Dom Luiz 0 Denunciar post Postado Fevereiro 24, 2011 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:11:15, on 24/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll R3 - URLSearchHook: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Program Files\Softonic.BR\tbSoft.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Program Files\Softonic.BR\tbSoft.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O3 - Toolbar: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Program Files\Softonic.BR\tbSoft.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [NitroPC] "C:\Program Files\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/pt-br/wlscctrl2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{079C0903-F534-4E5F-886C-E979C8B4389F}: NameServer = 201.10.128.3,201.10.120.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{079C0903-F534-4E5F-886C-E979C8B4389F}: NameServer = 201.10.128.3,201.10.120.3 O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9638 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Fevereiro 24, 2011 Olá, Dom Luiz! Está apresentando algum problema? Ou é uma análise rotineira? 1º *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. *Cole o relatório criado em C:\Ad-Report-CLEAN.log 2º *Baixe o RSIT e salve-o no desktop *Execute o RSIT e clique em [Continue] *Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Fevereiro 24, 2011 ======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 21/02/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 19:02:16 on 24/02/2011, Normal boot Microsoft® Windows Vista™ Business Service Pack 2 (X86) Barreira de Goiatins@B-GOIATINS (System manufacturer System Product Name) ============== ACTION(S) ============== Folder deleted: C:\Users\Barreira de Goiatins\AppData\Roaming\Mozilla\FireFox\Profiles\w1ap6nht.default\conduit Folder deleted: C:\Users\Barreira de Goiatins\AppData\LocalLow\PriceGong (!) -- Temporary files deleted. -- File opened: C:\Users\Barreira de Goiatins\AppData\Roaming\Mozilla\FireFox\Profiles\w1ap6nht.default\Prefs.js -- Line deleted: user_pref("CT2284374.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM... Line deleted: user_pref("CT2465030.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Feb 24 2011 14:08:48 GMT-0300 (Hora ofic... Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "{4f77a5ad-2bbf-4979-b109-3adb5abab3e9}"); -- File closed -- Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\PriceGong ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.13 (pt-BR)] **** Plugins\np-mswmp.dll (?) Plugins\npwachk.dll (Nullsoft, Inc.) Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) -- C:\Users\Barreira de Goiatins\AppData\Roaming\Mozilla\FireFox\Profiles\w1ap6nht.default -- Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil) Extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff} (mipony-plugin Toolbar) Extensions\{b558ef17-3612-40c3-b954-419a460bf9f1} (Softonic.BR Toolbar) Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey) Prefs.js - browser.download.dir, C:\\Users\\Barreira de Goiatins\\Desktop Prefs.js - browser.startup.homepage, hxxp://gta.adapec.to.gov.br/gta/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13 ======================================== **** Internet Explorer Version [8.0.6001.19019] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Program Files\mipony-plugin\tbmipo.dll) HKCU_URLSearchHooks|{b558ef17-3612-40c3-b954-419a460bf9f1} - "Softonic.BR Toolbar" (C:\Program Files\Softonic.BR\tbSoft.dll) HKLM_URLSearchHooks|{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Program Files\mipony-plugin\tbmipo.dll) HKLM_URLSearchHooks|{b558ef17-3612-40c3-b954-419a460bf9f1} - "Softonic.BR Toolbar" (C:\Program Files\Softonic.BR\tbSoft.dll) HKCU_SearchScopes\{49FAC2FF-1583-4799-92A7-89F2FEABBAE6} - "iG Busca" (hxxp://busca.igbusca.com.br/app/busca.ig?q={searchTerms}) HKCU_SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - "Busca ALOT" (hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=05F4632001CBC46E008...) HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Program Files\Orbitdownloader\GrabPro.dll) HKCU_Toolbar\WebBrowser|{90D46C30-9F25-4104-AEA9-35C3F84477FF} (C:\Program Files\mipony-plugin\tbmipo.dll) HKCU_Toolbar\WebBrowser|{B558EF17-3612-40C3-B954-419A460BF9F1} (C:\Program Files\Softonic.BR\tbSoft.dll) HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Program Files\Orbitdownloader\GrabPro.dll) HKLM_Toolbar|{90d46c30-9f25-4104-aea9-35c3f84477ff} (C:\Program Files\mipony-plugin\tbmipo.dll) HKLM_Toolbar|{b558ef17-3612-40c3-b954-419a460bf9f1} (C:\Program Files\Softonic.BR\tbSoft.dll) HKCU_ElevationPolicy\{A90C515A-7C0A-405D-82DE-528ED1E6F112} - C:\Program Files\GbPlugin\GbpSv.exe ( ) HKCU_ElevationPolicy\{E3B16B5D-DCCB-4F13-BB69-1BDC18782DB7} - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (?) HKCU_ElevationPolicy\{F019B479-EFF2-46F2-B4D7-2034C94F48D9} - C:\Program Files\Softonic.BR\Softonic.BRToolbarHelper.exe (?) HKLM_ElevationPolicy\8403b3e4-c871-4996-9476-f2ac6dc91961 - C:\Program Files\mipony-plugin\mipony-pluginToolbarHelper.exe (?) HKLM_ElevationPolicy\b4bf8a98-080b-40ed-b4d6-eadd39a43b21 - C:\Program Files\Softonic.BR\Softonic.BRToolbarHelper.exe (?) HKLM_ElevationPolicy\e880339f-1358-4b7a-af19-ddcb06f3b0f1 - C:\Program Files\TV_Bar_1.3\TV_Bar_1.3ToolbarHelper.exe (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\system32\wpcer.exe (x) HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_Extensions\{0000036B-C524-4050-81A0-243669A86B9F} - "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" (C:\Program Files\Windows Live\Companion\companionres.dll,200) BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Program Files\Orbitdownloader\orbitcth.dll) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll) BHO\{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Program Files\mipony-plugin\tbmipo.dll) BHO\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - "Windows Live Messenger Companion Helper" (C:\Program Files\Windows Live\Companion\companioncore.dll) BHO\{b558ef17-3612-40c3-b954-419a460bf9f1} - "Softonic.BR Toolbar" (C:\Program Files\Softonic.BR\tbSoft.dll) BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\PROGRAM FILES\GBPLUGIN\gbieh.dll) BHO\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - "ChromeFrame BHO" (C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 41 File(s) C:\Program Files\Ad-Remover\Backup: 31 File(s) C:\Ad-Report-CLEAN[1].txt - 22/02/2011 08:41:09 (8175 Byte(s)) C:\Ad-Report-CLEAN[2].txt - 24/02/2011 19:02:30 (7800 Byte(s)) End at: 19:04:11, 24/02/2011 ============== E.O.F ============== INFO.TXT info.txt logfile of random's system information tool 1.08 2011-02-24 19:28:55 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe -maintain plugin Adobe Reader 9.4.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A94000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Ad-Remover By C_XX-->C:\Program Files\Ad-Remover\main.exe /u aMSN 0.98.3-->C:\Program Files\aMSN\uninstall.exe Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe Atheros Communications Inc.® L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\setup.exe" -l0x9 -removeonly CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Controle ActiveX do Windows Live Mesh para Conexões Remotas-->MsiExec.exe /I{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9} ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe" Crux Calculator v5-->"C:\Program Files\Crux Calculator v5\uninst.exe" D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" Easy CD-DA Extractor 10-->"C:\Windows\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml" ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Everything 1.2.1.371-->C:\Program Files\Everything\Uninstall.exe Feedback Tool-->MsiExec.exe /I{13A5E785-5197-4EAD-8EE3-D660271E49BC} Frame do Google Chrome-->"C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\Installer\setup.exe" --uninstall --delete-profile --chrome-frame --system-level Google Chrome-->"C:\Program Files\Google\Chrome\Application\9.0.597.98\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GPS TrackMaker-->MsiExec.exe /X{E374DB02-F12D-4733-B5ED-F8FC86ED23CC} HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Java 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} K-Lite Mega Codec Pack 6.2.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LogMeIn-->MsiExec.exe /I{A83C6C34-3007-422A-9E56-A74996BCCDBD} Magic MP3 Tagger 2.2.6-->"C:\Program Files\Magic MP3 Tagger\unins000.exe" McAfee Agent-->MsiExec.exe /X{A638557B-1F13-40A0-9627-C892FBCA6960} McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS McAfee VirusScan Enterprise-->MsiExec.exe /X{147BCE03-C0F1-4C9F-8157-6A89B6D2D973} Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E} Messenger Companion-->MsiExec.exe /I{3889988F-762B-4B85-AB17-71C9CC3AE445} Microsoft .NET Framework 3.5 Language Pack SP1 - ptb-->MsiExec.exe /I{1438B41C-658C-35B7-9253-780F2E0A0B8E} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile PTB Language Pack-->MsiExec.exe /X{20A15757-4AE4-3C82-9711-863C84AFE6AA} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Antimalware Service PT-BR Language Pack-->MsiExec.exe /X{D40C0608-033D-43A7-B4D7-B0EE493F938C} Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2} Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0416-0000-0000000FF1CE} Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80} Microsoft Security Client PT-BR Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925} Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3} Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MiPony 1.2.1-->C:\Program Files\MiPony\uninst.exe mipony-plugin Toolbar-->C:\PROGRA~1\MIPONY~1\UNWISE.EXE /U C:\PROGRA~1\MIPONY~1\INSTALL.LOG Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C} Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 To Ringtone Gold 3.15-->"C:\Program Files\AnMing\unins000.exe" MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301046} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NitroPC-->"C:\Program Files\NitroPC\remover.exe" OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe" Pacote de Compatibilidade para o sistema Office 2007-->MsiExec.exe /X{90120000-0020-0416-0000-0000000FF1CE} Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb\setup.exe Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1046 /parameterfolder ClientLP Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Revo Uninstaller 1.91-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe RSDLite-->MsiExec.exe /I{FBEA1DA0-5289-4B11-983C-3D9FA03E670F} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT="" Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA} Softonic.BR Toolbar-->C:\PROGRA~1\Softonic.BR\UNWISE.EXE /U C:\PROGRA~1\Softonic.BR\INSTALL.LOG Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} VSO Image Resizer 4.0.0.36-->"C:\Program Files\VSO\Image Resizer 4\unins000.exe" Web-Fi Bloqueador de conteúdo 4.4-->"C:\Windows\config\cti\unins000.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{43B43577-2514-4CE0-B14A-7E85C17C0453} Windows Live Family Safety-->MsiExec.exe /I{65CD9858-1F02-46C8-80DA-62B29D2BA176} Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC} Windows Live Galeria de Fotos-->MsiExec.exe /X{F7A46527-DF1F-4B0F-9637-98547E189442} Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30} Windows Live Mail-->MsiExec.exe /I{9DA3F03B-2CEE-4344-838E-117861E61FAF} Windows Live Mesh-->MsiExec.exe /I{644063FA-ABA3-42AC-A8AC-3EDC0706018B} Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48} Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9} Windows Live Messenger-->MsiExec.exe /X{D54A52A8-DF24-4CE8-850B-074CA47DFA74} Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90} Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4} Windows Live OneCare safety scanner-->%ProgramFiles%\Windows Live Safety Center\wlschost.exe -Uninstall Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{B33B61FE-701F-425F-98AB-2B85725CBF68} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live Remote Client Resources-->MsiExec.exe /I{41B72CAF-036B-4E0A-8D22-F5DF7C970434} Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF} Windows Live Remote Service Resources-->MsiExec.exe /I{E6617B44-D556-49AC-B2A3-01451E115043} Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live Sync-->MsiExec.exe /X{2DF215E0-BD3C-4C98-8616-AFEF09747285} Windows Live UX Platform Language Pack-->MsiExec.exe /I{DF71ABBB-B834-41C0-BB58-80B0545D754C} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{B3BE54A4-8DFE-4593-8E66-56AB7133B812} Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088} WorldUnlock Codes Calculator-->"C:\Program Files\WorldUnlock Codes Calculator\uninst.exe" ======Security center information====== AV: VirusScan Enterprise + AntiSpyware Enterprise AS: VirusScan Enterprise + AntiSpyware Enterprise ======System event log====== Computer Name: B-Goiatins Event Code: 4372 Message: O Serviço do Windows está configurando o estado do pacote KB948465(Service Pack) como Preparando(Staging) Record Number: 111710 Source Name: Microsoft-Windows-Servicing Time Written: 20100905010512.000000-000 Event Type: Informações User: B-Goiatins\Barreira de Goiatins Computer Name: B-Goiatins Event Code: 4372 Message: O Serviço do Windows está configurando o estado do pacote KB948465(Service Pack) como Preparando(Staging) Record Number: 111709 Source Name: Microsoft-Windows-Servicing Time Written: 20100905010512.000000-000 Event Type: Informações User: B-Goiatins\Barreira de Goiatins Computer Name: B-Goiatins Event Code: 4372 Message: O Serviço do Windows está configurando o estado do pacote KB948465(Service Pack) como Preparando(Staging) Record Number: 111708 Source Name: Microsoft-Windows-Servicing Time Written: 20100905010512.000000-000 Event Type: Informações User: B-Goiatins\Barreira de Goiatins Computer Name: B-Goiatins Event Code: 4372 Message: O Serviço do Windows está configurando o estado do pacote KB948465(Service Pack) como Preparando(Staging) Record Number: 111707 Source Name: Microsoft-Windows-Servicing Time Written: 20100905010512.000000-000 Event Type: Informações User: B-Goiatins\Barreira de Goiatins Computer Name: B-Goiatins Event Code: 4372 Message: O Serviço do Windows está configurando o estado do pacote KB948465(Service Pack) como Preparando(Staging) Record Number: 111706 Source Name: Microsoft-Windows-Servicing Time Written: 20100905010512.000000-000 Event Type: Informações User: B-Goiatins\Barreira de Goiatins =====Application event log===== Computer Name: B-Goiatins Event Code: 6000 Message: O assinante de notificação do winlogon <SessionEnv> não estava disponível para tratar de um evento de notificação. Record Number: 844 Source Name: Microsoft-Windows-Winlogon Time Written: 20090502180234.000000-000 Event Type: Informações User: Computer Name: B-Goiatins Event Code: 4101 Message: Licença do Windows validada. Record Number: 843 Source Name: Microsoft-Windows-Winlogon Time Written: 20090502180234.000000-000 Event Type: Informações User: Computer Name: B-Goiatins Event Code: 902 Message: O serviço de Licenciamento de Software foi iniciado. Record Number: 842 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090502180227.000000-000 Event Type: Informações User: Computer Name: B-Goiatins Event Code: 1005 Message: O resultado do consumo de Direito do Windows é: hr=0x0 Record Number: 841 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090502180227.000000-000 Event Type: Informações User: Computer Name: B-Goiatins Event Code: 1003 Message: O serviço de Licenciamento de Software concluiu uma verificação de status de licenciamento. ID do Aplicativo=55c92734-d682-4d71-983e-d6ec3f16059f Status do Licenciamento= {1,[0101b69a-85c8-4344-8196-7a16a7790bb5, 8, 0xC004F014,0x0]} {1,[093e8e65-b6ab-4526-ab64-ae4e8269b656, 8, 0xC004F014,0x0]} {1,[177df7ed-709f-454a-91bd-947ec8a1e668, 8, 0xC004F014,0x0]} {1,[212a64dc-43b1-4d3d-a30c-2fc69d2095c6, 8, 0xC004F014,0x0]} {1,[4871de8b-3adf-4455-a7d3-fd7b6c01c939, 8, 0xC004F014,0x0]} {1,[4f3d1606-3fea-4c01-be3c-8d671c401e3b, 8, 0xC004F014,0x0]} {1,[74e464f6-45db-41f6-9356-66260bdf3c65, 8, 0xC004F014,0x0]} {1,[829a4bc1-2a89-47ba-a638-0b8a206b0986, 8, 0xC004F014,0x0]} {1,[9de9abe2-d01d-4538-af84-4498bdbc2ba3, 8, 0xC004F014,0x0]} {1,[b13b0123-8661-4ee2-afb7-05c37481686b, 8, 0xC004F014,0x0]} {1,[f14a0fcc-9198-49d0-9b48-61398a545aae, 8, 0xC004F014,0x0]} {1,[f758e09b-7c7c-492c-b78c-aba5bd4e3f5b, 8, 0xC004F014,0x0]} {1,[faba8d9b-3ad6-4529-b11d-d41ec9b5d47b, 8, 0xC004F014,0x0]} {1,[fd3bcb98-5c55-4b2d-ae32-a4515e3c17a3, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]} {1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 0, 0xC004F055,0x0]} Record Number: 840 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090502180227.000000-000 Event Type: Informações User: =====Security event log===== Computer Name: B-Goiatins Event Code: 5038 Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco. Nome do arquivo: \Device\HarddiskVolume1\Users\BARREI~1\AppData\Local\Temp\cvasds0.dll Record Number: 18792 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091010163055.042905-000 Event Type: Falha de Auditoria User: Computer Name: B-Goiatins Event Code: 5038 Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco. Nome do arquivo: \Device\HarddiskVolume1\Users\BARREI~1\AppData\Local\Temp\cvasds0.dll Record Number: 18791 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091010163055.020905-000 Event Type: Falha de Auditoria User: Computer Name: B-Goiatins Event Code: 5038 Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco. Nome do arquivo: \Device\HarddiskVolume1\Users\BARREI~1\AppData\Local\Temp\cvasds0.dll Record Number: 18790 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091010163054.994905-000 Event Type: Falha de Auditoria User: Computer Name: B-Goiatins Event Code: 5038 Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco. Nome do arquivo: \Device\HarddiskVolume1\Users\BARREI~1\AppData\Local\Temp\cvasds0.dll Record Number: 18789 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091010163054.967905-000 Event Type: Falha de Auditoria User: Computer Name: B-Goiatins Event Code: 5038 Message: A integridade do código determinou que o hash de imagem de um arquivo não é válido. O arquivo pode estar corrompido devido a uma modificação não-autorizada, ou o hash inválido pode indicar um erro em potencial do dispositivo de disco. Nome do arquivo: \Device\HarddiskVolume1\Users\BARREI~1\AppData\Local\Temp\cvasds0.dll Record Number: 18788 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091010163054.942905-000 Event Type: Falha de Auditoria User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "DEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection "VSEDEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -----------------EOF--------------- INFO.TXT Logfile of random's system information tool 1.08 (written by random/random) Run by Barreira de Goiatins at 2011-02-24 19:20:50 Microsoft® Windows Vista™ Business Service Pack 2 System drive C: has 175 GB (73%) free of 238 GB Total RAM: 2039 MB (34% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:28:39, on 24/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Windows\system32\mfevtps.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Program Files\McAfee\Common Framework\McTray.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Barreira de Goiatins\Desktop\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\Barreira de Goiatins.exe C:\Windows\System32\svchost.exe C:\Windows\System32\mobsync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll R3 - URLSearchHook: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Program Files\Softonic.BR\tbSoft.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Program Files\Softonic.BR\tbSoft.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll O3 - Toolbar: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Program Files\Softonic.BR\tbSoft.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [NitroPC] "C:\Program Files\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/pt-br/wlscctrl2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{079C0903-F534-4E5F-886C-E979C8B4389F}: NameServer = 201.10.128.3,201.10.120.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{079C0903-F534-4E5F-886C-E979C8B4389F}: NameServer = 201.10.128.3,201.10.120.3 O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 12168 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{A9F3082C-19D8-4235-8949-A4922F7EE2E4}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-07-15 237644] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29 61200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90d46c30-9f25-4104-aea9-35c3f84477ff}] mipony-plugin Toolbar - C:\Program Files\mipony-plugin\tbmipo.dll [2010-02-22 2353176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-23 297648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2011-02-23 843832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b558ef17-3612-40c3-b954-419a460bf9f1}] Softonic.BR Toolbar - C:\Program Files\Softonic.BR\tbSoft.dll [2010-06-13 2734688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}] GbIehObj Class - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2011-02-01 354592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}] ChromeFrame BHO - C:\Program Files\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll [2011-02-10 4423736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-07-15 684032] {90d46c30-9f25-4104-aea9-35c3f84477ff} - mipony-plugin Toolbar - C:\Program Files\mipony-plugin\tbmipo.dll [2010-02-22 2353176] {b558ef17-3612-40c3-b954-419a460bf9f1} - Softonic.BR Toolbar - C:\Program Files\Softonic.BR\tbSoft.dll [2010-06-13 2734688] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-02-23 297648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2008-03-14 136512] "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-09-29 124240] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2007-09-12 63048] "Everything"=C:\Program Files\Everything\Everything.exe [2009-03-12 602624] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NitroPC"=C:\Program Files\NitroPC\NitroPC.exe [2008-08-19 3477504] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-02-22 39408] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NitroPC] C:\Program Files\NitroPC\NitroPC.exe [2008-08-19 3477504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-04-10 4431872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-04-05 1822720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] C:\Program Files\uTorrent\uTorrent.exe [2010-08-03 327472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webf] C:\Windows\config\cti\webf.exe [2006-10-01 1468928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2010-07-12 74752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb] C:\Program Files\GbPlugin\gbieh.dll [2011-02-01 354592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-01-02 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2011-02-01 354592] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "rv"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2011-02-24 19:20:51 ----D---- C:\Program Files\trend micro 2011-02-24 19:20:50 ----D---- C:\rsit 2011-02-24 19:02:30 ----A---- C:\Ad-Report-CLEAN[2].txt 2011-02-24 09:15:53 ----A---- C:\lopR.txt 2011-02-24 09:14:58 ----D---- C:\Lop SD 2011-02-22 15:18:37 ----D---- C:\Program Files\SpywareBlaster 2011-02-22 15:11:10 ----D---- C:\ProgramData\Alwil Software 2011-02-22 15:11:10 ----D---- C:\Program Files\Alwil Software 2011-02-22 15:05:00 ----D---- C:\Program Files\Marcos Velasco Security 2011-02-22 11:31:30 ----D---- C:\Program Files\Common Files\Java(0) 2011-02-22 11:25:24 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Google 2011-02-22 11:22:07 ----D---- C:\ProgramData\Google 2011-02-22 09:25:05 ----A---- C:\Windows\system32\drivers\pctgntdi.sys 2011-02-22 09:24:51 ----A---- C:\Windows\system32\drivers\PCTCore.sys 2011-02-22 09:24:51 ----A---- C:\Windows\system32\drivers\PCTAppEvent.sys 2011-02-22 09:24:36 ----D---- C:\Program Files\Common Files\PC Tools 2011-02-22 09:24:35 ----A---- C:\Windows\system32\drivers\pctplsg.sys 2011-02-22 09:24:00 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\PC Tools 2011-02-22 09:24:00 ----D---- C:\ProgramData\PC Tools 2011-02-22 09:24:00 ----D---- C:\Program Files\Spyware Doctor 2011-02-22 08:41:09 ----A---- C:\Ad-Report-CLEAN[1].txt 2011-02-22 08:40:48 ----D---- C:\Program Files\Ad-Remover 2011-02-18 17:15:31 ----D---- C:\Program Files\ESET 2011-02-17 08:54:50 ----D---- C:\Trend Micro 2011-02-17 08:53:33 ----D---- C:\Windows\system32\appmgmt 2011-02-16 12:20:49 ----A---- C:\Windows\system32\shsvcs.dll 2011-02-16 10:44:49 ----D---- C:\Program Files\ConvertHelper 2011-02-15 17:51:01 ----D---- C:\5f57013d83fd0627d4058a67f3063c18 2011-02-15 17:47:36 ----A---- C:\Windows\system32\rmoc3260.dll 2011-02-15 17:47:36 ----A---- C:\Windows\system32\pndx5032.dll 2011-02-15 17:47:36 ----A---- C:\Windows\system32\pndx5016.dll 2011-02-15 17:47:36 ----A---- C:\Windows\system32\pncrt.dll 2011-02-15 17:47:30 ----D---- C:\Program Files\Real Alternative 2011-02-15 17:40:53 ----D---- C:\Program Files\Softonic.BR 2011-02-15 16:53:21 ----D---- C:\ProgramData\UAB 2011-02-15 16:52:58 ----D---- C:\ProgramData\Driver Whiz 2011-02-15 16:49:08 ----D---- C:\Program Files\Driver Whiz 2011-02-14 17:07:09 ----D---- C:\Program Files\Feedback Tool 2011-02-14 17:04:36 ----D---- C:\25b8c56052cd6b1c9fe27b68d3ad 2011-02-14 09:07:26 ----D---- C:\Program Files\mipony-plugin 2011-02-10 14:43:31 ----D---- C:\GTA 2011-02-10 11:01:37 ----D---- C:\temp 2011-02-10 09:27:15 ----D---- C:\ProgramData\BVRP Software 2011-02-10 09:27:15 ----D---- C:\Program Files\Motorola Phone Tools 2011-02-10 09:26:09 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\InstallShield 2011-02-09 09:58:39 ----D---- C:\Program Files\Microsoft Security Client 2011-02-09 09:57:40 ----A---- C:\Windows\system32\drivers\netio.sys 2011-02-09 09:18:34 ----A---- C:\Windows\system32\win32k.sys 2011-02-09 09:18:29 ----A---- C:\Windows\system32\ntoskrnl.exe 2011-02-09 09:18:29 ----A---- C:\Windows\system32\ntkrnlpa.exe 2011-02-09 09:18:29 ----A---- C:\Windows\system32\ntdll.dll 2011-02-09 09:17:20 ----A---- C:\Windows\system32\MFH264Dec.dll 2011-02-09 09:17:20 ----A---- C:\Windows\system32\FntCache.dll 2011-02-09 09:17:20 ----A---- C:\Windows\system32\DWrite.dll 2011-02-09 09:17:20 ----A---- C:\Windows\system32\d3d10warp.dll 2011-02-09 09:17:20 ----A---- C:\Windows\system32\d2d1.dll 2011-02-09 09:17:19 ----A---- C:\Windows\system32\xpsservices.dll 2011-02-09 09:17:19 ----A---- C:\Windows\system32\XpsRasterService.dll 2011-02-09 09:17:19 ----A---- C:\Windows\system32\XpsPrint.dll 2011-02-09 09:17:19 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2011-02-09 09:17:18 ----A---- C:\Windows\system32\mfreadwrite.dll 2011-02-09 09:17:18 ----A---- C:\Windows\system32\mfmp4src.dll 2011-02-09 09:17:18 ----A---- C:\Windows\system32\MFHEAACdec.dll 2011-02-09 09:17:18 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2011-02-09 09:17:17 ----A---- C:\Windows\system32\OpcServices.dll 2011-02-09 09:17:17 ----A---- C:\Windows\system32\mf.dll 2011-02-09 09:17:17 ----A---- C:\Windows\system32\dxgi.dll 2011-02-09 09:17:17 ----A---- C:\Windows\system32\d3d10_1core.dll 2011-02-09 09:17:17 ----A---- C:\Windows\system32\d3d10_1.dll 2011-02-09 09:17:16 ----A---- C:\Windows\system32\shdocvw.dll 2011-02-09 09:17:16 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2011-02-09 09:17:16 ----A---- C:\Windows\system32\mfplat.dll 2011-02-09 09:17:16 ----A---- C:\Windows\system32\d3d10level9.dll 2011-02-09 09:17:16 ----A---- C:\Windows\system32\d3d10core.dll 2011-02-09 09:17:16 ----A---- C:\Windows\system32\d3d10.dll 2011-02-09 09:17:15 ----A---- C:\Windows\system32\stobject.dll 2011-02-09 09:17:08 ----A---- C:\Windows\system32\cdd.dll 2011-02-09 09:17:07 ----A---- C:\Windows\system32\mfps.dll 2011-02-09 09:17:06 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2011-02-09 09:14:53 ----A---- C:\Windows\system32\mshtml.dll 2011-02-09 09:14:52 ----A---- C:\Windows\system32\ieframe.dll 2011-02-09 09:14:51 ----A---- C:\Windows\system32\urlmon.dll 2011-02-09 09:14:50 ----A---- C:\Windows\system32\wininet.dll 2011-02-09 09:14:50 ----A---- C:\Windows\system32\msfeeds.dll 2011-02-09 09:14:50 ----A---- C:\Windows\system32\iertutil.dll 2011-02-09 09:14:49 ----A---- C:\Windows\system32\occache.dll 2011-02-09 09:14:49 ----A---- C:\Windows\system32\mstime.dll 2011-02-09 09:14:49 ----A---- C:\Windows\system32\iedkcs32.dll 2011-02-09 09:14:48 ----A---- C:\Windows\system32\mshtmled.dll 2011-02-09 09:14:48 ----A---- C:\Windows\system32\ieUnatt.exe 2011-02-09 09:14:48 ----A---- C:\Windows\system32\ieui.dll 2011-02-09 09:14:48 ----A---- C:\Windows\system32\iesysprep.dll 2011-02-09 09:14:48 ----A---- C:\Windows\system32\iesetup.dll 2011-02-09 09:14:48 ----A---- C:\Windows\system32\iepeers.dll 2011-02-09 09:14:47 ----A---- C:\Windows\system32\msfeedsbs.dll 2011-02-09 09:14:47 ----A---- C:\Windows\system32\licmgr10.dll 2011-02-09 09:14:47 ----A---- C:\Windows\system32\jsproxy.dll 2011-02-09 09:14:47 ----A---- C:\Windows\system32\iernonce.dll 2011-02-09 09:14:47 ----A---- C:\Windows\system32\ie4uinit.exe 2011-02-09 09:14:46 ----A---- C:\Windows\system32\msfeedssync.exe 2011-02-09 09:14:40 ----A---- C:\Windows\system32\shell32.dll 2011-02-09 09:14:37 ----A---- C:\Windows\system32\shlwapi.dll 2011-02-09 09:14:30 ----A---- C:\Windows\system32\atmfd.dll 2011-02-09 09:14:29 ----A---- C:\Windows\system32\atmlib.dll 2011-02-09 09:07:09 ----SHD---- C:\$RECYCLE.BIN 2011-02-08 17:39:10 ----A---- C:\Windows\system32\drivers\fssfltr.sys 2011-02-08 17:39:09 ----DC---- C:\Windows\system32\DRVSTORE 2011-02-08 16:23:19 ----D---- C:\Program Files\Windows Live 2011-02-08 14:48:52 ----D---- C:\Program Files\Motorola 2011-02-08 14:38:59 ----D---- C:\Program Files\Common Files\Motorola Shared 2011-02-07 21:47:22 ----D---- C:\Program Files\VS Revo Group 2011-02-07 20:47:03 ----A---- C:\Windows\system32\XAudio2_5.dll 2011-02-07 20:47:03 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2011-02-07 20:47:03 ----A---- C:\Windows\system32\d3dx10_42.dll 2011-02-07 20:37:08 ----A---- C:\Windows\system32\webservices.dll 2011-02-07 20:36:32 ----D---- C:\Windows\system32\WindowsPowerShell 2011-02-07 20:34:28 ----A---- C:\Windows\system32\winrsmgr.dll 2011-02-07 20:33:48 ----A---- C:\Windows\system32\wsmprovhost.exe 2011-02-07 20:33:48 ----A---- C:\Windows\system32\winrshost.exe 2011-02-07 20:33:48 ----A---- C:\Windows\system32\winrs.exe 2011-02-07 20:33:45 ----A---- C:\Windows\system32\wsmplpxy.dll 2011-02-07 20:33:45 ----A---- C:\Windows\system32\winrssrv.dll 2011-02-07 20:33:40 ----A---- C:\Windows\system32\wecapi.dll 2011-02-07 20:33:39 ----A---- C:\Windows\system32\WsmRes.dll 2011-02-07 20:33:39 ----A---- C:\Windows\system32\wevtfwd.dll 2011-02-07 20:33:39 ----A---- C:\Windows\system32\wecutil.exe 2011-02-07 20:33:39 ----A---- C:\Windows\system32\wecsvc.dll 2011-02-07 20:33:39 ----A---- C:\Windows\system32\pwrshplugin.dll 2011-02-07 20:33:26 ----A---- C:\Windows\system32\winrm.vbs 2011-02-07 20:33:20 ----A---- C:\Windows\system32\WsmWmiPl.dll 2011-02-07 20:33:20 ----A---- C:\Windows\system32\WsmAuto.dll 2011-02-07 20:33:20 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll 2011-02-07 20:33:20 ----A---- C:\Windows\system32\WSManHTTPConfig.exe 2011-02-07 20:33:20 ----A---- C:\Windows\system32\winrscmd.dll 2011-02-07 20:33:19 ----A---- C:\Windows\system32\WsmSvc.dll 2011-02-07 20:31:27 ----A---- C:\Windows\system32\gpprefcl.dll 2011-02-07 19:10:39 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Smart PC Solutions 2011-02-07 18:42:47 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-02-07 10:20:01 ----A---- C:\Windows\system32\javaws.exe 2011-02-07 10:20:01 ----A---- C:\Windows\system32\javaw.exe 2011-02-07 10:20:01 ----A---- C:\Windows\system32\java.exe 2011-02-04 19:02:03 ----D---- C:\Program Files\Windows Live Safety Center 2011-02-04 10:48:28 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\IObit 2011-02-04 10:46:11 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\GlarySoft 2011-02-04 10:39:51 ----D---- C:\Windows\License 2011-02-04 10:18:02 ----D---- C:\Program Files\PC MEGA RAPIDO PRO 2.1 2011-02-04 10:17:56 ----D---- C:\Program Files\NitroPC 2011-02-04 10:16:23 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\GetRightToGo 2011-02-03 10:48:14 ----D---- C:\Program Files\Magic MP3 Tagger 2011-02-03 09:18:43 ----A---- C:\Windows\system32\drivers\pavboot.sys 2011-02-03 09:18:35 ----D---- C:\Program Files\Panda Security 2011-02-01 17:51:38 ----A---- C:\mbam-error.txt 2011-02-01 17:48:05 ----D---- C:\Program Files\Adobe ======List of files/folders modified in the last 1 months====== 2011-02-24 19:27:50 ----D---- C:\Windows\Prefetch 2011-02-24 19:26:36 ----D---- C:\Windows\temp 2011-02-24 19:25:03 ----SHD---- C:\System Volume Information 2011-02-24 19:21:27 ----D---- C:\QUARANTINE 2011-02-24 19:20:51 ----RD---- C:\Program Files 2011-02-24 19:18:44 ----D---- C:\Windows\inf 2011-02-24 19:18:44 ----AD---- C:\Windows\System32 2011-02-24 19:18:44 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-02-24 19:17:40 ----D---- C:\Windows\tracing 2011-02-24 19:07:24 ----AD---- C:\ProgramData\TEMP 2011-02-24 19:06:23 ----AD---- C:\Windows\system32\drivers 2011-02-24 16:11:50 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Mipony 2011-02-24 16:01:17 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Ahead 2011-02-24 02:57:50 ----D---- C:\ProgramData\LogMeIn 2011-02-23 19:40:48 ----D---- C:\ProgramData\Ahead 2011-02-23 18:08:36 ----D---- C:\Windows 2011-02-23 14:19:47 ----SHD---- C:\Windows\Installer 2011-02-23 12:03:48 ----D---- C:\ProgramData 2011-02-23 11:34:08 ----D---- C:\Windows\system32\wbem 2011-02-23 11:33:33 ----D---- C:\Windows\system32\config 2011-02-23 11:33:18 ----D---- C:\Windows\Tasks 2011-02-23 11:33:18 ----D---- C:\Windows\system32\Tasks 2011-02-23 11:33:18 ----D---- C:\Windows\system32\spool 2011-02-23 11:33:18 ----D---- C:\Windows\system32\Msdtc 2011-02-23 11:33:18 ----D---- C:\Windows\system32\drivers\UMDF 2011-02-23 11:33:18 ----D---- C:\Windows\system32\drivers\etc 2011-02-23 11:33:18 ----D---- C:\Windows\system32\CodeIntegrity 2011-02-23 11:33:18 ----D---- C:\Windows\system32\catroot2 2011-02-23 11:33:16 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Winamp 2011-02-23 11:33:15 ----D---- C:\Program Files\Common Files\Java 2011-02-23 11:33:15 ----D---- C:\Program Files\Common Files 2011-02-23 11:33:12 ----D---- C:\Windows\registration 2011-02-22 18:13:57 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Orbit 2011-02-22 15:12:31 ----D---- C:\Windows\winsxs 2011-02-22 11:31:01 ----D---- C:\Program Files\Java 2011-02-22 11:22:48 ----D---- C:\Program Files\Google 2011-02-22 11:07:30 ----D---- C:\Windows\Minidump 2011-02-19 08:21:44 ----SD---- C:\Windows\Downloaded Program Files 2011-02-18 09:30:27 ----D---- C:\ProgramData\GbPlugin 2011-02-18 09:30:27 ----D---- C:\Program Files\GbPlugin 2011-02-16 11:48:25 ----D---- C:\Windows\Microsoft.NET 2011-02-16 11:48:24 ----RSD---- C:\Windows\assembly 2011-02-16 09:09:01 ----D---- C:\Program Files\Microsoft Silverlight 2011-02-15 17:21:02 ----SD---- C:\ProgramData\Microsoft 2011-02-14 18:00:30 ----D---- C:\Windows\system32\catroot 2011-02-14 17:06:55 ----D---- C:\Windows\Logs 2011-02-10 11:20:01 ----SD---- C:\Users\Barreira de Goiatins\AppData\Roaming\Microsoft 2011-02-10 09:28:15 ----D---- C:\Program Files\Common Files\microsoft shared 2011-02-10 09:27:15 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-10 08:31:55 ----D---- C:\Boot 2011-02-09 23:03:51 ----D---- C:\Windows\rescache 2011-02-09 22:42:34 ----D---- C:\Program Files\Windows Mail 2011-02-09 22:42:32 ----D---- C:\Program Files\Internet Explorer 2011-02-09 22:42:31 ----D---- C:\Windows\system32\migration 2011-02-09 17:53:58 ----A---- C:\Windows\system32\mrt.exe 2011-02-09 10:23:04 ----SD---- C:\Windows\system32\Microsoft 2011-02-09 09:48:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-02-09 09:02:55 ----A---- C:\Windows\system.ini 2011-02-09 09:02:23 ----D---- C:\Windows\ERDNT 2011-02-09 08:53:03 ----D---- C:\Windows\AppPatch 2011-02-08 17:42:02 ----D---- C:\Program Files\Common Files\System 2011-02-08 17:41:11 ----D---- C:\Windows\pt-BR 2011-02-08 17:05:43 ----D---- C:\ProgramData\TuneUp Software 2011-02-08 16:46:04 ----D---- C:\Windows\system32\pt-BR 2011-02-08 16:40:37 ----D---- C:\Windows\system32\en-US 2011-02-08 16:40:35 ----D---- C:\Program Files\Microsoft.NET 2011-02-08 08:55:43 ----D---- C:\Program Files\Everything 2011-02-07 21:09:59 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\uTorrent 2011-02-07 20:50:08 ----RSD---- C:\Windows\Fonts 2011-02-07 20:36:37 ----D---- C:\Windows\PolicyDefinitions 2011-02-07 18:57:23 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\TuneUp Software 2011-02-04 10:49:43 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\Macromedia 2011-02-04 10:43:35 ----D---- C:\Program Files\Mozilla Firefox 2011-02-03 17:48:57 ----D---- C:\Program Files\MP3Gain 2011-02-01 17:48:22 ----D---- C:\ProgramData\Adobe 2011-02-01 17:48:22 ----D---- C:\Program Files\Common Files\Adobe 2011-01-25 17:25:18 ----D---- C:\Users\Barreira de Goiatins\AppData\Roaming\VSO ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GbpKm;Gbp KernelMode; C:\Windows\system32\drivers\gbpkm.sys [2011-02-08 47008] R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-09-29 340592] R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot.sys [2009-06-30 28552] R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2009-04-03 130936] R1 mfetdik;McAfee Inc. mfetdik; C:\Windows\system32\drivers\mfetdik.sys [2008-09-29 62704] R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264] R1 MpKsl1b4e4fe5;MpKsl1b4e4fe5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{546F93FB-DF22-4C1F-9D5A-50FBEA4FC430}\MpKsl1b4e4fe5.sys [] R1 MpKsle603fca0;MpKsle603fca0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CCC6EF9-0E9B-4CB0-ADFD-C9F77520DEEC}\MpKsle603fca0.sys [2011-02-24 28752] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640] R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2007-06-12 27648] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-11 1764960] R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2007-09-12 10144] R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2008-09-29 74648] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-09-29 90360] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-09-29 42424] R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392] R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328] S0 FirePM;McAfee HIP Component FirePM; C:\Windows\system32\Drivers\FirePM.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272] S3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112] S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys [] S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys [] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656] S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504] R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-17 374152] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-12-17 136584] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-12-08 390528] R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R2 McAfeeFramework;Serviço McAfee Framework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744] R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-09-29 143088] R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-09-29 62800] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2008-09-29 67904] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-22 182768] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Março 9, 2011 Boa Noite Dom Luiz! Desculpe a demora, foram removidos alguns toobars maliciosos do PC, deseja dar continuidade no caso? Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Março 26, 2011 Boa Noite Dom Luiz! Desculpe a demora, foram removidos alguns toobars maliciosos do PC, deseja dar continuidade no caso? ola MEU PC JA ESTA NORMA MUITO OBRIGADO Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 28, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
