Ir ao conteúdo
  • Cadastre-se

Bruno Peixoto

Membros Plenos
  • Total de itens

    26
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre Bruno Peixoto

  • Data de Nascimento 01-09-1986 (32 anos)

Informações gerais

  • Cidade e Estado
    Vitória da Conquista, BA
  1. RogueKiller Anti-Malware V13.2.0.0 (x64) [May 14 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.17763) 64 bits Started in : Normal mode User : Peixoto [Administrator] Started from : C:\Users\Peixoto\Desktop\RogueKiller_portable64.exe Signatures : 20190520_063039, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/05/20 11:33:23 (Duration : 00:16:32) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.HackTool (Potentially Malicious)] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Found [Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-6S8CI.tmp\corefixer.exe [/norerun] -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [Tr.Midie (Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\localNETService -- N/A -> Found [PUP.MailRU|PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -- N/A -> Found [PUP.MailRU|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-927112523-3275555602-1047554024-1001\Software\Mail.Ru -- N/A -> Found [PUP.MailRU|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-927112523-3275555602-1047554024-1001\Software\AppDataLow\Software\Mail.Ru -- N/A -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\Users\Peixoto\AppData\Local\Mail.Ru -> Found [PUP.MailRU (Potentially Malicious)] (folder) Mail.Ru -- C:\ProgramData\Mail.Ru -> Found [Adw.Dcupon (Malicious)] (folder) Viva -- C:\Program Files (x86)\Viva -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  2. Sim, tenho uma pasta do dropbox no Notebook, e tinha sincronia, desabilitei e seguir os passos. Gratidão mesmo pela enorme ajuda. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 14/05/2019 Hora da análise: 23:37 Arquivo de registro: 61281c84-76ba-11e9-a4fe-3417eb8b8e57.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10604 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 17763.107) CPU: x64 Sistema de arquivos: NTFS Usuário: DESKTOP-GKMVO9I\Peixoto -Resumo da análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 661428 Ameaças detectadas: 46 Ameaças em quarentena: 44 Tempo decorrido: 8 hr, 56 min, 13 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 1 PUP.Optional.ScreenAddict, HKU\S-1-5-21-927112523-3275555602-1047554024-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|melaijkcfipmcfgmhadcfcjodfjaeaho, Quarentena, [2402], [443166],1.0.10604 Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 11 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\settings\partner, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\settings\common, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\content_script, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\_metadata, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\settings, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\common, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\newtab, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\revert, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\logo, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\USERS\PEIXOTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MELAIJKCFIPMCFGMHADCFCJODFJAEAHO, Quarentena, [2402], [443166],1.0.10604 Arquivo: 34 Spyware.PasswordStealer, C:\PROGRAM FILES (X86)\SEED TRADE\SEED\SEED.EXE, Quarentena, [491], [680184],1.0.10604 Spyware.PasswordStealer, C:\PROGRAMDATA\FB\FACEBOOKROBOT.DLL, Quarentena, [491], [682676],1.0.10604 PUP.Optional.ScreenAddict, C:\USERS\PEIXOTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\USERS\PEIXOTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\USERS\PEIXOTO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MELAIJKCFIPMCFGMHADCFCJODFJAEAHO\29.7_0\MANIFEST.JSON, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\common\browseraction.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\common\config.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\common\feed.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\common\utils.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\common\winner.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\content_script\overlayer.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\logo\logo_128x.png, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\logo\logo_16x.png, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\logo\logo_19x.png, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\logo\logo_48x.png, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\newtab\newtab.html, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\revert\index.css, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\revert\index.html, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\revert\index.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\settings\common\redirect.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\settings\partner\Reporting.js, Quarentena, [2402], [443166],1.0.10604 PUP.Optional.ScreenAddict, C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho\29.7_0\_metadata\verified_contents.json, Quarentena, [2402], [443166],1.0.10604 Trojan.MalPack, C:\USERS\PEIXOTO\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\6752\ATTACHMENTS\ORIGINAL PAYMENT INVOICE[8288].ZIP, Falha ao remover, [548], [13931],1.0.10604 RiskWare.Tool.CK, C:\USERS\PEIXOTO\APPDATA\LOCAL\PACKAGES\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_8WEKYB3D8BBWE\LOCALSTATE\FILES\S0\6753\ATTACHMENTS\VALIDANDO O XP[11697].RAR, Falha ao remover, [5738], [137335],1.0.10604 HackTool.Agent.KMS, C:\USERS\PEIXOTO\DOCUMENTS\INSTALAçõES\OFFICE 2019.RAR, Quarentena, [8127], [608104],1.0.10604 Adware.Csdimonetize, C:\WINDOWS.OLD\PROGRAM FILES\WINDOWS NT\DIN7ENBVNDEI1WEY839IW72X\UPDATEINSTALL.EXE, Quarentena, [2917], [672010],1.0.10604 Spyware.Socelars, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\5877TNLG\APP64[1].BIN, Quarentena, [677], [669007],1.0.10604 Adware.Agent, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\XGKTXEOF\APP2[1].BIN, Quarentena, [98], [669554],1.0.10604 Trojan.MalPack.GS, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\LOCAL\TEMP\1BBMXNOR5Q4\INSTALL.EXE, Quarentena, [7901], [681277],1.0.10604 Trojan.MalPack.GS, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\LOCAL\TEMP\3RNH4CP0DNR\INSTALL.EXE, Quarentena, [7901], [681277],1.0.10604 Trojan.MalPack.GS, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\LOCAL\TEMP\R1HDAEIXFZN\INSTALL.EXE, Quarentena, [7901], [681277],1.0.10604 Trojan.MalPack.GS, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\LOCAL\TEMP\RGALZD30.XC2\NEW.EXE, Quarentena, [7901], [681277],1.0.10604 Trojan.MalPack.GS, C:\WINDOWS.OLD\USERS\PEIXOTO\APPDATA\ROAMING\MICROSOFT\WINDOWS\SFTEAFDF\VVSHCGTD.EXE, Quarentena, [7901], [681277],1.0.10604 Adware.Zdengo, C:\WINDOWS.OLD\WINDOWS\TEMP\NSH706A.TMP\SFWOCRMWLHM.DLL, Quarentena, [516], [680896],1.0.10604 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-29.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 05-16-2019 # Duration: 00:00:01 # OS: Windows 10 Pro # Cleaned: 3 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Windows\Syswow64\SSL ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lightcleaner Deleted HKLM\Software\Classes\tsckmna ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1362 octets] - [16/05/2019 00:57:54] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2019.5.15.65 by Nicolas Coolman (2019/05/15) ~ Run by Peixoto (Administrator) (16/05/2019 01:15:00) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Peixoto\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Peixoto\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17763) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;] =>Hijacker.Proxy ---\\ Hosts file (1) ~ The hosts file is legitimate (17) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (39) MOVED file: C:\Windows\Installer\wix{B2E25355-C24E-4E7D-8AD3-455D59810838}.SchedServiceConfig.rmi =>.SUP.Empty MOVED file^: C:\Users\Peixoto\AppData\Local\Temp\aria-debug-9224.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Peixoto\AppData\Local\Temp\tmp_grafx.jpg =>.SUP.Temporary.Picture MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct217.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct2EE7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct350E.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct4781.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct5D6B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct69EE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct6BEF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct76EF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct7A2B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wct8713.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wctF090.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\wctF8AF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Peixoto\AppData\Local\Temp\xpifiles.txt =>.SUP.Temporary.Empty MOVED file: C:\Users\Peixoto\AppData\Local\Temp\{16C33A08-275F-4595-8F8E-1A22F24BE7AD}.png =>.SUP.Temporary.Picture MOVED file: C:\Users\Peixoto\AppData\Local\Temp\{AEB65419-BFC4-4010-BD1D-4B5C83E0EE6E} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Peixoto\AppData\Local\Temp\~DFB8929453CB64E2F5.TMP =>.SUP.Temporary.Other MOVED file: C:\Users\Peixoto\AppData\Local\ApplicationHosting.dat =>PUP.Optional.ApplicationHosting MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] =>HackTool.AutoKMS MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED file*: C:\Users\Peixoto\AppData\Local\App =>Adware.CrossRider MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\melaijkcfipmcfgmhadcfcjodfjaeaho =>Adware.ScreenAddict MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\006 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\007 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\009 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\010 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\011 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Peixoto\AppData\Local\Google\Chrome\User Data\Default\File System\012 =>.SUP.Temporary.Chrome ---\\ Registry ( Key, Value, Data) (1) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent [BitTorrent Inc.] =>BitTorrent (P2P) ---\\ Summary of the elements found (13) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Picture https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.ApplicationHosting https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider https://nicolascoolman.eu/2017/01/26/adware-screenaddict/ =>Adware.ScreenAddict https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) ---\\ Other deletions. (8) ~ Registry Keys Tracing deleted (8) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 481 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 31871801 ~ End of clean in 00h00mn28s ---\\ Reports (2) ZHPCleaner--16052019-01_14_15.txt ZHPCleaner-[R]-16052019-01_15_28.txt a pasta dropbox tirei a sincronização, os arquivos estão .dutan, renomeei alguns mas nao consigo acessar.. fé em vcsque conseguirei. Deus no comando.
  3. Saudações de Luz! Gratidão pela trabalho de vcs e empenho, que Deus pague a caridade. Peguei um vyrus no Note e tive q formatar, porém alguns arquivos do drobox ficou infectado e preciso muito deles, ao tentar reparar acabei pegando mais vyrus.. poderiam me ajudar por favor? Gratidão! ZA-Scan.txt
  4. Aparentemente removido com sucesso. já consigo entrar no site do itau normalmente (pelo menos na pagina e aparece meu nome para acessar, mas nao entrei ainda. segue log. e desde já agradeço a atençao e paciencia.. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4083 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09/05/2010 12:52:54 mbam-log-2010-05-09 (12-52-54).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 128596 Tempo decorrido: 3 minuto(s), 15 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 1 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\autoconfigurl (Trojan.Banker) -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Users\Peixoto\Favorites\home.juicyaccess.com.url (Adware.DoubleD) -> Quarantined and deleted successfully.
  5. DDS (Ver_10-03-17.01) - NTFSX64 Run by Peixoto at 0:10:04,32 on 06/05/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.2819 [GMT -3:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Scpad\scpVista.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\splwow64.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Peixoto\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll mWinlogon: Userinit=c:\windows\syswow64\userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files (x86)\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files (x86)\scpad\scpsssh2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll TB: Exibir Barra de ferramentas do Norton: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files (x86)\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\ahead\lib\NMBgMonitor.exe" uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [Google Update] "c:\users\peixoto\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe" mRun: [symantec PIF AlertEng] "c:\program files (x86)\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files (x86)\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" dRunOnce: [<NO NAME>] mExplorerRun: [<NO NAME>] 1 (0x1) StartupFolder: c:\users\peixoto\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL Trusted Zone: www.bancobrasil.com.br\www Trusted Zone: www.bancodobrasil.com.br\www Trusted Zone: www.bb.com.br\www DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.07/uploader2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {58B3939F-41CF-4C06-A1C1-4986EF46B89A} = 200.165.132.154,200.165.132.147 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files (x86)\scpad\scpLIB.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {DBC80044-A445-435b-BC74-9C25C1C588A9} {2318C2B1-4965-11d4-9B18-009027A5CD4F} TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE ================= FIREFOX =================== FF - ProfilePath - c:\users\peixoto\appdata\roaming\mozilla\firefox\profiles\tsrxhzpg.default\ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\peixoto\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\idsdefs\20100429.001\IDSvia64.sys [2010-5-3 396336] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\firebird\firebird_2_1\bin\fbguard.exe [2009-12-1 81920] R2 scpVista;scpVista;c:\program files (x86)\scpad\scpVista.exe [2010-3-24 136496] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 6228480] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 160256] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-20 132656] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe [2009-12-1 2732032] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392] R3 Symantec Core LC;Symantec Core LC;c:\program files (x86)\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-4-20 1251720] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 43832] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-7 135664] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736] =============== Created Last 30 ================ 2010-05-05 21:39:41 0 d-----w- c:\windows\pss 2010-05-04 21:35:53 0 ----a-w- c:\windows\WinInit.ini 2010-05-01 19:52:18 0 d-----w- c:\programdata\FarmFrenzy3_America 2010-04-28 14:05:57 12867072 ----a-w- c:\windows\syswow64\shell32.dll 2010-04-28 14:05:56 96768 ----a-w- c:\windows\syswow64\sspicli.dll 2010-04-28 14:05:56 22016 ----a-w- c:\windows\syswow64\secur32.dll 2010-04-28 14:05:56 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 14:05:56 1446912 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-28 01:09:23 0 d--h--w- c:\windows\PIF 2010-04-27 12:17:42 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-04-27 12:17:42 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-04-27 12:17:42 145184 ----a-w- c:\windows\syswow64\java.exe 2010-04-26 12:21:48 0 d-----w- C:\LinhaDefensiva 2010-04-26 12:19:09 0 d-----w- C:\BankerFix 2010-04-25 19:08:12 0 d-----w- c:\users\peixoto\appdata\roaming\1morebee 2010-04-21 13:45:59 186256 ----a-w- c:\windows\syswow64\SymNPPWA.dll 2010-04-21 01:57:43 0 d-----w- c:\users\peixoto\appdata\roaming\Symantec 2010-04-20 21:38:56 503808 ----a-w- c:\windows\syswow64\MSVCP71.DLL 2010-04-20 21:38:56 348160 ----a-w- c:\windows\syswow64\MSVCR71.DLL 2010-04-20 21:38:56 1060864 ----a-w- c:\windows\syswow64\MFC71.DLL 2010-04-20 21:35:59 19304 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-20 21:35:59 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2010-04-20 21:35:59 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll 2010-04-20 21:35:59 0 d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2010-04-20 20:49:19 0 d-----w- c:\program files (x86)\Norton 360 2010-04-20 20:48:53 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF 2010-04-20 20:48:53 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2010-04-20 20:48:53 10655 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT 2010-04-20 20:48:53 0 d-----w- c:\program files\Symantec 2010-04-20 20:48:53 0 d-----w- c:\program files\common files\Symantec Shared 2010-04-20 20:47:25 0 d-----w- c:\program files (x86)\Symantec 2010-04-20 20:24:45 511328 ----a-w- c:\windows\syswow64\capicom.dll 2010-04-20 20:24:41 0 d-----w- c:\programdata\Symantec 2010-04-20 20:23:57 0 d-----w- c:\program files (x86)\common files\Symantec Shared 2010-04-19 20:45:13 88 --sh--r- c:\programdata\B87E936A13.sys 2010-04-19 20:45:13 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-04-19 20:37:31 0 d-----w- c:\programdata\Corel 2010-04-19 20:37:31 0 d-----w- c:\program files (x86)\common files\Protexis 2010-04-19 20:36:23 0 d-----w- c:\program files (x86)\common files\Corel 2010-04-19 20:36:07 0 d-----w- c:\program files (x86)\Corel 2010-04-18 21:07:16 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-04-18 15:50:08 0 d-----w- c:\program files (x86)\FreeTime 2010-04-18 14:19:18 0 d-----w- c:\programdata\AVS4YOU 2010-04-18 14:19:02 0 d-----w- c:\program files (x86)\common files\AVSMedia 2010-04-18 14:18:52 156910 ----a-w- c:\windows\WMSysPr8.prx 2010-04-18 14:18:51 974848 ----a-w- c:\windows\syswow64\mfc70.dll 2010-04-18 14:18:51 24576 ----a-w- c:\windows\syswow64\msxml3a.dll 2010-04-18 14:18:51 0 d-----w- c:\program files (x86)\AVS4YOU 2010-04-18 13:51:15 987136 ----a-w- c:\windows\syswow64\NCTVideoCoreM.dll 2010-04-18 13:51:15 290816 ----a-w- c:\windows\syswow64\NCTAVIFile.dll 2010-04-18 13:51:15 196608 ----a-w- c:\windows\syswow64\NCTWMVFile.dll 2010-04-18 13:51:15 139264 ----a-w- c:\windows\syswow64\NCTVideoFile.dll 2010-04-18 13:51:14 90112 ----a-w- c:\windows\syswow64\NCTAudioFormatSettings3.dll 2010-04-18 13:51:14 487424 ----a-w- c:\windows\syswow64\msvcp70.dll 2010-04-18 13:51:14 348160 ----a-w- c:\windows\syswow64\NCTWMAFile2.dll 2010-04-18 13:51:14 2469888 ----a-w- c:\windows\syswow64\NCTAudioCompress3.dll 2010-04-18 13:51:14 2183168 ----a-w- c:\windows\syswow64\NCTVideoCompress.dll 2010-04-18 13:51:14 1810432 ----a-w- c:\windows\syswow64\NCTAudioCompress2.dll 2010-04-18 13:22:59 0 d-----w- c:\programdata\DivX 2010-04-14 22:56:45 612352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 22:56:44 427520 ----a-w- c:\windows\syswow64\vbscript.dll 2010-04-14 22:56:18 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 22:56:18 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 22:56:18 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 22:56:17 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 22:56:16 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-04-14 22:56:16 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-04-14 12:33:26 220672 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 12:33:26 172032 ----a-w- c:\windows\syswow64\wintrust.dll 2010-04-14 12:33:25 139264 ----a-w- c:\windows\system32\cabview.dll 2010-04-14 12:33:25 132608 ----a-w- c:\windows\syswow64\cabview.dll 2010-04-10 23:51:14 0 d-----w- c:\programdata\incredible express 2010-04-10 19:52:04 0 d-----w- c:\users\peixoto\appdata\roaming\Farm Mania 2 2010-04-09 20:31:53 0 d-----w- c:\programdata\Sun 2010-04-09 12:04:28 0 d-----w- c:\program files (x86)\K-Lite Codec Pack 2010-04-09 12:03:11 455680 ----a-w- c:\windows\system32\deploytk.dll 2010-04-09 12:03:00 0 d-----w- c:\program files\Java 2010-04-09 11:42:22 0 d-----w- c:\windows\syswow64\Adobe 2010-04-08 13:27:40 0 d-----w- c:\programdata\WEBREG 2010-04-08 13:02:39 0 d-----w- c:\programdata\HPSSUPPLY 2010-04-08 12:57:03 0 d-----w- c:\program files (x86)\common files\Hewlett-Packard 2010-04-08 12:56:36 0 d-----w- c:\program files (x86)\common files\HP 2010-04-08 12:52:36 0 d-----w- c:\program files (x86)\HP 2010-04-08 12:49:11 157801 ----a-w- c:\windows\hpoins19.dat 2010-04-08 12:48:36 338432 ----a-w- c:\windows\system32\hpzids40.dll 2010-04-08 12:48:34 26952 ----a-w- c:\windows\hpomdl19.dat 2010-04-08 12:47:21 0 d-----w- c:\programdata\HP ==================== Find3M ==================== 2010-05-04 01:38:02 654272 ----a-w- c:\windows\system32\prfh0416.dat 2010-05-04 01:38:02 124724 ----a-w- c:\windows\system32\prfc0416.dat 2010-03-14 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll 2010-03-14 18:00:00 6656 ----a-w- c:\windows\syswow64\pndx5016.dll 2010-03-14 18:00:00 5632 ----a-w- c:\windows\syswow64\pndx5032.dll 2010-03-14 18:00:00 278528 ----a-w- c:\windows\syswow64\pncrt.dll 2010-03-14 18:00:00 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll 2010-02-24 13:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-02-10 19:18:42 2131336 ----a-w- c:\program files (x86)\common files\AskToolbarInstaller.exe 2010-02-10 17:13:48 165376 ----a-w- c:\windows\syswow64\unrar.dll 2009-08-06 04:29:53 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat 2009-08-06 04:29:53 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat 2009-08-06 04:29:53 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat 2009-08-06 04:29:53 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 0:10:39,93 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 28/11/2009 10:43:34 System Uptime: 05/05/2010 19:43:20 (5 hours ago) Motherboard: Foxconn | | P35A01 Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | SOCKET775 M/B | 3005/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 68 GiB total, 9,037 GiB free. D: is FIXED (NTFS) - 81 GiB total, 13,332 GiB free. E: is FIXED (NTFS) - 70 GiB total, 15,264 GiB free. F: is FIXED (NTFS) - 100 GiB total, 7,859 GiB free. G: is CDROM () H: is CDROM () I: is CDROM () J: is Removable Z: is FIXED (NTFS) - 127 GiB total, 31,244 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: PS/2 Keyboard Device ID: ACPI\PNP0303\4&38AD8530&0 Manufacturer: Logitech Name: PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&38AD8530&0 Service: i8042prt ==== System Restore Points =================== RP141: 03/05/2010 18:17:10 - Ponto de Verificação Agendado ==== Installed Programs ====================== 10 Days Under The Sea Deluxe 4200 4200_Help 4200Trb Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.3.2 - Português Adobe Setup Adobe Shockwave Player 11.5 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ADPHONE3 ADPHONE3Upgrade Advertising Center AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan AP Tuner 3.08 AppCore Arquivo do WinRAR ASIO4ALL Ask Toolbar Assistente de Conexão do Windows Live µTorrent Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) Autumn's Treasures - The Jade Coin Deluxe AV AVS Media Player 3.1 Becky Brogan - The Mystery of Meane Manor Deluxe BufferChm Build-a-lot Deluxe Build It! Miami Beach Resort Deluxe ccCommon CCleaner CDDRV_Installer Coconut Queen Deluxe Copy CorelDRAW Graphics Suite X4 CorelDRAW Graphics Suite X4 - Capture CorelDRAW Graphics Suite X4 - Content CorelDRAW Graphics Suite X4 - Draw CorelDRAW Graphics Suite X4 - Filters CorelDRAW Graphics Suite X4 - FontNav CorelDRAW Graphics SUite X4 - ICA CorelDRAW Graphics Suite X4 - IPM CorelDRAW Graphics Suite X4 - Lang EN CorelDRAW Graphics Suite X4 - PP CorelDRAW Graphics Suite X4 - VBA CorelDRAW® Graphics Suite X4 CorelDRAW® Graphics Suite X4 - Windows Shell Extension CustomerResearchQFolder Cute Cute Destinations DeviceManagementQFolder DocProc DocProcQFolder DolbyFiles E.M. Total Video Player 1.31 eSupportQFolder Farm Frenzy 3 - American Pie Deluxe Farm Mania 2 Deluxe Fashion Dash Deluxe Fax Ferramenta de Carregamento do Windows Live Fiona Finch and the Finest Flowers Deluxe Firebird 2.1.2.18118 (Win32) FormatFactory 2.30 Fotosizer 1.27 Free Audio CD Burner version 1.2 Free Music Zilla Free YouTube to MP3 Converter version 3.2 GameDesire-Pool & Snooker GearDrvs Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Gotcha - Celebrity Secrets Deluxe Hostile Makeover - A Fashion Murder Deluxe Hotel Dash - Suite Success Deluxe HP Photosmart Essential HP Update HPProductAssistant HPSSupply ImagXpress Incredible Express Deluxe Java Auto Updater Java 6 Update 20 Junk Mail filter update K-Lite Mega Codec Pack 5.8.3 Kelly Green - Garden Queen Deluxe Little Shop - World Traveler Deluxe LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Logitech Desktop Messenger Logitech SetPoint Lost City of Z Deluxe MarketResearch McAfee Security Scan Menu Templates - Starter Kit Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mortimer Beckett and the Lost King Deluxe Movie Templates - Starter Kit Mozilla Firefox (3.6.3) MSI to redistribute MS VS2005 CRT libraries MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Natalie Brooks - Mystery at Hillcrest High Deluxe Need for Speed™ SHIFT Nero 7 Essentials Nero 9 Trial Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero Disc Copy Gadget Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero PhotoSnap Nero Recode Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress neroxml Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component NVIDIA PhysX ObjectDock Paradise Beach Deluxe PDF Settings Pro Evolution Soccer 2010 Scan Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) SolutionCenter Sony Noise Reduction Plug-In 2.0e Sony Sound Forge 9.0 SoundTrax Status Subtitle Workshop 2.51 SuppSoft Symantec Technical Support Controls The Treasures of Montezuma 2 Deluxe The Tudors Deluxe Toolbox Total Video2Dvd 3.11 TrayApp Uninstall 1.0.0.1 UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981433) VDownloader 2.6 Virtual DJ - Atomix Productions Virtual DJ 5.2 (Crack v2) Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English VLC media player 1.0.1 WebReg Winamp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync ==== End Of File ===========================
  6. Arquivo javaw.exe recebido em 2010.05.01 07:45:01 (UTC) Andamento: terminado Resultado: 0/40 (0.00%) Modo compacto Imprimir resultados AntivírusVersãoÚltima AtualizaçãoResultadoa-squared4.5.0.502010.05.01-AhnLab-V32010.05.01.002010.05.01-AntiVir8.2.1.2242010.04.30-Antiy-AVL2.0.3.72010.04.30-Authentium5.2.0.52010.05.01-Avast4.8.1351.02010.04.30-Avast55.0.332.02010.04.30-AVG9.0.0.7872010.04.30-BitDefender7.22010.05.01-CAT-QuickHeal10.002010.04.29-ClamAV0.96.0.3-git2010.05.01-Comodo47262010.05.01-DrWeb5.0.2.033002010.05.01-eSafe7.0.17.02010.04.29-eTrust-Vet35.2.74622010.04.30-F-Prot4.5.1.852010.04.30-F-Secure9.0.15370.02010.05.01-Fortinet4.0.14.02010.04.30-GData212010.05.01-IkarusT3.1.1.80.02010.05.01-Jiangmin13.0.9002010.05.01-Kaspersky7.0.0.1252010.05.01-McAfee5.400.0.11582010.05.01-McAfee-GW-Edition6.8.52010.04.30-Microsoft1.57032010.05.01-NOD3250762010.04.30-Norman6.04.122010.04.30-nProtect2010-04-30.012010.04.30-Panda10.0.2.72010.05.01-PCTools7.0.3.52010.05.01-Prevx3.02010.05.01-Rising22.45.04.032010.04.30-Sophos4.53.02010.05.01-Sunbelt62452010.05.01-Symantec20091.2.0.412010.05.01-TheHacker6.5.2.0.2742010.04.30-TrendMicro9.120.0.10042010.05.01-VBA323.12.12.42010.04.30-ViRobot2010.4.30.22972010.05.01-VirusBuster5.0.27.02010.04.30-Informações adicionaisFile size: 145184 bytesMD5 : 4e8cc8bdebed5ad93539612d4d316fdfSHA1 : e7512a139bc73ca82941df7f99dcc22d6151bcccSHA256: bebae3ec309386fd3e601c3ad5f9116a97c3791cfb7b8b7558b946e45e7249f7PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x894C timedatestamp.....: 0x4BC398B3 (Tue Apr 13 00:03:31 2010) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x113E9 0x12000 6.47 c3bcf3d0d50d527faf3248d116311636 .rdata 0x13000 0x4326 0x5000 4.70 0ff72d73048794927fc28a0eca7212a5 .data 0x18000 0x3778 0x2000 2.42 7735bcc79ea7e887b7e118e03ccfe1ad .rsrc 0x1C000 0x7F30 0x8000 5.91 9bb5c84a56fcc83f80608da000b36a91 ( 3 imports ) > advapi32.dll: RegCloseKey, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA > kernel32.dll: GetCurrentDirectoryA, GetFullPathNameA, GetModuleFileNameA, QueryPerformanceCounter, QueryPerformanceFrequency, LocalFree, FormatMessageA, GetLastError, CloseHandle, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetCommandLineA, FreeLibrary, GetProcAddress, LoadLibraryA, GetExitCodeThread, FindFirstFileA, FindNextFileA, FindClose, ExitProcess, GetModuleHandleA, TerminateProcess, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, MultiByteToWideChar, GetFileAttributesA, ExitThread, GetCurrentThreadId, CreateThread, GetStartupInfoA, GetVersionExA, HeapAlloc, HeapReAlloc, HeapFree, DeleteCriticalSection, WideCharToMultiByte, SetHandleCount, GetStdHandle, GetFileType, WriteFile, ReadFile, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, FlushFileBuffers, SetEnvironmentVariableA, SetEnvironmentVariableW, UnhandledExceptionFilter, GetACP, GetOEMCP, GetCPInfo, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, SetStdHandle, VirtualAlloc, VirtualProtect, GetSystemInfo, VirtualQuery, SetFilePointer, InitializeCriticalSection, RtlUnwind, HeapSize, InterlockedExchange, CompareStringA, CompareStringW, CreateFileA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetEndOfFile, GetTimeZoneInformation, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA > user32.dll: MessageBoxA ( 0 exports ) TrID : File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%)ssdeep: 1536:61EQWowhnIR0is1geOjihV6uhkYUSzcAx1Itw0lM8eUnqWygKkPlBTNS7qjh3rmu:61Gny0is1iygSw01IZ1yePlBpFjZqMN5sigcheck: publisher....: Sun Microsystems, Inc. copyright....: Copyright © 2004 product......: Java Platform SE 6 U20 description..: Java Platform SE binary original name: javaw.exe internal name: javaw file version.: 6.0.200.2 comments.....: n/a signers......: Sun Microsystems, Inc. VeriSign Class 3 Code Signing 2009 CA Class 3 Public Primary Certification Authority - G2 signing date.: 2:29 AM 4/13/2010 verified.....: - PEiD : -RDS : NSRL Reference Data Set -
  7. nao foi novamente... veja o print ae pra ver se é isso que você quer ver valeu
  8. Olá amigo !!! ocorreu um erro ao realizar o duplo clique. Acesso negado, nao foi possivel localizar o arquivo c:/look.txt Deseja criar um novo arquivo? Sim - Nao - Cancelar e consequentemente o arquivo salvo com quote desaparece, e abre um bloco de notas em branco. Desde já agradeço pela atenção. Valeu
  9. DDS (Ver_10-03-17.01) - NTFSX64 Run by Peixoto at 21:07:53,14 on 01/05/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.2707 [GMT -3:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Scpad\scpVista.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\splwow64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Peixoto\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll mWinlogon: Userinit=c:\windows\syswow64\userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files (x86)\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files (x86)\scpad\scpsssh2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll TB: Exibir Barra de ferramentas do Norton: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files (x86)\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\ahead\lib\NMBgMonitor.exe" uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [Google Update] "c:\users\peixoto\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe" mRun: [symantec PIF AlertEng] "c:\program files (x86)\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files (x86)\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" dRunOnce: [<NO NAME>] mExplorerRun: [<NO NAME>] 1 (0x1) StartupFolder: c:\users\peixoto\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL Trusted Zone: www.bancobrasil.com.br\www Trusted Zone: www.bancodobrasil.com.br\www Trusted Zone: www.bb.com.br\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {58B3939F-41CF-4C06-A1C1-4986EF46B89A} = 200.165.132.154,200.165.132.147 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files (x86)\scpad\scpLIB.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {DBC80044-A445-435b-BC74-9C25C1C588A9} {2318C2B1-4965-11d4-9B18-009027A5CD4F} TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE ================= FIREFOX =================== FF - ProfilePath - c:\users\peixoto\appdata\roaming\mozilla\firefox\profiles\tsrxhzpg.default\ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\peixoto\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\idsdefs\20100421.001\IDSvia64.sys [2010-4-23 396336] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\firebird\firebird_2_1\bin\fbguard.exe [2009-12-1 81920] R2 scpVista;scpVista;c:\program files (x86)\scpad\scpVista.exe [2010-3-24 136496] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 6228480] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 160256] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-20 132656] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe [2009-12-1 2732032] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392] R3 Symantec Core LC;Symantec Core LC;c:\program files (x86)\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-4-20 1251720] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 43832] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-7 135664] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736] =============== Created Last 30 ================ 2010-05-01 19:52:18 0 d-----w- c:\programdata\FarmFrenzy3_America 2010-04-28 14:05:57 12867072 ----a-w- c:\windows\syswow64\shell32.dll 2010-04-28 14:05:56 96768 ----a-w- c:\windows\syswow64\sspicli.dll 2010-04-28 14:05:56 22016 ----a-w- c:\windows\syswow64\secur32.dll 2010-04-28 14:05:56 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-28 14:05:56 1446912 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-28 01:09:23 0 d--h--w- c:\windows\PIF 2010-04-27 12:17:42 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-04-27 12:17:42 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-04-27 12:17:42 145184 ----a-w- c:\windows\syswow64\java.exe 2010-04-26 12:21:48 0 d-----w- C:\LinhaDefensiva 2010-04-26 12:19:09 0 d-----w- C:\BankerFix 2010-04-25 19:08:12 0 d-----w- c:\users\peixoto\appdata\roaming\1morebee 2010-04-21 13:45:59 186256 ----a-w- c:\windows\syswow64\SymNPPWA.dll 2010-04-21 01:57:43 0 d-----w- c:\users\peixoto\appdata\roaming\Symantec 2010-04-20 21:38:56 503808 ----a-w- c:\windows\syswow64\MSVCP71.DLL 2010-04-20 21:38:56 348160 ----a-w- c:\windows\syswow64\MSVCR71.DLL 2010-04-20 21:38:56 1060864 ----a-w- c:\windows\syswow64\MFC71.DLL 2010-04-20 21:35:59 19304 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-20 21:35:59 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2010-04-20 21:35:59 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll 2010-04-20 21:35:59 0 d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2010-04-20 20:49:19 0 d-----w- c:\program files (x86)\Norton 360 2010-04-20 20:48:53 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF 2010-04-20 20:48:53 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2010-04-20 20:48:53 10655 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT 2010-04-20 20:48:53 0 d-----w- c:\program files\Symantec 2010-04-20 20:48:53 0 d-----w- c:\program files\common files\Symantec Shared 2010-04-20 20:47:25 0 d-----w- c:\program files (x86)\Symantec 2010-04-20 20:24:45 511328 ----a-w- c:\windows\syswow64\capicom.dll 2010-04-20 20:24:41 0 d-----w- c:\programdata\Symantec 2010-04-20 20:23:57 0 d-----w- c:\program files (x86)\common files\Symantec Shared 2010-04-19 20:45:13 88 --sh--r- c:\programdata\B87E936A13.sys 2010-04-19 20:45:13 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-04-19 20:37:31 0 d-----w- c:\programdata\Corel 2010-04-19 20:37:31 0 d-----w- c:\program files (x86)\common files\Protexis 2010-04-19 20:36:23 0 d-----w- c:\program files (x86)\common files\Corel 2010-04-19 20:36:07 0 d-----w- c:\program files (x86)\Corel 2010-04-18 21:07:16 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-04-18 15:50:08 0 d-----w- c:\program files (x86)\FreeTime 2010-04-18 14:19:18 0 d-----w- c:\programdata\AVS4YOU 2010-04-18 14:19:02 0 d-----w- c:\program files (x86)\common files\AVSMedia 2010-04-18 14:18:52 156910 ----a-w- c:\windows\WMSysPr8.prx 2010-04-18 14:18:51 974848 ----a-w- c:\windows\syswow64\mfc70.dll 2010-04-18 14:18:51 24576 ----a-w- c:\windows\syswow64\msxml3a.dll 2010-04-18 14:18:51 0 d-----w- c:\program files (x86)\AVS4YOU 2010-04-18 13:51:15 987136 ----a-w- c:\windows\syswow64\NCTVideoCoreM.dll 2010-04-18 13:51:15 290816 ----a-w- c:\windows\syswow64\NCTAVIFile.dll 2010-04-18 13:51:15 196608 ----a-w- c:\windows\syswow64\NCTWMVFile.dll 2010-04-18 13:51:15 139264 ----a-w- c:\windows\syswow64\NCTVideoFile.dll 2010-04-18 13:51:14 90112 ----a-w- c:\windows\syswow64\NCTAudioFormatSettings3.dll 2010-04-18 13:51:14 487424 ----a-w- c:\windows\syswow64\msvcp70.dll 2010-04-18 13:51:14 348160 ----a-w- c:\windows\syswow64\NCTWMAFile2.dll 2010-04-18 13:51:14 2469888 ----a-w- c:\windows\syswow64\NCTAudioCompress3.dll 2010-04-18 13:51:14 2183168 ----a-w- c:\windows\syswow64\NCTVideoCompress.dll 2010-04-18 13:51:14 1810432 ----a-w- c:\windows\syswow64\NCTAudioCompress2.dll 2010-04-18 13:22:59 0 d-----w- c:\programdata\DivX 2010-04-14 22:56:45 612352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 22:56:44 427520 ----a-w- c:\windows\syswow64\vbscript.dll 2010-04-14 22:56:18 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 22:56:18 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 22:56:18 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 22:56:17 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 22:56:16 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-04-14 22:56:16 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-04-14 12:33:26 220672 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 12:33:26 172032 ----a-w- c:\windows\syswow64\wintrust.dll 2010-04-14 12:33:25 139264 ----a-w- c:\windows\system32\cabview.dll 2010-04-14 12:33:25 132608 ----a-w- c:\windows\syswow64\cabview.dll 2010-04-10 23:51:14 0 d-----w- c:\programdata\incredible express 2010-04-10 19:52:04 0 d-----w- c:\users\peixoto\appdata\roaming\Farm Mania 2 2010-04-09 20:31:53 0 d-----w- c:\programdata\Sun 2010-04-09 12:04:28 0 d-----w- c:\program files (x86)\K-Lite Codec Pack 2010-04-09 12:03:11 455680 ----a-w- c:\windows\system32\deploytk.dll 2010-04-09 12:03:00 0 d-----w- c:\program files\Java 2010-04-09 11:42:22 0 d-----w- c:\windows\syswow64\Adobe 2010-04-08 13:27:40 0 d-----w- c:\programdata\WEBREG 2010-04-08 13:02:39 0 d-----w- c:\programdata\HPSSUPPLY 2010-04-08 12:57:03 0 d-----w- c:\program files (x86)\common files\Hewlett-Packard 2010-04-08 12:56:36 0 d-----w- c:\program files (x86)\common files\HP 2010-04-08 12:52:36 0 d-----w- c:\program files (x86)\HP 2010-04-08 12:49:11 157801 ----a-w- c:\windows\hpoins19.dat 2010-04-08 12:48:36 338432 ----a-w- c:\windows\system32\hpzids40.dll 2010-04-08 12:48:34 26952 ----a-w- c:\windows\hpomdl19.dat 2010-04-08 12:47:21 0 d-----w- c:\programdata\HP ==================== Find3M ==================== 2010-04-29 15:40:07 654272 ----a-w- c:\windows\system32\prfh0416.dat 2010-04-29 15:40:07 124724 ----a-w- c:\windows\system32\prfc0416.dat 2010-03-14 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll 2010-03-14 18:00:00 6656 ----a-w- c:\windows\syswow64\pndx5016.dll 2010-03-14 18:00:00 5632 ----a-w- c:\windows\syswow64\pndx5032.dll 2010-03-14 18:00:00 278528 ----a-w- c:\windows\syswow64\pncrt.dll 2010-03-14 18:00:00 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll 2010-02-24 13:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-02-10 19:18:42 2131336 ----a-w- c:\program files (x86)\common files\AskToolbarInstaller.exe 2010-02-10 17:13:48 165376 ----a-w- c:\windows\syswow64\unrar.dll 2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll 2009-08-06 04:29:53 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat 2009-08-06 04:29:53 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat 2009-08-06 04:29:53 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat 2009-08-06 04:29:53 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 21:08:16,39 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 28/11/2009 10:43:34 System Uptime: 05/01/2010 10:24:40 (2795 hours ago) Motherboard: Foxconn | | P35A01 Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | SOCKET775 M/B | 3005/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 68 GiB total, 8,655 GiB free. D: is FIXED (NTFS) - 81 GiB total, 13,332 GiB free. E: is FIXED (NTFS) - 70 GiB total, 15,264 GiB free. F: is FIXED (NTFS) - 100 GiB total, 7,859 GiB free. G: is CDROM () H: is CDROM () I: is CDROM () Z: is FIXED (NTFS) - 127 GiB total, 31,245 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: PS/2 Keyboard Device ID: ACPI\PNP0303\4&38AD8530&0 Manufacturer: Logitech Name: PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&38AD8530&0 Service: i8042prt ==== System Restore Points =================== RP138: 27/04/2010 09:16:01 - Removed Java 6 Update 20 RP139: 27/04/2010 09:16:57 - Installed Java 6 Update 20 RP140: 28/04/2010 13:31:55 - Windows Update ==== Installed Programs ====================== 10 Days Under The Sea Deluxe 4200 4200_Help 4200Trb Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.3.2 - Português Adobe Setup Adobe Shockwave Player 11.5 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ADPHONE3 ADPHONE3Upgrade Advertising Center AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan AP Tuner 3.08 AppCore Arquivo do WinRAR ASIO4ALL Ask Toolbar Assistente de Conexão do Windows Live µTorrent Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) Autumn's Treasures - The Jade Coin Deluxe AV AVS Media Player 3.1 Becky Brogan - The Mystery of Meane Manor Deluxe BufferChm Build-a-lot Deluxe Build It! Miami Beach Resort Deluxe ccCommon CCleaner CDDRV_Installer Coconut Queen Deluxe Copy CorelDRAW Graphics Suite X4 CorelDRAW Graphics Suite X4 - Capture CorelDRAW Graphics Suite X4 - Content CorelDRAW Graphics Suite X4 - Draw CorelDRAW Graphics Suite X4 - Filters CorelDRAW Graphics Suite X4 - FontNav CorelDRAW Graphics SUite X4 - ICA CorelDRAW Graphics Suite X4 - IPM CorelDRAW Graphics Suite X4 - Lang EN CorelDRAW Graphics Suite X4 - PP CorelDRAW Graphics Suite X4 - VBA CorelDRAW® Graphics Suite X4 CorelDRAW® Graphics Suite X4 - Windows Shell Extension CustomerResearchQFolder Cute Cute Destinations DeviceManagementQFolder DocProc DocProcQFolder DolbyFiles E.M. Total Video Player 1.31 eSupportQFolder Farm Frenzy 3 - American Pie Deluxe Farm Mania 2 Deluxe Fashion Dash Deluxe Fax Ferramenta de Carregamento do Windows Live Fiona Finch and the Finest Flowers Deluxe Firebird 2.1.2.18118 (Win32) FormatFactory 2.30 Fotosizer 1.27 Free Audio CD Burner version 1.2 Free Music Zilla Free YouTube to MP3 Converter version 3.2 GameDesire-Pool & Snooker GearDrvs Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Gotcha - Celebrity Secrets Deluxe Hostile Makeover - A Fashion Murder Deluxe Hotel Dash - Suite Success Deluxe HP Photosmart Essential HP Update HPProductAssistant HPSSupply ImagXpress Incredible Express Deluxe Java Auto Updater Java 6 Update 20 Junk Mail filter update K-Lite Mega Codec Pack 5.8.3 Kelly Green - Garden Queen Deluxe Little Shop - World Traveler Deluxe LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Logitech Desktop Messenger Logitech SetPoint Lost City of Z Deluxe MarketResearch McAfee Security Scan Menu Templates - Starter Kit Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mortimer Beckett and the Lost King Deluxe Movie Templates - Starter Kit Mozilla Firefox (3.6.3) MSI to redistribute MS VS2005 CRT libraries MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Natalie Brooks - Mystery at Hillcrest High Deluxe Need for Speed™ SHIFT Nero 7 Essentials Nero 9 Trial Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero Disc Copy Gadget Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero PhotoSnap Nero Recode Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress neroxml Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component NVIDIA PhysX ObjectDock Paradise Beach Deluxe PDF Settings Pro Evolution Soccer 2010 Scan Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) SolutionCenter Sony Noise Reduction Plug-In 2.0e Sony Sound Forge 9.0 SoundTrax Status Subtitle Workshop 2.51 SuppSoft Symantec Technical Support Controls The Treasures of Montezuma 2 Deluxe The Tudors Deluxe Toolbox Total Video2Dvd 3.11 TrayApp Uninstall 1.0.0.1 UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981433) VDownloader 2.6 Virtual DJ - Atomix Productions Virtual DJ 5.2 (Crack v2) Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English VLC media player 1.0.1 WebReg Winamp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync ==== End Of File ===========================
  10. Caros amigos, estou tendo serios problemas com sites de bancos como itau, bradesco, talvez por questoes de virus, o site q entro do itau em outros pc's aparece logo em cima Itau 30 Horas, aqui ultimamente nao conseguir acessar o site ( Nao foi possivel localizar a pagina na web) e antes aparecia itau Banking line e nao o nome da pessoa e sim Acesar. no bradesco qualquer senha que coloco entra na conta e o site direciona pra digitar todas as chaves do codigo de segurança, visto que estou com problemas serios. Nao conseguir executar o Gmer, c:/windows/system32/config/system. o sistema nao pode encontrar o arquivo especificado. clico em ok, fui no scan e depois de um certo tempo a mensagem: Gmer hasn't found any system modification e nao aparece nada pra copiar ou salvar ok? Segue Log DDS e Attach. DDS (Ver_10-03-17.01) - NTFSX64 Run by Peixoto at 14:29:15,72 on 21/04/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.2793 [GMT -3:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Scpad\scpVista.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Peixoto\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files (x86)\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files (x86)\scpad\scpsssh2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll TB: Exibir Barra de ferramentas do Norton: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files (x86)\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\ahead\lib\NMBgMonitor.exe" uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [Google Update] "c:\users\peixoto\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe" mRun: [symantec PIF AlertEng] "c:\program files (x86)\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files (x86)\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" StartupFolder: c:\users\peixoto\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\1.0.150\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL Trusted Zone: www.bancobrasil.com.br\www Trusted Zone: www.bancodobrasil.com.br\www Trusted Zone: www.bb.com.br\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {58B3939F-41CF-4C06-A1C1-4986EF46B89A} = 200.165.132.154,200.165.132.147 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files (x86)\scpad\scpLIB.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} {DBC80044-A445-435b-BC74-9C25C1C588A9} {2318C2B1-4965-11d4-9B18-009027A5CD4F} TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE ================= FIREFOX =================== FF - ProfilePath - c:\users\peixoto\appdata\roaming\mozilla\firefox\profiles\tsrxhzpg.default\ FF - prefs.js: network.proxy.type - 2 FF - prefs.js: network.proxy.type - 2 FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1\symcdata\idsdefs\20100415.001\IDSvia64.sys [2010-4-20 396336] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\firebird\firebird_2_1\bin\fbguard.exe [2009-12-1 81920] R2 scpVista;scpVista;c:\program files (x86)\scpad\scpVista.exe [2010-3-24 136496] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 6228480] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 160256] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-20 132656] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe [2009-12-1 2732032] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 43832] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-7 135664] S3 Symantec Core LC;Symantec Core LC;c:\program files (x86)\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-4-20 1251720] S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736] =============== Created Last 30 ================ 2010-04-21 13:45:59 186256 ----a-w- c:\windows\syswow64\SymNPPWA.dll 2010-04-21 01:57:43 0 d-----w- c:\users\peixoto\appdata\roaming\Symantec 2010-04-20 21:38:56 503808 ----a-w- c:\windows\syswow64\MSVCP71.DLL 2010-04-20 21:38:56 348160 ----a-w- c:\windows\syswow64\MSVCR71.DLL 2010-04-20 21:38:56 1060864 ----a-w- c:\windows\syswow64\MFC71.DLL 2010-04-20 21:35:59 19304 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-04-20 21:35:59 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2010-04-20 21:35:59 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll 2010-04-20 21:35:59 0 d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2010-04-20 20:49:19 0 d-----w- c:\program files (x86)\Norton 360 2010-04-20 20:48:53 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF 2010-04-20 20:48:53 172080 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2010-04-20 20:48:53 10655 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT 2010-04-20 20:48:53 0 d-----w- c:\program files\Symantec 2010-04-20 20:48:53 0 d-----w- c:\program files\common files\Symantec Shared 2010-04-20 20:47:25 0 d-----w- c:\program files (x86)\Symantec 2010-04-20 20:24:45 511328 ----a-w- c:\windows\syswow64\capicom.dll 2010-04-20 20:24:41 0 d-----w- c:\programdata\Symantec 2010-04-20 20:23:57 0 d-----w- c:\program files (x86)\common files\Symantec Shared 2010-04-19 20:45:13 88 --sh--r- c:\programdata\B87E936A13.sys 2010-04-19 20:45:13 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-04-19 20:37:31 0 d-----w- c:\programdata\Corel 2010-04-19 20:37:31 0 d-----w- c:\program files (x86)\common files\Protexis 2010-04-19 20:36:23 0 d-----w- c:\program files (x86)\common files\Corel 2010-04-19 20:36:07 0 d-----w- c:\program files (x86)\Corel 2010-04-18 21:07:16 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-04-18 21:07:16 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-04-18 21:07:16 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-04-18 21:07:16 145184 ----a-w- c:\windows\syswow64\java.exe 2010-04-18 15:50:08 0 d-----w- c:\program files (x86)\FreeTime 2010-04-18 14:19:18 0 d-----w- c:\programdata\AVS4YOU 2010-04-18 14:19:02 0 d-----w- c:\program files (x86)\common files\AVSMedia 2010-04-18 14:18:52 156910 ----a-w- c:\windows\WMSysPr8.prx 2010-04-18 14:18:51 974848 ----a-w- c:\windows\syswow64\mfc70.dll 2010-04-18 14:18:51 24576 ----a-w- c:\windows\syswow64\msxml3a.dll 2010-04-18 14:18:51 0 d-----w- c:\program files (x86)\AVS4YOU 2010-04-18 13:51:15 987136 ----a-w- c:\windows\syswow64\NCTVideoCoreM.dll 2010-04-18 13:51:15 290816 ----a-w- c:\windows\syswow64\NCTAVIFile.dll 2010-04-18 13:51:15 196608 ----a-w- c:\windows\syswow64\NCTWMVFile.dll 2010-04-18 13:51:15 139264 ----a-w- c:\windows\syswow64\NCTVideoFile.dll 2010-04-18 13:51:14 90112 ----a-w- c:\windows\syswow64\NCTAudioFormatSettings3.dll 2010-04-18 13:51:14 487424 ----a-w- c:\windows\syswow64\msvcp70.dll 2010-04-18 13:51:14 348160 ----a-w- c:\windows\syswow64\NCTWMAFile2.dll 2010-04-18 13:51:14 2469888 ----a-w- c:\windows\syswow64\NCTAudioCompress3.dll 2010-04-18 13:51:14 2183168 ----a-w- c:\windows\syswow64\NCTVideoCompress.dll 2010-04-18 13:51:14 1810432 ----a-w- c:\windows\syswow64\NCTAudioCompress2.dll 2010-04-18 13:22:59 0 d-----w- c:\programdata\DivX 2010-04-14 22:56:45 612352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 22:56:44 427520 ----a-w- c:\windows\syswow64\vbscript.dll 2010-04-14 22:56:18 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 22:56:18 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 22:56:18 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 22:56:17 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 22:56:16 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-04-14 22:56:16 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-04-14 12:33:26 220672 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 12:33:26 172032 ----a-w- c:\windows\syswow64\wintrust.dll 2010-04-14 12:33:25 139264 ----a-w- c:\windows\system32\cabview.dll 2010-04-14 12:33:25 132608 ----a-w- c:\windows\syswow64\cabview.dll 2010-04-10 23:51:14 0 d-----w- c:\programdata\incredible express 2010-04-10 19:52:04 0 d-----w- c:\users\peixoto\appdata\roaming\Farm Mania 2 2010-04-09 20:31:53 0 d-----w- c:\programdata\Sun 2010-04-09 12:04:28 0 d-----w- c:\program files (x86)\K-Lite Codec Pack 2010-04-09 12:03:11 455680 ----a-w- c:\windows\system32\deploytk.dll 2010-04-09 12:03:00 0 d-----w- c:\program files\Java 2010-04-09 11:42:22 0 d-----w- c:\windows\syswow64\Adobe 2010-04-08 13:27:40 0 d-----w- c:\programdata\WEBREG 2010-04-08 13:02:39 0 d-----w- c:\programdata\HPSSUPPLY 2010-04-08 12:57:03 0 d-----w- c:\program files (x86)\common files\Hewlett-Packard 2010-04-08 12:56:36 0 d-----w- c:\program files (x86)\common files\HP 2010-04-08 12:52:36 0 d-----w- c:\program files (x86)\HP 2010-04-08 12:49:11 157801 ----a-w- c:\windows\hpoins19.dat 2010-04-08 12:48:36 338432 ----a-w- c:\windows\system32\hpzids40.dll 2010-04-08 12:48:34 26952 ----a-w- c:\windows\hpomdl19.dat 2010-04-08 12:47:21 0 d-----w- c:\programdata\HP 2010-04-01 19:28:58 0 d---a-w- c:\programdata\TEMP 2010-03-31 12:40:20 0 d-----w- c:\program files (x86)\DVDVideoSoft 2010-03-31 12:40:20 0 d-----w- c:\program files (x86)\common files\DVDVideoSoft 2010-03-31 12:21:10 0 d-----w- c:\program files (x86)\Ask.com 2010-03-31 12:20:56 2131336 ----a-w- c:\program files (x86)\common files\AskToolbarInstaller.exe 2010-03-31 12:20:56 0 d-----w- c:\program files (x86)\VDownloader 2010-03-27 14:06:10 0 dc-h--w- c:\programdata\{4B2D1BA8-B421-4726-9AFF-6109D62835EF} 2010-03-24 20:43:32 0 d-----w- c:\program files (x86)\Scpad ==================== Find3M ==================== 2010-04-19 21:00:31 654272 ----a-w- c:\windows\system32\prfh0416.dat 2010-04-19 21:00:31 124724 ----a-w- c:\windows\system32\prfc0416.dat 2010-03-14 18:00:00 85504 ----a-w- c:\windows\syswow64\ff_vfw.dll 2010-03-14 18:00:00 6656 ----a-w- c:\windows\syswow64\pndx5016.dll 2010-03-14 18:00:00 5632 ----a-w- c:\windows\syswow64\pndx5032.dll 2010-03-14 18:00:00 278528 ----a-w- c:\windows\syswow64\pncrt.dll 2010-03-14 18:00:00 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll 2010-02-24 13:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-02-10 17:13:48 165376 ----a-w- c:\windows\syswow64\unrar.dll 2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll 2009-08-06 04:29:53 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat 2009-08-06 04:29:53 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat 2009-08-06 04:29:53 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat 2009-08-06 04:29:53 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 14:29:50,02 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 28/11/2009 10:43:34 System Uptime: 21/04/2010 14:17:24 (0 hours ago) Motherboard: Foxconn | | P35A01 Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | SOCKET775 M/B | 3005/333mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 68 GiB total, 11,094 GiB free. D: is FIXED (NTFS) - 81 GiB total, 13,332 GiB free. E: is FIXED (NTFS) - 70 GiB total, 15,264 GiB free. F: is FIXED (NTFS) - 100 GiB total, 7,804 GiB free. G: is CDROM () H: is CDROM () I: is CDROM () Z: is FIXED (NTFS) - 127 GiB total, 31,315 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: PS/2 Keyboard Device ID: ACPI\PNP0303\4&38AD8530&0 Manufacturer: Logitech Name: PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&38AD8530&0 Service: i8042prt ==== System Restore Points =================== RP136: 20/04/2010 21:30:58 - Ponto de Verificação Agendado ==== Installed Programs ====================== 10 Days Under The Sea Deluxe 4200 4200_Help 4200Trb Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.3.2 - Português Adobe Setup Adobe Shockwave Player 11.5 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ADPHONE3 ADPHONE3Upgrade Advertising Center AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan AP Tuner 3.08 AppCore Arquivo do WinRAR ASIO4ALL Ask Toolbar Assistente de Conexão do Windows Live µTorrent Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) Autumn's Treasures - The Jade Coin Deluxe AV AVS Media Player 3.1 Becky Brogan - The Mystery of Meane Manor Deluxe BufferChm Build-a-lot Deluxe Build It! Miami Beach Resort Deluxe ccCommon CCleaner CDDRV_Installer Coconut Queen Deluxe Copy CorelDRAW Graphics Suite X4 CorelDRAW Graphics Suite X4 - Capture CorelDRAW Graphics Suite X4 - Content CorelDRAW Graphics Suite X4 - Draw CorelDRAW Graphics Suite X4 - Filters CorelDRAW Graphics Suite X4 - FontNav CorelDRAW Graphics SUite X4 - ICA CorelDRAW Graphics Suite X4 - IPM CorelDRAW Graphics Suite X4 - Lang EN CorelDRAW Graphics Suite X4 - PP CorelDRAW Graphics Suite X4 - VBA CorelDRAW® Graphics Suite X4 CorelDRAW® Graphics Suite X4 - Windows Shell Extension CustomerResearchQFolder Cute Cute Destinations DeviceManagementQFolder DocProc DocProcQFolder DolbyFiles E.M. Total Video Player 1.31 eSupportQFolder Farm Mania 2 Deluxe Fashion Dash Deluxe Fax Ferramenta de Carregamento do Windows Live Firebird 2.1.2.18118 (Win32) FormatFactory 2.30 Fotosizer 1.27 Free Audio CD Burner version 1.2 Free Music Zilla Free YouTube to MP3 Converter version 3.2 GameDesire-Pool & Snooker GearDrvs Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Hostile Makeover - A Fashion Murder Deluxe Hotel Dash - Suite Success Deluxe HP Photosmart Essential HP Update HPProductAssistant HPSSupply ImagXpress Incredible Express Deluxe Java Auto Updater Java 6 Update 20 Junk Mail filter update K-Lite Mega Codec Pack 5.8.3 Kelly Green - Garden Queen Deluxe Little Shop - World Traveler Deluxe LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Logitech Desktop Messenger Logitech SetPoint Lost City of Z Deluxe MarketResearch McAfee Security Scan Menu Templates - Starter Kit Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mortimer Beckett and the Lost King Deluxe Movie Templates - Starter Kit Mozilla Firefox (3.6.3) MSI to redistribute MS VS2005 CRT libraries MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Natalie Brooks - Mystery at Hillcrest High Deluxe Need for Speed™ SHIFT Nero 7 Essentials Nero 9 Trial Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero Disc Copy Gadget Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero PhotoSnap Nero Recode Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress neroxml Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component NVIDIA PhysX ObjectDock Paradise Beach Deluxe PDF Settings Pro Evolution Soccer 2010 Scan Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) SolutionCenter Sony Noise Reduction Plug-In 2.0e Sony Sound Forge 9.0 SoundTrax Status Subtitle Workshop 2.51 SuppSoft Symantec Technical Support Controls The Treasures of Montezuma 2 Deluxe The Tudors Deluxe Toolbox Total Video2Dvd 3.11 TrayApp Uninstall 1.0.0.1 UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981433) VDownloader 2.6 Virtual DJ - Atomix Productions Virtual DJ 5.2 (Crack v2) Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English VLC media player 1.0.1 WebReg Winamp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync ==== End Of File ===========================
  11. Logfile of HijackThis v1.99.1 Scan saved at 23:42:12, on 1/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\ARQUIV~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\ARQUIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\helper.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm O12 - Plugin for .mov: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E8331A40-C544-41A5-BFFD-ECFDAF97D4A8}: NameServer = 200.165.132.154,200.165.132.147 O17 - HKLM\System\CCS\Services\Tcpip\..\{F52A6676-514D-450B-8EBD-FC36FA8F652A}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: LmHosts - {F2863DB4-83FF-4237-B23C-C35FA7C295C6} - C:\WINDOWS\help\ddeshare.hlp O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe
  12. Eae camarada, pensei q poderia ser outra pessoa q poderia responder ai nem falei contigo direito... td beleza sim... e contigo como andam as coisas ??? só esse pc que acho q é doido, sei lá as vezes acho q ele processa coisa demais. Em Need Most Wanted mesmo, ta dando umas travadinhas e talzz, as vezes travadonas... e vejo gente falando que joga beleza com 512 de memoria com placa de video inferior a minha... você acha isso possivel ? sim... dei Fix Checked mas na hora desse log do panda o bicho pegou... Veja só o q aparece quando entro no link e clico em Scan Your PC... eae o q faço ?? Valeu td de bom.
  13. ta ai, sp2 instalado. Logfile of HijackThis v1.99.1 Scan saved at 23:47:59, on 30/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\WINDOWS\VM_STI.EXE C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\ARQUIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\helper.exe C:\HJT\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm O12 - Plugin for .mov: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E8331A40-C544-41A5-BFFD-ECFDAF97D4A8}: NameServer = 200.165.132.154,200.165.132.147 O17 - HKLM\System\CCS\Services\Tcpip\..\{F52A6676-514D-450B-8EBD-FC36FA8F652A}: NameServer = 200.165.132.154,200.165.132.147 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: LmHosts - {F2863DB4-83FF-4237-B23C-C35FA7C295C6} - C:\WINDOWS\help\ddeshare.hlp O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido\security suite\ewidoctrl.exe O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton SystemWorks\Norton Antivirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!