2C-AC21-13C73777DF84}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{41E3C60F-FED4-4413-B092-9ABE0B0F3986}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{42E4C0A9-90E6-43C5-8347-6AEBC244E541}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43047F31-B4EE-4E7E-991A-DB0F3D170C07}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{481CF4D3-D40D-4BD5-B3BD-BCE4A6655160}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4CE53DE0-A5C2-418C-827C-91FD43BEC03F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57ED5BD3-3297-4A23-A55F-C519476201C9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{68A5B3DC-2A03-4E9F-9A46-B8BE13476748}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{69A6138C-A913-420C-86B4-3E86C13B3FE4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6F8BB5DE-3FBE-4D9F-B613-B0E9D8D05BE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{977BF3FA-92DE-49FD-BFF3-4C10251030B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9212014-3C4D-4348-94DB-07F9199327B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA2756F0-116F-4B32-A129-7A2B2D859098}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{ADA88805-76C3-4D8F-B3AB-7F53B24730F1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BF5D2078-B35B-4C2F-87F7-6DA260D185ED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CA72E511-C756-4031-9ED6-6EDC33039256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3A0C991-19D4-4772-9008-6F2A895D6281}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DD821029-128B-4A09-9DA1-F85AD881E289}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{F12A76B5-AC17-4A9D-A1C1-18E9D981A8A7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{A5806C50-6BF9-432E-A283-B97C0D6E63B7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F45B738B-8DD0-4033-9314-5D3AA926FC5E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C123C63-84FD-4D13-96E7-EEB5C11893F2}" = LEC Translate
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.3
"{48903BD9-1C48-47BF-85CB-ED7514823992}" = HP Active Support Library
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{50681864-CDFD-4F11-9169-FD81A368E758}" = ESU for Microsoft Vista
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{53933198-468C-437C-B8D8-1150B3102196}" = HP QuickTouch 1.00 C1
"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755C609D-5792-4136-A0D8-0513E04D4EBE}" = HP Help and Support
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AAB93551-3FFE-42B2-8315-96252BBC1046}" = Nero 7 Essentials
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E749E605-4996-4473-99F2-163B76B79D97}_is1" = Tradução Windows Live Messenger 9.0 v2.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pacote de Driver do Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"abgx360" = abgx360 v1.0.5
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Atualizador Nutrilife 5G" = Atualizador Nutrilife 5G
"Atualizador Nutrilife 5T" = Atualizador Nutrilife 5T
"Atualizador Nutrilife 6.1" = Atualizador Nutrilife 6.1
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Curriculum 3.0_is1" = Curriculum 3.0
"Curriculum Vitae_is1" = Curriculum Vitae-DQL
"Doro_is1" = Doro 1.42
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Brazil Toolbar" = Messenger_Plus_Live_Brazil Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nutrilife 4.8" = Nutrilife 4.8
"Nutrilife 5.0" = Nutrilife 5.0
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Receitanet Java 2010.02a" = Receitanet Java 2010.02a
"Rhapsody" = Rhapsody
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.3.0
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930
"uol_Acel_client" = Assistente do Acelerador UOL
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 16/10/2008 23:38:04 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\System32\srclient.dll failed, 0000A413.
Error - 16/10/2008 23:38:04 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wrpint.dll
failed, 0000A413.
Error - 16/10/2008 23:38:09 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\PfSvPerfStats.bin failed, 0000A413.
Error - 02/11/2008 10:28:55 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
Error - 02/11/2008 13:10:43 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 02/11/2008 13:10:43 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 02/11/2008 13:10:56 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
Error - 28/11/2008 17:40:57 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
failed, 00000084.
Error - 17/01/2009 10:48:11 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
failed, 00000084.
Error - 26/03/2011 21:39:06 | Computer Name = Windows-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\System32\LMIinit.dll failed, 00000005.
[ Application Events ]
Error - 20/01/2010 07:31:29 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 20/01/2010 21:02:21 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 21/01/2010 20:50:33 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 22/01/2010 20:25:46 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 23/01/2010 06:36:56 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 23/01/2010 15:21:02 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 24/01/2010 08:45:39 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 24/01/2010 16:27:48 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 27/01/2010 08:54:23 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
Error - 27/01/2010 16:56:00 | Computer Name = Windows-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 03/04/2011 09:29:37 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04/04/2011 08:09:24 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04/04/2011 20:12:52 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/04/2011 08:09:45 | Computer Name = Windows-PC | Source = Dhcp | ID = 1002
Description = A concessão 10.1.1.2 do endereço IP para a Placa de Rede com endereço
de rede 0016D3F2CAC3 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou
uma mensagem DHCPNACK).
Error - 05/04/2011 08:11:15 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06/04/2011 08:27:38 | Computer Name = Windows-PC | Source = Dhcp | ID = 1002
Description = A concessão 10.1.1.3 do endereço IP para a Placa de Rede com endereço
de rede 0016D3F2CAC3 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou
uma mensagem DHCPNACK).
Error - 06/04/2011 08:29:08 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07/04/2011 08:05:41 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07/04/2011 11:41:32 | Computer Name = Windows-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 12:39:56 em 07/04/2011 não era
esperado.
Error - 07/04/2011 11:43:44 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Olá yumematt
1.
*Baixe o AD-Remover e salve-o no desktop
*Clique com o botão direito do mouse em AD-R e selecione "Executar como administrador", clique [Clean] > [sim] > [OK] > [sim]
*O PC será reiniciado
*Cole o relatório C:\Ad-Report-CLEAN[1].txt
2.
*Baixe o Bankerfix e salve-o no desktop
*Execute-o como administrador, clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER]
*Ao finalizar, tecle [ENTER]
*Cole o relatório C:\LinhaDefensiva\relatorio.txt
3.
*Baixe o MalwareBytes e salve-o no desktop
*Instale o programa e aguarde a atualização
*O programa será aberto automaticamente
*Na aba [Verificação], selecione [Verificação completa]
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
Caso já tenhas o Malwarebytes instalado....
*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]
*Na aba [Verificação], selecione [x] Verificação completa
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado