Absolut 0 Denunciar post Postado Dezembro 14, 2010 Entao, estou com um problema mt serio, hj fui entrar num video no youtube, e acabei sendo infectada... mas nao faço a menor ideia d como tirar o virus, pelo amor d deus alguem pode m ajudar??? Eu tentei mandar pra quarentena do avira, mas dps meu computador nao entrou mais na internet.... E qd reiniciei disse q nao podia executar a pasta C:\USERS\A\APPDATA\LOCAL\TEMP\CSRSS.EXE nao entendi nada.... Ai, eu baixei o hijackthis e fiz um scan, e o resultado foi esse: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 04:35:50, on 14/12/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Users\A\AppData\Roaming\dwm.exe C:\Windows\system32\taskeng.exe C:\Users\A\AppData\Local\Temp\csrss.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\lg_swupdate\GiljabiStart.exe C:\Program Files\LG Software\LG OSD\HotKey.exe C:\Users\A\AppData\Roaming\Microsoft\conhost.exe C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Scott's Gmail Alert\ScottsGmailAlert.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files\BrOffice.org 3\program\soffice.exe C:\Program Files\BrOffice.org 3\program\soffice.bin C:\Program Files\LG Software\LG Magnifier\Maglev.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\windows sidebar\gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe c:\Users\A\Downloads\HiJackThis(2).exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54646 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Users\A\AppData\Local\Temp\csrss.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe O4 - HKLM\..\Run: [LGSR_Menu] "C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\LG Software\LG Smart Recovery" UpdateWithCreateOnce Software\CyberLink\PowerRecover O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [scotts Gmail Alert] C:\Program Files\Scott's Gmail Alert\scottsgmailalert.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [svchost] C:\Users\A\AppData\Roaming\Microsoft\conhost.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Startup: BrOffice.org 3.1.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (DHSurveillanceCtrl Control) - http://foxtonrs.no-ip.org/webrec.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9325 bytes mas acabou eu nao sei mais sair dai... oq eu faço agora??? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 14, 2010 Olá Absolut *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Clique com o botão direito no seu ícone e selecione "Executar como administrador" *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Selecione [Verificação completa] e clique [Verificar] > [Verificar] *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] *Clique [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Absolut 0 Denunciar post Postado Dezembro 15, 2010 Entao instalei o programa, fiz o scan, e removi tds os arquivos infectados, e o log é esse: vMalwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5314 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 14/12/2010 22:26:36 mbam-log-2010-12-14 (22-26-36).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 237200 Tempo decorrido: 52 minuto(s), 45 segundo(s) Processos de Memória Infectados: 3 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 2 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 3 Processos de Memória Infectados: c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 9944 -> Unloaded process successfully. c:\Users\A\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> 9508 -> Unloaded process successfully. c:\Users\A\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 8304 -> Unloaded process successfully. Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. Itens de Dados no Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\A\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\A\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\A\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. Só que, dps disso não consegui mais entrar na internet.... e tirei td da quarentena pra poder mexer de novo... Nao sei o q fazer.... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 15, 2010 1. você usa proxy? 2. *Baixe o OTL e salve-o no desktop *Execute o OTL e selecione as opções abaixo: [X] Verificar All UsersExame Extra do Registro: [X] Nenhum [X] Ignorar Arquivos Microsoft [X] Usar WhiteList para Nomes de Companhias [X] Verificar Lop [X] Verificar Purity *Clique [Verificar] e aguarde o término *Cole o relatório (OTL.txt) apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Absolut 0 Denunciar post Postado Dezembro 15, 2010 Oi, entao o que é proxy? Eu nao faço a menor ideia se uso ou nao.... mas, baixei o programa e o relatório é esse: OTL logfile created on: 15/12/2010 00:27:23 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\IGNEZ\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,00 Gb Total Space | 17,57 Gb Free Space | 24,07% Space Free | Partition Type: NTFS Drive D: | 64,55 Gb Total Space | 64,46 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Drive F: | 134,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NOTE-A | User Name: A | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/15 00:25:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\A\Downloads\OTL.exe PRC - [2010/12/14 22:35:02 | 000,137,216 | ---- | M] () -- C:\Users\A\AppData\Roaming\dwm.exe PRC - [2010/12/14 22:35:02 | 000,128,512 | ---- | M] () -- C:\Users\A\AppData\Roaming\Microsoft\conhost.exe PRC - [2010/12/14 22:34:33 | 000,133,632 | ---- | M] () -- C:\Users\A\AppData\Local\Temp\csrss.exe PRC - [2010/12/10 21:35:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe PRC - [2010/12/10 21:35:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe PRC - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/18 23:50:47 | 001,999,872 | ---- | M] (GraphicPort) -- C:\Arquivos de programas\Scott's Gmail Alert\ScottsGmailAlert.exe PRC - [2010/01/15 10:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Arquivos de programas\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/12/06 13:30:58 | 000,304,432 | ---- | M] (BIT LEADER) -- C:\Arquivos de programas\lg_swupdate\GiljabiStart.exe PRC - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe PRC - [2009/06/03 10:51:20 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009/06/03 10:34:50 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe PRC - [2009/04/23 11:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe PRC - [2009/04/23 07:36:26 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin PRC - [2009/04/23 07:33:18 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe PRC - [2009/04/11 04:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe PRC - [2009/04/11 04:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/11/06 10:02:32 | 000,095,536 | ---- | M] (LG Electronics Inc.) -- C:\Arquivos de programas\Windows Sidebar\Gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe PRC - [2008/10/31 13:06:18 | 006,609,440 | ---- | M] (Realtek Semiconductor) -- C:\Arquivos de programas\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2008/10/11 18:10:56 | 003,026,944 | ---- | M] (LG Electronics) -- C:\Arquivos de programas\LG Software\LG OSD\HotKey.exe PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008/05/19 17:25:56 | 000,144,688 | ---- | M] (LG Electronics Inc.) -- C:\Arquivos de programas\LG Software\LG Magnifier\MagnifyingGlass.exe PRC - [2008/05/19 17:24:54 | 000,263,472 | ---- | M] (LG Electronics Inc.) -- C:\Arquivos de programas\LG Software\LG Magnifier\Maglev.exe PRC - [2008/01/21 00:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MSASCui.exe PRC - [2007/11/27 19:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe PRC - [2007/10/02 14:16:06 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007/10/02 14:16:06 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (SafeList) ========== MOD - [2010/12/15 00:25:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\A\Downloads\OTL.exe MOD - [2010/08/31 13:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/01/15 10:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/11/12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009/09/24 23:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/06/03 10:34:50 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/21 00:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2009/12/07 17:50:32 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/08/13 19:57:53 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/05/18 11:42:12 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/10/31 11:43:30 | 002,231,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/08/06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008/07/07 11:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008/06/30 05:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2008/06/05 19:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008/05/26 11:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2008/01/21 00:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 00:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 00:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 00:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 00:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 00:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 00:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 00:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 00:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 00:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 00:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 00:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 00:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 00:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 00:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 00:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 00:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 00:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 00:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 00:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 00:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 00:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 00:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 00:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 00:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/12/06 18:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007/11/21 11:17:36 | 000,327,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28) DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/09/04 03:54:08 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2007/07/15 00:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2007/07/15 00:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006/11/02 07:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 07:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 07:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 07:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 07:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 07:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 07:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 07:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 07:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 07:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 07:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 06:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 06:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 06:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 06:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 06:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 06:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 05:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54646 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.selectedEngine: "MercadoLivre" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?source=navclient-ff&shva=1#inbox" FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20 FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 54646 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 21:35:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 21:35:20 | 000,000,000 | ---D | M] [2009/08/15 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\mozilla\Extensions [2009/08/15 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010/12/14 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\mozilla\Firefox\Profiles\2b3odqfl.default\extensions [2010/04/28 13:40:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\A\AppData\Roaming\mozilla\Firefox\Profiles\2b3odqfl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/03 22:25:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\A\AppData\Roaming\mozilla\Firefox\Profiles\2b3odqfl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/17 10:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A\AppData\Roaming\mozilla\Firefox\Profiles\2b3odqfl.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/09/08 01:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A\AppData\Roaming\mozilla\Firefox\Profiles\2b3odqfl.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} [2010/04/12 15:01:34 | 000,002,456 | ---- | M] () -- C:\Users\A\AppData\Roaming\Mozilla\FireFox\Profiles\2b3odqfl.default\searchplugins\iMeshWebSearch.xml [2010/09/05 20:20:48 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions [2010/09/07 20:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/01/15 23:18:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml [2010/04/12 15:01:34 | 000,002,456 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\iMeshWebSearch.xml [2010/01/15 23:18:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/01/15 23:18:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/01/15 23:18:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2006/09/18 19:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de Programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-460962498-612240632-2917619083-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [iAAnotif] C:\Arquivos de Programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeybdUtility] C:\Arquivos de Programas\LG Software\LG OSD\HotKey.exe (LG Electronics) O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [LG Magnifier] C:\Arquivos de Programas\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.) O4 - HKLM..\Run: [LGSR_Menu] C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Arquivos de Programas\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Arquivos de Programas\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\Run: [AutoStartNPSAgent] C:\Arquivos de Programas\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\Run: [conhost] C:\Users\A\AppData\Roaming\Microsoft\conhost.exe () O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\Run: [scotts Gmail Alert] C:\Arquivos de Programas\Scott's Gmail Alert\ScottsGmailAlert.exe (GraphicPort) O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 3.1.lnk = C:\Arquivos de Programas\BrOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de Programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) F3 - HKU\S-1-5-21-460962498-612240632-2917619083-1000 WinNT: Load - (C:\Users\A\AppData\Local\Temp\csrss.exe) - C:\Users\A\AppData\Local\Temp\csrss.exe () O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://foxtonrs.no-ip.org/webrec.cab (DHSurveillanceCtrl Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.149.55.142 200.165.132.154 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-460962498-612240632-2917619083-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-460962498-612240632-2917619083-1000 Winlogon: Shell - (C:\Users\A\AppData\Roaming\dwm.exe) - C:\Users\A\AppData\Roaming\dwm.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\A\Pictures\2010-01-13\288.JPG O24 - Desktop BackupWallPaper: C:\Users\A\Pictures\2010-01-13\288.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 19:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6d3e6515-a9f0-11de-887a-000df06692b9}\Shell\AutoRun\command - "" = azspzc.exe O33 - MountPoints2\{6d3e6515-a9f0-11de-887a-000df06692b9}\Shell\explore\Command - "" = azspzc.exe O33 - MountPoints2\{6d3e6515-a9f0-11de-887a-000df06692b9}\Shell\open\Command - "" = azspzc.exe O33 - MountPoints2\{6d3e6539-a9f0-11de-887a-000df06692b9}\Shell\AutoRun\command - "" = azspzc.exe O33 - MountPoints2\{6d3e6539-a9f0-11de-887a-000df06692b9}\Shell\explore\Command - "" = azspzc.exe O33 - MountPoints2\{6d3e6539-a9f0-11de-887a-000df06692b9}\Shell\open\Command - "" = azspzc.exe O33 - MountPoints2\{c393ff25-9c09-11de-80f4-000df06692b9}\Shell - "" = AutoRun O33 - MountPoints2\{c393ff25-9c09-11de-80f4-000df06692b9}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{c393ff40-9c09-11de-80f4-000df06692b9}\Shell - "" = AutoRun O33 - MountPoints2\{c393ff40-9c09-11de-80f4-000df06692b9}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{d257cc18-9095-11df-bda2-000df06692b9}\Shell\AutoRun\command - "" = G:\1j038ki.exe -- File not found O33 - MountPoints2\{d257cc18-9095-11df-bda2-000df06692b9}\Shell\open\Command - "" = G:\1j038ki.exe -- File not found O33 - MountPoints2\{eb05036f-b421-11de-83ea-000df06692b9}\Shell\AutoRun\command - "" = azspzc.exe O33 - MountPoints2\{eb05036f-b421-11de-83ea-000df06692b9}\Shell\explore\Command - "" = azspzc.exe O33 - MountPoints2\{eb05036f-b421-11de-83ea-000df06692b9}\Shell\open\Command - "" = azspzc.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Windows\Install.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/14 21:28:41 | 000,000,000 | ---D | C] -- C:\Users\A\AppData\Roaming\Malwarebytes [2010/12/14 21:28:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/12/14 21:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/12/14 21:28:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/12/14 21:28:32 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware [2010/12/14 21:26:36 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\IGNEZ\Desktop\mbam-setup-1.50.0.0.exe [2010/12/14 02:57:52 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010/12/14 02:57:06 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Panda Security [2010/12/10 01:00:21 | 000,042,306 | ---- | C] (Ark Pioneer Microelectronics Ltd.) -- C:\Windows\System32\usbport.sys [2010/12/10 01:00:21 | 000,000,000 | ---D | C] -- C:\Windows\ARK ========== Files - Modified Within 30 Days ========== [2010/12/15 00:25:55 | 002,621,440 | ---- | M] () -- C:\Users\A\ntuser.dat [2010/12/15 00:23:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/14 23:38:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/12/14 23:12:35 | 000,010,124 | ---- | M] () -- C:\Users\A\AppData\Roaming\F920.429 [2010/12/14 22:42:45 | 001,444,766 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/12/14 22:42:45 | 000,634,222 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/12/14 22:42:45 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/14 22:42:45 | 000,121,888 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/12/14 22:42:45 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/14 22:36:23 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/14 22:36:23 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010/12/14 22:36:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/14 22:36:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/14 22:36:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/12/14 22:35:24 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/12/14 22:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\A\ntuser.dat{4ef4b46f-cd65-11de-a5b7-000df06692b9}.TMContainer00000000000000000001.regtrans-ms [2010/12/14 22:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\A\ntuser.dat{4ef4b46f-cd65-11de-a5b7-000df06692b9}.TM.blf [2010/12/14 22:35:17 | 002,519,452 | -H-- | M] () -- C:\Users\A\AppData\Local\IconCache.db [2010/12/14 22:35:02 | 000,137,216 | ---- | M] () -- C:\Users\A\AppData\Roaming\dwm.exe [2010/12/14 22:01:12 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E83B6A71-B8E4-4920-AEC4-43CA213652CE}.job [2010/12/14 21:28:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/12/14 21:27:21 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\IGNEZ\Desktop\mbam-setup-1.50.0.0.exe [2010/12/14 01:57:26 | 000,060,178 | ---- | M] () -- C:\Users\A\Desktop\bookmarks-2010-12-142 [2010/12/14 01:56:56 | 000,060,178 | ---- | M] () -- C:\Users\A\Desktop\bookmarks-2010-12-14.json [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010/12/14 22:35:02 | 000,137,216 | ---- | C] () -- C:\Users\A\AppData\Roaming\dwm.exe [2010/12/14 21:28:37 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/12/14 01:57:26 | 000,060,178 | ---- | C] () -- C:\Users\A\Desktop\bookmarks-2010-12-142 [2010/12/14 01:56:52 | 000,060,178 | ---- | C] () -- C:\Users\A\Desktop\bookmarks-2010-12-14.json [2010/12/14 00:37:32 | 000,010,124 | ---- | C] () -- C:\Users\A\AppData\Roaming\F920.429 [2010/12/10 01:00:21 | 000,102,400 | ---- | C] () -- C:\Windows\removeark.exe [2010/12/10 01:00:21 | 000,086,016 | ---- | C] () -- C:\Windows\removearkold.exe1 [2010/12/10 01:00:21 | 000,030,336 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys [2010/12/10 01:00:21 | 000,021,155 | ---- | C] () -- C:\Windows\System32\SER2UP.VXD [2010/09/07 20:30:11 | 000,026,340 | ---- | C] () -- C:\Users\A\AppData\Roaming\UserTile.png [2010/09/05 20:19:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/01 22:42:49 | 000,000,552 | ---- | C] () -- C:\Users\A\AppData\Local\d3d8caps.dat [2010/03/31 15:19:19 | 000,000,317 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009/10/20 03:12:23 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009/10/20 03:11:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/15 21:00:12 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009/08/15 21:00:12 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009/08/15 20:21:26 | 000,017,408 | ---- | C] () -- C:\Users\A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/13 20:37:00 | 000,011,110 | ---- | C] () -- C:\Windows\lg_up.ini [2009/08/13 19:57:53 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009/08/13 16:37:51 | 002,519,452 | -H-- | C] () -- C:\Users\A\AppData\Local\IconCache.db [2009/08/13 16:35:28 | 000,107,376 | ---- | C] () -- C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/11/12 11:24:32 | 000,001,068 | ---- | C] () -- C:\Windows\lgcenter.ini [2008/11/12 11:13:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008/11/12 11:13:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll [2008/11/12 11:11:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008/11/12 11:03:59 | 000,000,222 | ---- | C] () -- C:\Windows\lgps.ini [2008/01/21 04:33:28 | 001,444,766 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008/01/21 00:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2007/10/25 18:26:10 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007/10/02 13:58:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 10:48:00 | 000,000,174 | -HS- | C] () -- C:\Arquivos de Programas\desktop.ini [2006/11/02 08:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006/11/02 08:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006/11/02 08:23:31 | 000,000,247 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 08:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 05:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 05:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006/11/02 05:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006/11/02 05:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006/11/02 05:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006/11/02 05:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006/11/02 05:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006/11/02 05:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006/11/02 05:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006/11/02 05:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006/11/02 05:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006/11/02 05:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006/11/02 05:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006/11/02 05:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006/11/02 05:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006/11/02 05:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006/11/02 04:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/02/14 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\Audacity [2009/10/02 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\BrOffice.org [2010/02/23 22:17:04 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\Canneverbe Limited [2009/08/13 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\DAEMON Tools Lite [2009/10/08 23:15:43 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\GlarySoft [2010/05/03 14:25:52 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\Gmail Growl [2009/08/18 18:57:13 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\gtk-2.0 [2010/12/07 21:58:23 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\LimeWire [2009/08/15 21:02:57 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\PC Suite [2010/09/07 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\PeerNetworking [2009/08/15 21:00:01 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\Samsung [2010/09/07 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\uTorrent [2009/09/08 02:23:59 | 000,000,000 | ---D | M] -- C:\Users\A\AppData\Roaming\Wormux [2010/12/14 22:36:23 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010/12/14 22:35:25 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/12/14 22:01:12 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E83B6A71-B8E4-4920-AEC4-43CA213652CE}.job ========== Purity Check ========== < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 15, 2010 Sugiro que copie e cole no bloco de notas o procedimento 4. Salve o arquivo no desktop como procedimento.txt. Somente faça o procedimento 4 caso não consiga conectar com a internet. OK? 1. *Baixe o ERUNT e salve-o no desktop *Crie uma pasta em C:\ chamada ERUNT e extraia para ela *Clique com o botão direito do mouse no arquivo C:\ERUNT\ERUNT.exe e selecione "Executar como administrador" *Clique [OK] > [OK] > [sim] > [OK] 2. *Baixe o SCRP e salve-o no desktop *Extraia para o desktop *Execute o SCRP, aguarde e clique [OK] 3. *Execute o OTL *Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código: :OTL PRC - [2010/12/14 22:35:02 | 000,137,216 | ---- | M] () -- C:\Users\A\AppData\Roaming\dwm.exe PRC - [2010/12/14 22:35:02 | 000,128,512 | ---- | M] () -- C:\Users\A\AppData\Roaming\Microsoft\conhost.exe PRC - [2010/12/14 22:34:33 | 000,133,632 | ---- | M] () -- C:\Users\A\AppData\Local\Temp\csrss.exe IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-460962498-612240632-2917619083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54646 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 54646 FF - prefs.js..network.proxy.type: 1 O4 - HKU\S-1-5-21-460962498-612240632-2917619083-1000..\Run: [conhost] C:\Users\A\AppData\Roaming\Microsoft\conhost.exe () F3 - HKU\S-1-5-21-460962498-612240632-2917619083-1000 WinNT: Load - (C:\Users\A\AppData\Local\Temp\csrss.exe) - C:\Users\A\AppData\Local\Temp\csrss.exe () O20 - HKU\S-1-5-21-460962498-612240632-2917619083-1000 Winlogon: Shell - (C:\Users\A\AppData\Roaming\dwm.exe) - C:\Users\A\AppData\Roaming\dwm.exe () O33 - MountPoints2\{6d3e6515-a9f0-11de-887a-000df06692b9}\Shell\AutoRun\command - "" = azspzc.exe O33 - MountPoints2\{6d3e6515-a9f0-11de-887a-000df06692b9}\Shell\explore\Command - "" = azspzc.exe O33 - MountPoints2\{6d3e6515-a9f0-11de-887a-000df06692b9}\Shell\open\Command - "" = azspzc.exe O33 - MountPoints2\{6d3e6539-a9f0-11de-887a-000df06692b9}\Shell\AutoRun\command - "" = azspzc.exe O33 - MountPoints2\{6d3e6539-a9f0-11de-887a-000df06692b9}\Shell\explore\Command - "" = azspzc.exe O33 - MountPoints2\{6d3e6539-a9f0-11de-887a-000df06692b9}\Shell\open\Command - "" = azspzc.exe O33 - MountPoints2\{c393ff25-9c09-11de-80f4-000df06692b9}\Shell - "" = AutoRun O33 - MountPoints2\{c393ff25-9c09-11de-80f4-000df06692b9}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{c393ff40-9c09-11de-80f4-000df06692b9}\Shell - "" = AutoRun O33 - MountPoints2\{c393ff40-9c09-11de-80f4-000df06692b9}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{d257cc18-9095-11df-bda2-000df06692b9}\Shell\AutoRun\command - "" = G:\1j038ki.exe -- File not found O33 - MountPoints2\{d257cc18-9095-11df-bda2-000df06692b9}\Shell\open\Command - "" = G:\1j038ki.exe -- File not found O33 - MountPoints2\{eb05036f-b421-11de-83ea-000df06692b9}\Shell\AutoRun\command - "" = azspzc.exe O33 - MountPoints2\{eb05036f-b421-11de-83ea-000df06692b9}\Shell\explore\Command - "" = azspzc.exe O33 - MountPoints2\{eb05036f-b421-11de-83ea-000df06692b9}\Shell\open\Command - "" = azspzc.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Windows\Install.exe -- File not found :Commands [resethosts] [emptytemp] [reboot] *Clique [Consertar] *O PC será reiniciado *Cole o relatório C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos 4. Caso perca a conexão com a internet.... a. *Clique [iniciar] e na barra de busca rápida > digite: restauração do sistema *Clique [OK] *Selecione [x]Restauração recomendada b. *Abra a pasta C:\Windows\ERDNT\Dia-Mês-Ano *Execute o ERDNT.exe *Clique [OK] > [OK] > [sim] *O PC será reiniciado. Compartilhar este post Link para o post Compartilhar em outros sites
Absolut 0 Denunciar post Postado Dezembro 15, 2010 mas o que é execute o otl? o que é otl? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 15, 2010 mas o que é execute o otl? o que é otl? Olha o post 4 do tópico amigo!!...é o programa que solicitei, você colou o relatório dele. Esqueceu? :) Compartilhar este post Link para o post Compartilhar em outros sites
Absolut 0 Denunciar post Postado Dezembro 16, 2010 entao, fiz tudo, e logo dps o computador reiniciou e nao tve nehum log. consegui entrar na internet e scaneei no malwarebites e log foi: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5314 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 16/12/2010 02:10:47 mbam-log-2010-12-16 (02-10-33).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 236927 Tempo decorrido: 48 minuto(s), 43 segundo(s) Processos de Memória Infectados: 3 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 2 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 3 Processos de Memória Infectados: c:\Users\A\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> 796 -> No action taken. c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 2456 -> No action taken. c:\Users\A\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 2680 -> No action taken. Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken. Itens de Dados no Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\A\AppData\Local\Temp\csrss.exe) Good: () -> No action taken. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Users\A\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> No action taken. c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> No action taken. c:\Users\A\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken. acho nao mudou nada e nada e agora? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 16, 2010 Leia novamente o procedimento que solicitei acima... Eu o modifiquei. Siga-o conforme descrito. OK? Compartilhar este post Link para o post Compartilhar em outros sites
Absolut 0 Denunciar post Postado Dezembro 16, 2010 Continuam aqui.... LOG: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5314 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 16/12/2010 14:05:38 mbam-log-2010-12-16 (14-05-13).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 239956 Tempo decorrido: 53 minuto(s), 37 segundo(s) Processos de Memória Infectados: 3 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 2 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 3 Processos de Memória Infectados: c:\Users\A\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> 2536 -> No action taken. c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 2732 -> No action taken. c:\Users\A\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 2864 -> No action taken. Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken. Itens de Dados no Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\A\AppData\Local\Temp\csrss.exe) Good: () -> No action taken. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\Users\A\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> No action taken. c:\Users\A\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> No action taken. c:\Users\A\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 16, 2010 Com os comandos que solicitei no OTL os arquivos não eram para estar presentes no PC. Isso só está acontecendo se você restaurou o sistema ou não resolveu remover os arquivos. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute-o e aceite o contrato *Aguarde a conclusão de todas as etapas *Não use o mouse nem o teclado durante a execução das etapas!! *Para interromper o procedimento tecle [N] > [ENTER] *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Absolut 0 Denunciar post Postado Dezembro 17, 2010 Wings você é um anjo!!! Acho q saiu td!!! Dá uma olhada no log.. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Versão da Base de Dados: 5314 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 17/12/2010 03:42:11 mbam-log-2010-12-17 (03-42-11).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 242839 Tempo decorrido: 1 hora(s), 7 minuto(s), 58 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Mt obrigada msm!!! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 17, 2010 *Execute o OTL e clique [Limpeza] > [OK] *O PC será reiniciado Um abraço e Feliz Natal. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 21, 2010 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
