[Resolvido!] Problemas na internet

[Italo16 0]

todos outros tipos de sites pegam.e meu msn nao esta carregando eu cloco soluções de problemas resolve td mais nunca entra.

 

vou colocar minha analise tbm pra vcs darem uma olhada

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:06:30, on 21/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HiYo\bin\HiYo.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Arquivos de programas\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 7231 bytes

[DigRam 144]

Boa Noite! Italo16

 

<@> Baixe: < >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2010-xx-xx (00-00-00).txt

000000000000000000000

ooooooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<!> <1> OTL.txt <--

<!> <2> Extras.txt <--

 

Abraços!

[Italo16 0]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4052

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

23/6/2010 14:38:56

mbam-log-2010-06-23 (14-38-56).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 147292

Tempo decorrido: 48 minuto(s), 38 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

---------------------------------------------------------------------------------------------------------------

 

Aki vai os outros txt

 

OTL logfile created on: 23/6/2010 14:54:21 - Run 2

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Vânia\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

895,00 Mb Total Physical Memory | 388,00 Mb Available Physical Memory | 43,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 37,30 Gb Total Space | 27,01 Gb Free Space | 72,40% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: V-24EC962BE4AC4

Current User Name: Vânia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Vânia\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.)

PRC - C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe (IObit)

PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Vânia\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (avast! Antivirus) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (SASENUM) -- C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Arquivos de programas\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)

DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 90 E6 85 73 8E CA 01 [binary data]

IE - HKU\S-1-5-21-839522115-706699826-2147230659-1003\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-839522115-706699826-2147230659-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Pesquisar"

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2567694&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15

FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/06/05 13:04:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/06/13 19:21:24 | 000,000,000 | ---D | M]

 

[2009/08/13 21:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Extensions

[2010/06/22 21:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions

[2010/05/13 21:46:29 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}

[2010/06/05 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions\eafo3fflauncher@ea.com

[2009/09/08 20:48:27 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\searchplugins\bing.xml

[2010/04/21 12:06:34 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\searchplugins\conduit.xml

[2010/02/09 21:43:55 | 000,002,122 | ---- | M] () -- C:\Documents and Settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\searchplugins\MyStart Search.xml

[2010/05/24 20:11:58 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/02/01 19:34:10 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2010/01/15 22:18:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/01/15 22:18:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/01/15 22:18:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/01/15 22:18:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/05/28 16:17:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-839522115-706699826-2147230659-1003\..\Toolbar\WebBrowser: (Messenger Plus Live Brazil Toolbar) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKU\S-1-5-21-839522115-706699826-2147230659-1003..\Run: [Advanced SystemCare 3] C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe (IObit)

O4 - HKU\S-1-5-21-839522115-706699826-2147230659-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-839522115-706699826-2147230659-1003..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-839522115-706699826-2147230659-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.12.28.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-839522115-706699826-2147230659-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/13 20:12:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/26 15:55:05 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Atualização de Segurança para Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Unable to start service SrService!

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/06/23 14:12:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vânia\Recent

[2010/06/23 14:00:18 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vânia\Desktop\OTL.exe

[2010/06/23 13:39:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/06/23 13:39:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/06/22 15:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vânia\Dados de aplicativos\Malwarebytes

[2010/06/22 15:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/06/22 15:10:44 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/06/12 21:04:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2010/06/12 21:04:25 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys

[2010/06/12 18:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vânia\Meus documentos\carvalhoo

[2010/06/12 17:58:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\winLAME

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/06/23 14:42:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/23 14:40:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/23 14:40:18 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/06/23 14:40:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/06/23 14:40:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/23 14:40:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/23 14:39:28 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Vânia\NTUSER.DAT

[2010/06/23 14:39:28 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Vânia\ntuser.ini

[2010/06/23 14:39:22 | 014,960,968 | -H-- | M] () -- C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\IconCache.db

[2010/06/23 14:36:28 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9A76CDA7-1025-4981-8DE2-C64601E52764}.job

[2010/06/23 14:02:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vânia\Desktop\OTL.exe

[2010/06/23 13:58:01 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-706699826-2147230659-1003UA.job

[2010/06/23 13:39:34 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/21 20:58:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-706699826-2147230659-1003Core.job

[2010/06/17 17:50:07 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Email Animations!.lnk

[2010/06/17 17:50:07 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wallpapers by IncrediMail.lnk

[2010/06/15 14:24:08 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/12 21:05:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/06/12 21:04:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/06/09 23:59:06 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\Vânia\Desktop\Google Chrome.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/23 13:39:34 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/12 21:04:59 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/06/05 13:12:10 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/08/22 19:36:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/13 20:34:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2009/08/13 20:27:52 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/13 20:17:22 | 000,005,760 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/08/13 20:17:19 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2008/05/02 11:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/05/02 11:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/05/02 11:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/05/02 11:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/05/02 11:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

 

========== LOP Check ==========

 

[2010/02/18 09:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HiYo

[2010/05/14 09:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2009/10/06 12:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MSScanAppDataDir

[2010/02/01 19:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\Foxit

[2010/02/18 09:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\HiYo

[2010/05/24 20:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\IObit

[2010/06/07 18:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\PriceGong

[2010/05/24 17:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vânia\Dados de aplicativos\Unity

[2010/06/23 14:40:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2010/06/23 14:36:28 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9A76CDA7-1025-4981-8DE2-C64601E52764}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\sfcfiles.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2009/02/06 15:46:47 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 15:46:47 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B8F0B2CF73FD662A39F0E4392C28E73D -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< End of report >

 

Agr o extras

 

OTL Extras logfile created on: 23/6/2010 14:54:21 - Run 2

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Vânia\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

895,00 Mb Total Physical Memory | 388,00 Mb Available Physical Memory | 43,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 37,30 Gb Total Space | 27,01 Gb Free Space | 72,40% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: V-24EC962BE4AC4

Current User Name: Vânia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe" = C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Vânia\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)

"C:\Documents and Settings\Vânia\Configurações locais\temp\ImInstaller\HiYo_Installer.exe" = C:\Documents and Settings\Vânia\Configurações locais\temp\ImInstaller\HiYo_Installer.exe:*:Enabled:IncrediMail Installer -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00E1E235-AB45-4695-A156-073118949ED4}" = HiYo

"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{D1AE6D4D-C37A-487d-83D8-C333125B2459}" = HP Photosmart and Deskjet 7.0 Software (ptb)

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F87DA817-8D53-42CC-AA45-93A100341033}" = Nero 7 Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"avast!" = avast! Antivirus

"CCleaner" = CCleaner (remove only)

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00

"Foxit Reader" = Foxit Reader

"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16

"HijackThis" = HijackThis 2.0.2

"HiYo" = HiYo

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"ie8" = Windows Internet Explorer 8

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Messenger_Plus_Live_Brazil Toolbar" = Messenger_Plus_Live_Brazil Toolbar

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoFiltre" = PhotoFiltre

"PunkBusterSvc" = PunkBuster Services

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-839522115-706699826-2147230659-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 19/8/2009 12:40:52 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\VâNIA\MEUS DOCUMENTOS\MINHAS IMAGENS\IMAGEM\IMAGEM 157.JPG

failed, 00000005.

 

Error - 19/8/2009 12:40:52 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\VâNIA\MEUS DOCUMENTOS\MINHAS IMAGENS\IMAGEM\IMAGEM 156.JPG

failed, 00000005.

 

Error - 19/8/2009 12:40:52 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\VâNIA\MEUS DOCUMENTOS\MINHAS IMAGENS\IMAGEM\IMAGEM 155.JPG

failed, 00000005.

 

Error - 19/8/2009 12:40:52 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\VâNIA\MEUS DOCUMENTOS\MINHAS IMAGENS\IMAGEM\IMAGEM 154.JPG

failed, 00000005.

 

Error - 19/8/2009 12:40:52 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\VâNIA\MEUS DOCUMENTOS\MINHAS IMAGENS\IMAGEM\IMAGEM 153.JPG

failed, 00000005.

 

Error - 6/5/2010 19:47:14 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Vânia\Configurações locais\temp\scoped_dir32279\TEMP_INSTALL\manifest.json

failed, 00000005.

 

Error - 6/5/2010 19:48:44 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Vânia\Configurações locais\temp\scoped_dir32569\TEMP_INSTALL\manifest.json

failed, 00000005.

 

Error - 9/5/2010 10:03:27 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Vânia\Configurações locais\temp\scoped_dir10666\TEMP_INSTALL\manifest.json

failed, 00000005.

 

Error - 9/5/2010 10:03:56 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Vânia\Configurações locais\temp\scoped_dir10764\TEMP_INSTALL\manifest.json

failed, 00000005.

 

Error - 9/5/2010 12:34:45 | Computer Name = V-24EC962BE4AC4 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Vânia\Configurações locais\temp\scoped_dir7543\TEMP_INSTALL\manifest.json

failed, 00000005.

 

[ Application Events ]

Error - 17/6/2010 20:08:24 | Computer Name = V-24EC962BE4AC4 | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 17/6/2010 20:44:25 | Computer Name = V-24EC962BE4AC4 | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 18/6/2010 16:47:32 | Computer Name = V-24EC962BE4AC4 | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 19/6/2010 22:28:21 | Computer Name = V-24EC962BE4AC4 | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 20/6/2010 07:58:02 | Computer Name = V-24EC962BE4AC4 | Source = Google Update | ID = 20

Description =

 

Error - 21/6/2010 14:04:28 | Computer Name = V-24EC962BE4AC4 | Source = Google Update | ID = 20

Description =

 

Error - 21/6/2010 14:13:01 | Computer Name = V-24EC962BE4AC4 | Source = Google Update | ID = 20

Description =

 

Error - 21/6/2010 16:38:16 | Computer Name = V-24EC962BE4AC4 | Source = Google Update | ID = 20

Description =

 

Error - 21/6/2010 16:52:09 | Computer Name = V-24EC962BE4AC4 | Source = Google Update | ID = 20

Description =

 

Error - 21/6/2010 16:58:01 | Computer Name = V-24EC962BE4AC4 | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 21/6/2010 19:02:45 | Computer Name = V-24EC962BE4AC4 | Source = W32Time | ID = 39452689

Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível

de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma

nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host

inacessível. (0x80072751)

 

Error - 21/6/2010 19:02:45 | Computer Name = V-24EC962BE4AC4 | Source = W32Time | ID = 39452701

Description = O provedor de tempo NtpClient foi configurado para obter tempo de

uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

 

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient

não tem uma fonte de tempo preciso.

 

Error - 21/6/2010 19:02:45 | Computer Name = V-24EC962BE4AC4 | Source = W32Time | ID = 39452689

Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível

de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma

nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host

inacessível. (0x80072751)

 

Error - 21/6/2010 19:02:45 | Computer Name = V-24EC962BE4AC4 | Source = W32Time | ID = 39452701

Description = O provedor de tempo NtpClient foi configurado para obter tempo de

uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

 

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient

não tem uma fonte de tempo preciso.

 

Error - 21/6/2010 21:02:26 | Computer Name = V-24EC962BE4AC4 | Source = W32Time | ID = 39452689

Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível

de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma

nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host

inacessível. (0x80072751)

 

Error - 21/6/2010 21:02:26 | Computer Name = V-24EC962BE4AC4 | Source = W32Time | ID = 39452701

Description = O provedor de tempo NtpClient foi configurado para obter tempo de

uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

 

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient

não tem uma fonte de tempo preciso.

 

Error - 23/6/2010 13:48:38 | Computer Name = V-24EC962BE4AC4 | Source = SRService | ID = 104

Description = Falha no processo de inicialização da restauração do sistema.

 

Error - 23/6/2010 13:48:38 | Computer Name = V-24EC962BE4AC4 | Source = Service Control Manager | ID = 7023

Description = O serviço Serviço de restauração do sistema terminou com o erro: %%2

 

Error - 23/6/2010 13:54:30 | Computer Name = V-24EC962BE4AC4 | Source = SRService | ID = 104

Description = Falha no processo de inicialização da restauração do sistema.

 

Error - 23/6/2010 13:54:30 | Computer Name = V-24EC962BE4AC4 | Source = Service Control Manager | ID = 7023

Description = O serviço Serviço de restauração do sistema terminou com o erro: %%2

 

 

< End of report >

 

Depois desse processo do OTL apareceu um arquivo "Thumbs" na minha area de trabalho.

 

 

Obrigado pela as ajudas !

[Italo16 0]

esta pegando normalmente agr

[DigRam 144]

esta pegando normalmente agr

////////////\\\\\\\\\\\\\

Boa Noite! Italo16

 

<!> Ps: O seu complemento( Plus ),ao Menssenger Live,veio com o adware conduit.com.

 

 

<!> A instalação do adware,deveu-se ao ter assinalado a caixa em destaque.

<!> Se foi de sua vontade,a instalação,ela pode ser tolerada,pois estão isentos do Lop.

0000000000000000000000

oooooooooooooooooooooo

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - No CLSID value found.

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

 

Abraços!

[Italo16 0]

o plus fui eu msm que quis !

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}\ not found.

C:\WINDOWS\002673_.tmp deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET28F.tmp deleted successfully.

C:\WINDOWS\System32\SET29B.tmp deleted successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Vânia

->Flash cache emptied: 3425 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Vânia

->Temp folder emptied: 4352467 bytes

->Temporary Internet Files folder emptied: 7242039 bytes

->FireFox cache emptied: 55717968 bytes

->Google Chrome cache emptied: 107208494 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66064 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 167,00 mb

 

 

OTL by OldTimer - Version 3.2.6.1 log created on 06232010_224710

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\_avast4_\unp130508536.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat not found!

 

Registry entries deleted on Reboot...

 

 

Abraços!

[DigRam 144]

Boa Noite! Italo16

 

Depois desse processo do OTL apareceu um arquivo "Thumbs" na minha area de trabalho.

<!> Pode deletar!

ooooooooooooooo

ooooooooooooooo

<@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

ooooooooooooooo

ooooooooooooooo

<!> Seus logs estão limpos!

<!> Tudo Ok?

 

Abraços!

[Italo16 0]

Tudo ok obrigado!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.