[Resolvido] &nbsppc com comportamento estranho

[Moah86 0]

boa tarde, tenho notado a dias que minha maquina esta com um comportamento meio estranho, passei o hijackthis e aparece o seguinte log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:17:17, on 12/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17091)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Arquivos de programas\AVG\AVG10\avgnsx.exe

C:\Arquivos de programas\AVG\AVG10\avgemcx.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\EeePC\ACPI\AsAcpiSvr.exe

C:\Arquivos de programas\EeePC\ACPI\AsEPCMon.exe

C:\Arquivos de programas\EeePC\ACPI\AsTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\ARQUIV~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\igfxext.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\ARQUIV~1\AVG\AVG10\avgrsx.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Moisés\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AsusACPIServer] C:\Arquivos de programas\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Arquivos de programas\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [AsusTray] C:\Arquivos de programas\EeePC\ACPI\AsTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synAsusAcpi] C:\Arquivos de programas\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [EEESplendidAR] C:\Arquivos de programas\ASUS\EPC\EeeSplendid\AutoRun.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [EM_EXEC] C:\ARQUIV~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVH.EXE

O4 - Global Startup: SuperHybridEngine.lnk = ?

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.flvdirect.com

O15 - Trusted Zone: http://www.userplane.com

O15 - ESC Trusted Zone: http://www.flvdirect.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259506008183

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 8853 bytes

 

 

 

se alguem poder me ajudar agradeço...

[wings 22]

Olá Moah86

 

 

1.

Abra o Spybot

No menu superior, clique em [Modo] > [Avançado] e confirme.

Clique em [Ferramentas] > [Residente]

Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema).

Feche o programa.

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Selecione [Verificação completa] e clique [Verificar] > [Verificar]

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

[Moah86 0]

Olá Moah86

 

 

1.

Abra o Spybot

No menu superior, clique em [Modo] > [Avançado] e confirme.

Clique em [Ferramentas] > [Residente]

Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema).

Feche o programa.

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Selecione [Verificação completa] e clique [Verificar] > [Verificar]

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

 

 

 

Desabilitei o que foi pedido, o log do malwarebytes segue abaixo

 

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Versão da Base de Dados: 5306

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

12/12/2010 19:04:13

mbam-log-2010-12-12 (19-04-13).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|Q:\|)

Objetos escaneados: 200771

Tempo decorrido: 48 minuto(s), 16 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

 

 

obs: qdo abro algumas paginas de internet usando o Firefox antes de aparecer a url correspondente aparece c://documents and settings....

Nao consigo pegar todo o caminho pq modifica para a url muito rapido.

se alguem souber do que se trata.....

[wings 22]

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique [Clean] e aguarde o término.

*Cole o relatório C:\Ad-Report-CLEAN.log

 

2.

*Baixe o ATF Cleaner e salve-o no desktop

*Execute o ATF-Cleaner

*Selecione:

[X] Select All

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione:

[X] Select All

*Se deseja manter suas passwords dos sites clique em [No]. Caso contrário clique [Yes]

*Clique [Empty selected], se deseja manter suas passwords clique em [No]. Caso contrário, clique [Yes]

*Clique em [Exit] ou no [X] para sair do programa

 

Informe se o problema persiste.

[Moah86 0]

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique [Clean] e aguarde o término.

*Cole o relatório C:\Ad-Report-CLEAN.log

 

2.

*Baixe o ATF Cleaner e salve-o no desktop

*Execute o ATF-Cleaner

*Selecione:

[X] Select All

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione:

[X] Select All

*Se deseja manter suas passwords dos sites clique em [No]. Caso contrário clique [Yes]

*Clique [Empty selected], se deseja manter suas passwords clique em [No]. Caso contrário, clique [Yes]

*Clique em [Exit] ou no [X] para sair do programa

 

Informe se o problema persiste.

log do ad-remove segue abaixo

======= REPORT FROM AD-REMOVER 2.0.0.2,C | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 08/12/10 at 10:40

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 21:24:40 on 12/12/2010, Normal boot

 

Microsoft Windows XP Home Edition Service Pack 3 (X86)

Moisés@MOAH ( )

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\FireFox\Profiles\sx7rmos3.default\conduit

File deleted: C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\FireFox\Profiles\sx7rmos3.default\searchplugins\conduit.xml

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\FireFox\Profiles\sx7rmos3.default\Prefs.js --

Line deleted:

Line deleted:

Line deleted: user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT175...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1750559/CT1750559...

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&Sea...

Line deleted: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13");

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\Toolbar.CT2365905

Key deleted: HKLM\Software\Conduit

Key deleted: HKCU\Software\Conduit

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.13 (pt-BR)] **

 

-- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\FireFox\Profiles\sx7rmos3.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\Moisés\\Meus documentos\\Minhas imagens

browser.search.defaultenginename, SearchTheWeb

browser.search.selectedEngine, BS Player Customized Web Search

browser.startup.homepage_override.mstone, rv:1.9.2.13

privacy.popups.showBrowserMessage, false

 

========================================

 

** Internet Explorer Version [7.0.5730.13] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 4 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 15 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 12/12/2010 (1391 Byte(s))

C:\Ad-Report-SCAN[1].txt - 12/12/2010 (3443 Byte(s))

 

End at: 21:26:14, 12/12/2010

 

============== E.O.F ==============

 

o problema persiste, porem consegui pegar o caminho que me aparece antes de aparecer a url que estou acessando, segue abaixo

 

jar:file:///C:/Documents and Settings/Moisés/Dados de aplicativos/Mozilla/Firefox/Profiles/sx7rmos3.default/extensions/{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}/chrome/bs_player.jar!/content/aboutTabs.htm

[wings 22]

1.

*Execute o AD-Remover

*Clique [uninstall]

 

2.

Verifique em Adicionar/remover programas se há BS Player Toolbar. Caso positivo, desinstale-a.

 

3.

*Baixe o OTL e salve-o no desktop

*Execute o OTL e selecione as opções:

[X] Verificar All Users

Exame Extra do Registro: [X] Nenhum

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

netsvcs

/md5start

acpi.sys

null.sys

cdrom.sys

ipsec.sys

ndis.sys

midimap.dll

/md5stop

c:\documents and settings\Moisés\Dados de aplicativos\*\*.*

*Clique [Verificar]

*Cole o relatório OTL.txt apresentado

[Moah86 0]

1.

*Execute o AD-Remover

*Clique [uninstall]

 

2.

Verifique em Adicionar/remover programas se há BS Player Toolbar. Caso positivo, desinstale-a.

 

3.

*Baixe o OTL e salve-o no desktop

*Execute o OTL e selecione as opções:

[X] Verificar All Users

Exame Extra do Registro: [X] Nenhum

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

netsvcs

/md5start

acpi.sys

null.sys

cdrom.sys

ipsec.sys

ndis.sys

midimap.dll

/md5stop

c:\documents and settings\Moisés\Dados de aplicativos\*\*.*

*Clique [Verificar]

*Cole o relatório OTL.txt apresentado

 

 

o unistall do ad-remove nao funcionou, aparece uma mensagem, com sim e nao, se clico em sim me direciona pra uma pagina de compra do mesmo, se clico em nao cancela o programa e some do desktop.

o log do otl segue abaixo

 

OTL logfile created on: 12/12/2010 22:41:14 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Moisés\Meus documentos\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1.015,00 Mb Total Physical Memory | 109,00 Mb Available Physical Memory | 11,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 72,06 Gb Total Space | 58,07 Gb Free Space | 80,59% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 45,88 Gb Free Space | 63,67% Space Free | Partition Type: NTFS

 

Computer Name: MOAH | User Name: Moisés | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/12/12 22:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moisés\Meus documentos\Downloads\OTL.exe

PRC - [2010/12/08 08:45:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

PRC - [2010/12/08 08:45:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgnsx.exe

PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgemcx.exe

PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgtray.exe

PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgrsx.exe

PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG10\avgchsvx.exe

PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009/04/16 19:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Arquivos de programas\EeePC\ACPI\AsAcpiSvr.exe

PRC - [2009/04/16 18:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Arquivos de programas\EeePC\ACPI\AsTray.exe

PRC - [2009/03/25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Arquivos de programas\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

PRC - [2009/03/13 16:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Arquivos de programas\EeePC\ACPI\AsEPCMon.exe

PRC - [2008/12/09 08:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

PRC - [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/19 12:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe

PRC - [2002/05/01 09:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Arquivos de programas\MouseWare\system\EM_EXEC.EXE

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/12/12 22:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moisés\Meus documentos\Downloads\OTL.exe

MOD - [2010/08/23 13:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/14 09:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll

MOD - [2002/05/01 09:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Arquivos de programas\MouseWare\system\LGMOUSHK.DLL

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- -- (odserv)

SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009/09/26 03:31:58 | 000,149,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)

DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010/02/11 09:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/09/23 15:05:06 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)

DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\drivers\SftVolXP.sys -- (sftvol)

DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\drivers\sftplayxp.sys -- (sftplay)

DRV - [2009/09/23 15:04:52 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de programas\Microsoft Application Virtualization Client\drivers\SftFSXP.sys -- (sftfs)

DRV - [2009/08/18 17:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/08/11 16:04:30 | 001,582,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2009/07/27 15:09:50 | 000,044,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009/03/24 01:25:24 | 000,966,912 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)

DRV - [2008/11/18 22:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)

DRV - [2008/09/12 02:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/04/14 09:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 09:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/14 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2008/04/14 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2008/04/14 09:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/13 10:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Driver de áudio USB (WDM)

DRV - [2008/04/08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)

DRV - [2007/12/19 12:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2002/04/15 09:50:00 | 000,068,816 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)

DRV - [2002/04/15 09:50:00 | 000,052,224 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)

DRV - [2002/04/15 09:50:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"

FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:3.2.5.2

FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com"

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Arquivos de programas\AVG\AVG10\Firefox\ [2010/11/26 11:35:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/12/08 08:45:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/12/08 08:45:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6b4\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox 3.6 Beta 4\plugins [2010/01/30 13:45:13 | 000,000,000 | ---D | M]

 

[2010/06/04 23:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\Extensions

[2010/12/11 00:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\Firefox\Profiles\sx7rmos3.default\extensions

[2010/12/11 00:25:22 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\Firefox\Profiles\sx7rmos3.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2010/09/21 19:33:29 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\Firefox\Profiles\sx7rmos3.default\searchplugins\SearchTheWeb.xml

[2010/12/11 00:27:45 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/07/17 15:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/23 00:17:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/20 20:54:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/03/16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

[2010/12/08 08:45:48 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/12/08 08:45:48 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/12/08 08:45:48 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/12/08 08:45:48 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/06/03 11:51:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AsusACPIServer] C:\Arquivos de programas\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Arquivos de programas\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Arquivos de programas\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EEESplendidAR] C:\Arquivos de programas\ASUS\EPC\EeeSplendid\AutoRun.exe ()

O4 - HKLM..\Run: [EM_EXEC] C:\Arquivos de programas\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synAsusAcpi] C:\Arquivos de programas\Synaptics\SynTP\SynAsusAcpi.exe File not found

O4 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - HKLM..\RunOnce: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ SuperHybridEngine.lnk = C:\Arquivos de programas\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

O4 - Startup: C:\Documents and Settings\Moisés\Menu Iniciar\Programas\Inicializar\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\..Trusted Domains: flvdirect.com ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\..Trusted Domains: userplane.com ([www] http in Sites confiáveis)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259506008183 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.128.3 201.10.1.2

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Value error. File not found

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Value error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/23 00:30:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\##Moah-0f1c5a56fb#Eee PC (K)\Shell - "" = AutoRun

O33 - MountPoints2\{0647eb53-9d95-11df-822d-0026189de1d3}\Shell - "" = AutoRun

O33 - MountPoints2\{25f070b6-32be-11df-816c-0026189de1d3}\Shell\AutoRun\command - "" = NrOEIz.eXe

O33 - MountPoints2\{25f070b6-32be-11df-816c-0026189de1d3}\Shell\OpEn\ComMaND - "" = nROeiZ.EXe

O33 - MountPoints2\{e832c658-d3c6-11df-8285-0026189de1d3}\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Arquivos de programas\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Arquivos de programas\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/12 17:04:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Moisés\Recent

[2010/12/11 00:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moisés\Dados de aplicativos\BSplayer Pro

[2010/12/11 00:25:19 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Webteh

[2010/11/26 12:30:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moisés\Configurações locais\Dados de aplicativos\FixItCenter

[2010/11/26 12:26:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS

[2010/11/26 12:26:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Fix it Center

[2010/11/26 12:25:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2010/11/20 11:33:41 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/11/20 11:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moisés\Dados de aplicativos\AVG10

[2010/11/20 11:14:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files

[2010/11/20 11:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG10

[2010/11/20 11:11:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2010/11/20 10:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/12 22:33:02 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2591773163-157394966-3580303171-1005UA.job

[2010/12/12 22:02:37 | 101,753,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2010/12/12 21:28:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/12 21:28:11 | 000,000,632 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job

[2010/12/12 21:27:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/12 20:29:01 | 000,000,596 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job

[2010/12/11 23:33:01 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2591773163-157394966-3580303171-1005Core.job

[2010/12/05 20:38:34 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\Moisés\Desktop\Google Chrome.lnk

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/26 12:26:34 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk

[2010/11/26 11:35:38 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2010/11/22 23:16:57 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010/11/21 23:54:02 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/11/20 21:30:43 | 003,817,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/20 00:17:51 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Moisés\Desktop\Spybot - Search & Destroy.lnk

[2010/11/19 01:40:46 | 000,000,853 | ---- | M] () -- C:\WINDOWS\System32\winloc_0003.gif

[2010/11/15 22:15:37 | 000,242,120 | ---- | M] () -- C:\WINDOWS\System32\winstl_3125.gif

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/12/12 22:02:37 | 101,753,145 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2010/11/26 12:29:15 | 000,000,632 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job

[2010/11/26 12:29:15 | 000,000,596 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job

[2010/11/26 12:26:34 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk

[2010/11/20 11:14:13 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2010/11/20 00:17:51 | 000,001,021 | ---- | C] () -- C:\Documents and Settings\Moisés\Desktop\Spybot - Search & Destroy.lnk

[2010/11/15 22:15:37 | 000,242,120 | ---- | C] () -- C:\WINDOWS\System32\winstl_3125.gif

[2010/07/31 23:47:11 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2010/07/31 23:33:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL

[2010/07/31 23:33:27 | 000,000,483 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini

[2010/07/10 14:16:34 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Moisés\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/28 00:06:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll

[2009/11/29 19:29:10 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

[2009/05/26 23:33:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/05/23 01:06:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2009/05/23 01:01:57 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini

[2009/05/23 01:01:57 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

[2009/05/22 21:24:51 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/05/22 21:17:56 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

 

< MD5 for: ACPI.SYS >

[2008/04/14 09:00:00 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys

[2008/04/14 09:00:00 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:acpi.sys

[2008/04/14 09:00:00 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=CFCB02E103E44AC7080CA04C1B5C2D7C -- C:\WINDOWS\system32\drivers\acpi.sys

 

< MD5 for: CDROM.SYS >

[2008/04/14 09:00:00 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2008/04/14 09:00:00 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:cdrom.sys

[2008/04/14 09:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

 

< MD5 for: IPSEC.SYS >

[2008/04/14 09:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys

[2008/04/14 09:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

 

< MD5 for: MIDIMAP.DLL >

[2008/04/14 09:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=F70CCB59E0A325896D679A4935E4F835 -- C:\WINDOWS\system32\dllcache\midimap.dll

[2008/04/14 09:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=F70CCB59E0A325896D679A4935E4F835 -- C:\WINDOWS\system32\midimap.dll

 

< MD5 for: NDIS.SYS >

[2008/04/14 09:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys

[2008/04/14 09:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys

[2008/04/14 09:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

 

< MD5 for: NULL.SYS >

[2008/04/14 09:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\ERDNT\cache\null.sys

[2008/04/14 09:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\dllcache\null.sys

[2008/04/14 09:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\drivers\null.sys

 

< c:\documents and settings\Moisés\Dados de aplicativos\*\*.* >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0A8E2C33

 

< End of report >

[wings 22]

Você utiliza proxy ou algum destes sites?

 

www.regnow.com

www.plimus.com

[Moah86 0]

Você utiliza proxy ou algum destes sites?

 

www.regnow.com

www.plimus.com

nao amigo, nao utilizo proxy, nem conheço estes sites. tentei usar 1 um tempo atras, mas desinstalei no mesmo dia

[wings 22]

Mais uma informação....

 

Você usa este programa?

 

BSPlayer Pro

[Moah86 0]

Mais uma informação....

 

Você usa este programa?

 

BSPlayer Pro

instalei para assistir um video que tinha uma extensao que o wmp nao lia, mas logo que terminei de assistir o video desinstalei

[wings 22]

*Execute o OTL

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

:OTL

IE - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"

FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"

FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com"

[2010/12/11 00:25:22 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\Firefox\Profiles\sx7rmos3.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2010/12/11 00:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moisés\Dados de aplicativos\BSplayer Pro

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0A8E2C33

 

:Commands

[emptytemp]

[reboot]

*Feche o seu navegador (IE ou Firefox)

*Clique [Consertar]

*O PC será reiniciado

*Cole o relatório C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos

 

Informe se resolveu.

[Moah86 0]

*Execute o OTL

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

:OTL

IE - HKU\S-1-5-21-2591773163-157394966-3580303171-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com

FF - prefs.js..browser.search.defaultthis.engineName: "BS Player Customized Web Search"

FF - prefs.js..browser.search.selectedEngine: "BS Player Customized Web Search"

FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,www.plimus.com,regnow.com,www.regnow.com"

[2010/12/11 00:25:22 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Moisés\Dados de aplicativos\Mozilla\Firefox\Profiles\sx7rmos3.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2010/12/11 00:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moisés\Dados de aplicativos\BSplayer Pro

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0A8E2C33

 

:Commands

[emptytemp]

[reboot]

*Feche o seu navegador (IE ou Firefox)

*Clique [Consertar]

*O PC será reiniciado

*Cole o relatório C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos

 

Informe se resolveu.

 

Não cheguei a fazer o ultimo procedimento indicado, fiz restauração de sistema para o ponto de instal do BS Player e aparentemente resolveu, não está aparecendo aquele endereço suspeito ao menos, porem o toolbar do mesmo continua instalado no Mozilla.

A principio, PROBLEMA RESOLVIDO

Grato a atenção e assistencia.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.