yumematt 0 Denunciar post Postado Abril 1, 2011 Olá, hoje quando fui acessar minha conta no site do Itaú, notei que estava em uma página fake. Mesmo digitando o site corretamente, continuo na página fake... Se puderem me ajudar, eu agradeço muito! Abaixo o log do HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:23:15, on 01/04/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\WINDOWS\system32\Dwm.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\PROGRA~1\POWERT~1\LOGOME~1.EXE C:\WINDOWS\system32\conime.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Windows\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe -- End of file - 7522 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 2, 2011 Olá yumematt 1. *Baixe o AD-Remover e salve-o no desktop *Clique com o botão direito do mouse em AD-R e selecione "Executar como administrador", clique [Clean] > [sim] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt 2. *Baixe o Bankerfix e salve-o no desktop *Execute-o como administrador, clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER] *Ao finalizar, tecle [ENTER] *Cole o relatório C:\LinhaDefensiva\relatorio.txt 3. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
yumematt 0 Denunciar post Postado Abril 2, 2011 Wings, acho que o problema não era de nenhum malware não e sim problema na segurança do próprio site do banco. No final da tarde de ontem o site do banco já havia voltado ao normal... (Alguém deve ter invadido, talvez) Mas por via das dúvidas, aí vão os logs ======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 01/03/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 17:04:26 on 02/04/2011, Normal boot Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Windows@WINDOWS-PC (Hewlett-Packard HP Pavilion dv2500 Notebook PC) ============== ACTION(S) ============== File deleted: C:\WINDOWS\system32\ConduitEngine.tmp File deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\prefs.js.ask.bak File deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\searchplugins\ask.uk.xml Folder deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\conduit Folder deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\ConduitEngine Folder deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\extensions\engine@conduit.com File deleted: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\searchplugins\conduit.xml Folder deleted: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant Folder deleted: C:\Program Files\Ask Search Assistant Folder deleted: C:\Users\Windows\AppData\Local\Conduit Folder deleted: C:\Users\Windows\AppData\LocalLow\Conduit Folder deleted: C:\Program Files\Conduit Folder deleted: C:\Users\Windows\AppData\LocalLow\ConduitEngine Folder deleted: C:\Program Files\ConduitEngine Folder deleted: C:\Users\Windows\AppData\LocalLow\PriceGong (!) -- Temporary files deleted. -- File opened: C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default\Prefs.js -- Line deleted: user_pref("CT2567694.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM... Line deleted: user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20... Line deleted: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM... Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2567694,ConduitEngine"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2567694"); Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 01 2011 17:28:56 GMT-0300 (Hora ... Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Apr 01 2011 17:28:56 GMT-0300 (Hora ofic... Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "29ec6adb-941a-4852-b1d2-ca2e88c2d720"); Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed May 26 2010 12:42:51 GMT-0300 (Hor... Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2567694"); Line deleted: user_pref("ConduitEngine.CTID", "ConduitEngine"); Line deleted: user_pref("ConduitEngine.FirstServerDate", "01/06/2011 15"); Line deleted: user_pref("ConduitEngine.FirstTime", true); Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true); Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line deleted: user_pref("ConduitEngine.Initialize", true); Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line deleted: user_pref("ConduitEngine.InstalledDate", "Thu Jan 06 2011 10:35:40 GMT-0200"); Line deleted: user_pref("ConduitEngine.IsMulticommunity", false); Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 02 2011 12:16:33 GMT-0300 (Hora oficia... Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Apr 02 2011 16:58:17 GMT-0300 (Hora oficial do Bra... Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 02 2011 16:58:17 GMT-0300 (Hora oficial do... Line deleted: user_pref("ConduitEngine.UserID", "UN86381982200296769"); Line deleted: user_pref("ConduitEngine.componentAlertEnabled", true); Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR"); Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 02 2011 12:16:33 GMT-0300 (Hora ... Line deleted: user_pref("ConduitEngine.initDone", true); Line deleted: user_pref("ConduitEngine.usagesFlag", 1); Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&Sea... Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="); -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Classes\CLSID\{434AAC41-79DF-4783-8184-7FF74B96CC8A} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434AAC41-79DF-4783-8184-7FF74B96CC8A} Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT2567694 Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\conduitEngine Key deleted: HKCU\Software\AskSearchAsst Key deleted: HKCU\Software\AppDataLow\Toolbar Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine Key deleted: HKCU\Software\AppDataLow\Software\PriceGong Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FD2AFC4-4648-4DAF-8AA1-2DB5FFB45423} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.16 (pt-BR)] **** Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) -- C:\Users\Windows\AppData\Roaming\Mozilla\FireFox\Profiles\3gv1bp7u.default -- Extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} (Messenger Plus Live Brazil Community Toolbar) Prefs.js - browser.download.dir, C:\\Users\\Windows\\Documents\\Download Firefox Prefs.js - browser.download.lastDir, C:\\Users\\Windows\\Desktop Prefs.js - browser.search.defaultenginename, Live Search Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.plusnetwork.com Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16 ======================================== **** Internet Explorer Version [8.0.6001.19019] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll) HKLM_URLSearchHooks|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll) HKCU_Toolbar\WebBrowser|{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll) HKLM_Toolbar|{1DBAB667-A486-421e-AFE4-CF07DD0088E5} (C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll) HKLM_Toolbar|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll) HKLM_ElevationPolicy\65b8d5b4-8102-46a2-9a80-78c3f7e4e089 - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?) HKLM_ElevationPolicy\ef590da3-45ee-40f1-bc12-29ab94686cb5 - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?) HKLM_ElevationPolicy\fd51d65d-a18c-4e25-8d7c-9af4e94c15a9 - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?) HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{9F2344DB-1698-4D81-BE4E-B33DF44A7A64} - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?) HKLM_ElevationPolicy\{ADABAAD2-92BF-48F4-B71A-574CF5F11016} - C:\Users\Windows\AppData\Local\Conduit\CT2567694\Messenger_Plus_Live_BrazilAutoUpdaterHelper.exe (x) HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - "Google Dictionary Compression sdch" (C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll) BHO\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 161 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[1].txt - 02/04/2011 17:04:39 (13451 Byte(s)) End at: 17:06:24, 02/04/2011 ============== E.O.F ============== _______________________________________________________________ BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2011-04-02 - 17:12 ------------------------------------------------------- Lista de Definição: 2011-03-01-1 | CORE: 2010-12-28-6 ======================================================= ----- Fim ------------------------- _____________________________________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 6248 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 02/04/2011 19:21:02 mbam-log-2011-04-02 (19-21-02).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 353922 Tempo decorrido: 1 hora(s), 50 minuto(s), 8 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 2, 2011 OK... 1. *Execute o AD-Remover e clique [uninstall] > [Não] > [Close] 2. *Baixe o OTL e salve-o no desktop *Execute-o e selecione a opção: [X] Verificar All Users *Clique [Verificação Rápida] e cole os relatórios apresentados (OTL.txt e Extras.txt localizados no desktop) Caso os relatórios fiquem demasiadamente grandes... *Acesse este link *Clique [Enviar arquivo] *Localize o arquivo OTL.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado Compartilhar este post Link para o post Compartilhar em outros sites
yumematt 0 Denunciar post Postado Abril 7, 2011 Desculpa a demora =) Aí vão os logs! OTL logfile created on: 07/04/2011 13:22:16 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Windows\Desktop\malware Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy 958,00 Mb Total Physical Memory | 169,00 Mb Available Physical Memory | 18,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 138,99 Gb Total Space | 68,58 Gb Free Space | 49,34% Space Free | Partition Type: NTFS Drive D: | 10,06 Gb Total Space | 0,85 Gb Free Space | 8,45% Space Free | Partition Type: NTFS Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/07 13:21:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\malware\OTL.exe PRC - [2011/03/23 20:15:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2009/11/24 20:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 20:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 20:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 20:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/08/03 14:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe ========== Modules (SafeList) ========== MOD - [2011/04/07 13:21:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\malware\OTL.exe MOD - [2010/08/31 12:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2009/11/24 20:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 20:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 20:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 20:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/04/07 08:39:44 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/01/19 04:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/05/18 23:23:00 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007/05/18 23:22:58 | 000,266,339 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007/01/09 18:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2005/08/09 11:27:56 | 001,019,904 | ---- | M] (Language Engineering Corporation, LLC) [Disabled | Stopped] -- C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe -- (LEC TranslateDotNet Server) ========== Driver Services (SafeList) ========== DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2009/11/24 20:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 20:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 20:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009/11/24 20:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 20:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2008/12/22 15:11:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo) DRV - [2008/12/22 15:11:19 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/12/06 18:37:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/08/01 07:42:32 | 000,164,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/07/07 02:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/06/19 18:21:00 | 007,563,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/03/21 04:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/03/06 10:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/02/23 20:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 05:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/01/22 22:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/30 14:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 1C 1F AD 98 9B CA 01 [binary data] IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com" FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:3.2.5.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/30 12:33:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:15:43 | 000,000,000 | ---D | M] [2008/11/03 12:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Extensions [2011/04/06 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\3gv1bp7u.default\extensions [2010/04/27 22:52:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\3gv1bp7u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/06 09:35:26 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Community Toolbar) -- C:\Users\Windows\AppData\Roaming\mozilla\Firefox\Profiles\3gv1bp7u.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} [2009/02/20 11:08:14 | 000,001,632 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\3gv1bp7u.default\searchplugins\live-search.xml [2011/04/06 20:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/07 16:28:13 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml [2011/03/07 16:28:13 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml [2011/03/07 16:28:13 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml [2011/03/07 16:28:13 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2011/04/02 17:13:29 | 000,000,759 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (LEC) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Brazil Toolbar) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - C:\Program Files\Messenger_Plus_Live_Brazil\prxtbMes2.dll (Conduit Ltd.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\WINDOWS\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\WINDOWS\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab (Instalador Remoto UOL) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3833004201-26704471-1502707015-1000 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Windows\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Windows\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/10/19 21:26:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 12:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{37f99a90-2221-11dd-9edd-001a6bf17a62}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{37f99a90-2221-11dd-9edd-001a6bf17a62}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{37f99a90-2221-11dd-9edd-001a6bf17a62}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{73bbceb7-8c38-11dd-9016-001a6bf17a62}\Shell\AutoRun\command - "" = F:\b0j6j16.bat O33 - MountPoints2\{73bbceb7-8c38-11dd-9016-001a6bf17a62}\Shell\explore\Command - "" = F:\b0j6j16.bat O33 - MountPoints2\{73bbceb7-8c38-11dd-9016-001a6bf17a62}\Shell\open\Command - "" = F:\b0j6j16.bat O33 - MountPoints2\{a6ddd74f-7b3e-11dd-aed8-001a6bf17a62}\Shell\AutoRun\command - "" = cv8j.exe O33 - MountPoints2\{a6ddd74f-7b3e-11dd-aed8-001a6bf17a62}\Shell\open\Command - "" = cv8j.exe O33 - MountPoints2\{b5246893-0a68-11de-8d75-001a6bf17a62}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{c9a88f5a-a141-11dd-997b-001a6bf17a62}\Shell\AutoRun\command - "" = F:\NTruntr.exe O33 - MountPoints2\{c9a88f5a-a141-11dd-997b-001a6bf17a62}\Shell\explore\Command - "" = F:\NTruntr.exe O33 - MountPoints2\{c9a88f5a-a141-11dd-997b-001a6bf17a62}\Shell\open\Command - "" = F:\NTruntr.exe O33 - MountPoints2\{d7b034df-c3de-11dd-9f90-001a6bf17a62}\Shell - "" = AutoRun O33 - MountPoints2\{d7b034df-c3de-11dd-9f90-001a6bf17a62}\Shell\AutoRun\command - "" = F:\RunGame.exe O33 - MountPoints2\{eea691a7-ab80-11dd-8ab6-001a6bf17a62}\Shell\AutoRun\command - "" = F:\abk.bat O33 - MountPoints2\{eea691a7-ab80-11dd-8ab6-001a6bf17a62}\Shell\explore\Command - "" = F:\abk.bat O33 - MountPoints2\{eea691a7-ab80-11dd-8ab6-001a6bf17a62}\Shell\open\Command - "" = F:\abk.bat O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/02 17:14:50 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Malwarebytes [2011/04/02 17:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/04/02 17:14:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/04/02 17:14:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/04/02 17:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/02 17:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/04/02 17:12:11 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva [2011/04/02 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\Windows\Desktop\malware [2011/04/01 13:21:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Windows\Desktop\HiJackThis.exe [2011/04/01 12:49:05 | 000,178,597 | ---- | C] (Igor Pavlov) -- C:\Users\Windows\Desktop\51942_bankerfix_30.exe [2011/03/29 12:03:23 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\projeto [2011/03/17 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\Windows\Desktop\Boletos [2011/03/14 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\Windows\Documents\RECEITAS ========== Files - Modified Within 30 Days ========== [2011/04/07 12:47:57 | 000,590,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/07 12:47:57 | 000,102,106 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/07 12:47:57 | 000,023,320 | ---- | M] () -- C:\WINDOWS\System32\prfh0416.dat [2011/04/07 12:47:57 | 000,008,686 | ---- | M] () -- C:\WINDOWS\System32\prfc0416.dat [2011/04/07 12:41:43 | 000,005,152 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/07 12:41:43 | 000,005,152 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/07 12:41:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/07 12:41:26 | 1005,481,984 | -HS- | M] () -- C:\hiberfil.sys [2011/04/07 12:41:23 | 148,728,602 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2011/04/06 23:06:45 | 000,004,268 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2011/04/04 13:30:00 | 000,054,503 | ---- | M] () -- C:\Users\Windows\AppData\Roaming\nvModes.001 [2011/04/02 19:44:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/04/02 17:14:42 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/04/01 13:22:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Windows\Desktop\HiJackThis.exe [2011/04/01 12:49:24 | 000,178,597 | ---- | M] (Igor Pavlov) -- C:\Users\Windows\Desktop\51942_bankerfix_30.exe [2011/03/29 12:07:39 | 000,000,570 | ---- | M] () -- C:\Users\Windows\Desktop\Nutrilife 7.0.lnk [2011/03/29 11:36:57 | 001,529,768 | ---- | M] () -- C:\Users\Windows\Desktop\tv.exe ========== Files Created - No Company Name ========== [2011/04/07 12:41:23 | 148,728,602 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP [2011/04/02 17:14:42 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/29 12:07:39 | 000,000,570 | ---- | C] () -- C:\Users\Windows\Desktop\Nutrilife 7.0.lnk [2011/03/29 11:36:45 | 001,529,768 | ---- | C] () -- C:\Users\Windows\Desktop\tv.exe [2010/12/06 10:58:56 | 002,496,715 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe [2010/05/03 11:08:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/04/11 13:22:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll [2010/01/12 18:14:30 | 000,000,931 | ---- | C] () -- C:\WINDOWS\curricul.ini [2010/01/12 18:14:26 | 000,003,946 | ---- | C] () -- C:\WINDOWS\Cpcsrpts.ini [2009/12/17 11:09:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/12/17 11:09:03 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/10/05 10:52:24 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\EhStorAuthn.dll [2009/10/05 10:52:24 | 000,107,612 | ---- | C] () -- C:\WINDOWS\System32\StructuredQuerySchema.bin [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/05/23 20:45:58 | 000,000,669 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/04/26 12:25:08 | 000,157,736 | ---- | C] () -- C:\WINDOWS\hpoins19.dat [2009/04/26 12:24:47 | 000,026,952 | ---- | C] () -- C:\WINDOWS\hpomdl19.dat [2008/12/22 14:56:55 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/11/02 14:44:29 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/09/27 13:55:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\winsot2.dat [2008/08/23 13:44:57 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\StructuredQuerySchemaTrivial.bin [2008/07/18 20:06:40 | 000,023,320 | ---- | C] () -- C:\WINDOWS\System32\prfh0416.dat [2008/07/18 20:06:40 | 000,008,686 | ---- | C] () -- C:\WINDOWS\System32\prfc0416.dat [2008/06/27 12:00:06 | 000,007,944 | ---- | C] () -- C:\Users\Windows\AppData\Local\d3d9caps.dat [2008/04/20 20:45:34 | 000,020,992 | ---- | C] () -- C:\Users\Windows\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/30 12:25:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/03/29 17:05:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008/03/28 15:11:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008/03/28 15:11:21 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/03/28 15:11:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/03/28 15:11:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/03/28 15:11:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008/03/28 14:27:09 | 000,054,503 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\nvModes.dat [2008/03/28 14:27:09 | 000,054,503 | ---- | C] () -- C:\Users\Windows\AppData\Roaming\nvModes.001 [2008/03/24 08:47:10 | 000,000,418 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/03/22 15:36:40 | 000,004,268 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007/10/19 21:14:10 | 000,103,437 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2007/10/19 20:01:42 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2007/02/27 17:43:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/12/20 12:00:12 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\btwhidcs.dll [2006/12/14 03:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/12/14 03:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/11/02 09:57:28 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/11/02 09:47:37 | 000,439,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\sysprepMCE.dll [2006/11/02 07:33:01 | 000,590,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/11/02 07:33:01 | 000,287,440 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/11/02 07:33:01 | 000,102,106 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/11/02 07:33:01 | 000,030,674 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/11/02 07:25:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\igfxTMM.dll [2006/11/02 07:23:21 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/11/02 05:58:30 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2006/11/02 05:19:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\WINDOWS\System32\pacerprf.ini [2006/11/02 04:25:31 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2003/04/15 05:59:04 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2010/08/01 13:44:36 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\abgx360 [2008/12/06 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\DAEMON Tools [2009/06/14 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Image Zone Express [2010/08/01 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\ImgBurn [2009/12/17 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PC Suite [2009/04/28 14:36:59 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Printer Info Cache [2009/12/17 11:08:49 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\Samsung [2009/04/03 16:49:09 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\TeamViewer [2008/03/28 13:54:32 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\WildTangent [2011/04/06 23:06:41 | 000,032,550 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > _______________________________________________________________________________ OTL Extras logfile created on: 07/04/2011 13:22:16 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Windows\Desktop\malware Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy 958,00 Mb Total Physical Memory | 169,00 Mb Available Physical Memory | 18,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 138,99 Gb Total Space | 68,58 Gb Free Space | 49,34% Space Free | Partition Type: NTFS Drive D: | 10,06 Gb Total Space | 0,85 Gb Free Space | 8,45% Space Free | Partition Type: NTFS Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3833004201-26704471-1502707015-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3833004201-26704471-1502707015-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2CAC7D04-06DA-4131-8EAC-8DCCA9CA104D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{851A2BBC-EB25-4D3E-8F08-12F25DFF21F6}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2543215E-ED9C-45B7-A28D-EB8788B28FB5}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{31315214-F12B-443B-80BF-EA8B3BFE249C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{33E96E23-84DB-405F-BC39-F5CFDE6A6705}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{40D57FDD-8AE1-4B2C-AC21-13C73777DF84}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{41E3C60F-FED4-4413-B092-9ABE0B0F3986}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{42E4C0A9-90E6-43C5-8347-6AEBC244E541}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{43047F31-B4EE-4E7E-991A-DB0F3D170C07}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{481CF4D3-D40D-4BD5-B3BD-BCE4A6655160}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4CE53DE0-A5C2-418C-827C-91FD43BEC03F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{57ED5BD3-3297-4A23-A55F-C519476201C9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{68A5B3DC-2A03-4E9F-9A46-B8BE13476748}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{69A6138C-A913-420C-86B4-3E86C13B3FE4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{6F8BB5DE-3FBE-4D9F-B613-B0E9D8D05BE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{977BF3FA-92DE-49FD-BFF3-4C10251030B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9212014-3C4D-4348-94DB-07F9199327B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{AA2756F0-116F-4B32-A129-7A2B2D859098}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{ADA88805-76C3-4D8F-B3AB-7F53B24730F1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{BF5D2078-B35B-4C2F-87F7-6DA260D185ED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{CA72E511-C756-4031-9ED6-6EDC33039256}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D3A0C991-19D4-4772-9008-6F2A895D6281}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{DD821029-128B-4A09-9DA1-F85AD881E289}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "{F12A76B5-AC17-4A9D-A1C1-18E9D981A8A7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "TCP Query User{A5806C50-6BF9-432E-A283-B97C0D6E63B7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F45B738B-8DD0-4033-9314-5D3AA926FC5E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310 "{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0 "{0C123C63-84FD-4D13-96E7-EEB5C11893F2}" = LEC Translate "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060 "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.3 "{48903BD9-1C48-47BF-85CB-ED7514823992}" = HP Active Support Library "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{50681864-CDFD-4F11-9169-FD81A368E758}" = ESU for Microsoft Vista "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{53933198-468C-437C-B8D8-1150B3102196}" = HP QuickTouch 1.00 C1 "{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{755C609D-5792-4136-A0D8-0513E04D4EBE}" = HP Help and Support "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5 "{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003 "{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground "{AAB93551-3FFE-42B2-8315-96252BBC1046}" = Nero 7 Essentials "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6 "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E749E605-4996-4473-99F2-163B76B79D97}_is1" = Tradução Windows Live Messenger 9.0 v2.0 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pacote de Driver do Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "abgx360" = abgx360 v1.0.5 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Atualizador Nutrilife 5G" = Atualizador Nutrilife 5G "Atualizador Nutrilife 5T" = Atualizador Nutrilife 5T "Atualizador Nutrilife 6.1" = Atualizador Nutrilife 6.1 "avast!" = avast! Antivirus "CCleaner" = CCleaner "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Curriculum 3.0_is1" = Curriculum 3.0 "Curriculum Vitae_is1" = Curriculum Vitae-DQL "Doro_is1" = Doro 1.42 "ESET Online Scanner" = ESET Online Scanner v3 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Photosmart Essential" = HP Photosmart Essential 2.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ImgBurn" = ImgBurn "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.3.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live_Brazil Toolbar" = Messenger_Plus_Live_Brazil Toolbar "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Nutrilife 4.8" = Nutrilife 4.8 "Nutrilife 5.0" = Nutrilife 5.0 "NVIDIA Drivers" = NVIDIA Drivers "RealPlayer 6.0" = RealPlayer "Receitanet Java 2010.02a" = Receitanet Java 2010.02a "Rhapsody" = Rhapsody "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.3.0 "Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5 "Total Video Converter 3.10_is1" = Total Video Converter 3.10 "Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930 "uol_Acel_client" = Assistente do Acelerador UOL "WildTangent hplaptop Master Uninstall" = My HP Games "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 16/10/2008 23:38:04 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\System32\srclient.dll failed, 0000A413. Error - 16/10/2008 23:38:04 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wrpint.dll failed, 0000A413. Error - 16/10/2008 23:38:09 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\Prefetch\PfSvPerfStats.bin failed, 0000A413. Error - 02/11/2008 10:28:55 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = Internal error has occurred in module aswar scan function failed!, function 00000002. Error - 02/11/2008 13:10:43 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestOpenList Error 1753. Error - 02/11/2008 13:10:43 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Error - 02/11/2008 13:10:56 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Error - 28/11/2008 17:40:57 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://rs78gc.rapidshare.com/files/37591553/2724113/Total.Video.Converter.3.10_clubedoparente.blogspot.com.rar failed, 00000084. Error - 17/01/2009 10:48:11 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://w18.easy-share.com/index.php/file_contents/file/id/1702800847/skey/xrvyaus2r2qjmdbn/cont_id/36 failed, 00000084. Error - 26/03/2011 21:39:06 | Computer Name = Windows-PC | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\WINDOWS\System32\LMIinit.dll failed, 00000005. [ Application Events ] Error - 20/01/2010 07:31:29 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 20/01/2010 21:02:21 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 21/01/2010 20:50:33 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 22/01/2010 20:25:46 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 23/01/2010 06:36:56 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 23/01/2010 15:21:02 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 24/01/2010 08:45:39 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 24/01/2010 16:27:48 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 27/01/2010 08:54:23 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = Error - 27/01/2010 16:56:00 | Computer Name = Windows-PC | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 03/04/2011 09:29:37 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = Error - 04/04/2011 08:09:24 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = Error - 04/04/2011 20:12:52 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05/04/2011 08:09:45 | Computer Name = Windows-PC | Source = Dhcp | ID = 1002 Description = A concessão 10.1.1.2 do endereço IP para a Placa de Rede com endereço de rede 0016D3F2CAC3 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou uma mensagem DHCPNACK). Error - 05/04/2011 08:11:15 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = Error - 06/04/2011 08:27:38 | Computer Name = Windows-PC | Source = Dhcp | ID = 1002 Description = A concessão 10.1.1.3 do endereço IP para a Placa de Rede com endereço de rede 0016D3F2CAC3 foi negada pelo servidor DHCP 10.1.1.1 (O servidor DHCP enviou uma mensagem DHCPNACK). Error - 06/04/2011 08:29:08 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/04/2011 08:05:41 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/04/2011 11:41:32 | Computer Name = Windows-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 12:39:56 em 07/04/2011 não era esperado. Error - 07/04/2011 11:43:44 | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 19, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
