Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
meu avg indentifico o virus cavalo de troia generic16.azlp
no arquivo C:\WINDOWS\system32\drivers\drive.sys
eu fiz o scaning no SUPERAntispyware
obs: nao pediu pra reiniciar.
e o resultado do log foi esse
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/17/2010 at 11:41 PM
Application Version : 4.33.1000
Core Rules Database Version : 4597
Trace Rules Database Version: 2409
Scan type : Complete Scan
Total Scan Time : 00:37:44
Memory items scanned : 576
Memory threats detected : 0
Registry items scanned : 4833
Registry threats detected : 0
File items scanned : 14789
File threats detected : 3
Adware.Tracking Cookie
C:\Documents and Settings\Vânia\Cookies\vânia@hitbox[1].txt
C:\Documents and Settings\Vânia\Cookies\vânia@ehg-eset.hitbox[1].txt
C:\Documents and Settings\Vânia\Cookies\vânia@atdmt[1].txt
depois fiz o log no HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:13, on 17/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\HiYo\bin\HiYo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\VNIA~1\CONFIG~1\Temp\Rar$EX00.109\Midi.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\Midi.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\Midi.exe
C:\WINDOWS\system32\GbpSv.exe
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe
C:\Arquivos de programas\Mozilla Firefox\Firefox.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [] C:\Windows\System32\avg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7930 bytes
oq devo fazer agr?
meu avg continua mostrando que tem virus
meu mozila hj apareceu com um erro de nao encontrado arquivo xul.dll reiniciei o progama e ta pegando normalmente
VOLTANDO A O ASSUNTO fiz as duas etapas certas e ai estao os resultados
AI VAI O BANKERFIX
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2010-02-18 - 10:48
-------------------------------------------------------
Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1
=======================================================
Arquivo infectado detectado: C:\WINDOWS\system32\Gbpsv.exe
Arquivo infectado removido com sucesso!
Arquivo infectado detectado: C:\WINDOWS\system32\avg.exe
Arquivo infectado removido com sucesso!
----- Fim -------------------------
e o HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:08, on 18/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\System32\cmd.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\HiYo\Bin\HiYo.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7459 bytes
depois desse processo tbm fiz o scaneamento no superantispyware
e o log de resultado foi esse
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/18/2010 at 01:59 PM
Application Version : 4.33.1000
Core Rules Database Version : 4597
Trace Rules Database Version: 2409
Scan type : Complete Scan
Total Scan Time : 00:40:36
Memory items scanned : 490
Memory threats detected : 0
Registry items scanned : 4836
Registry threats detected : 0
File items scanned : 14882
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Vânia\Cookies\vânia@atdmt[2].txt
O que o SUPERAntiSpyware encontrou foi apenas um cookie. Sempre que você acessa a Internet, cookies são criados. Não tem que se preocupar com isso. Toda vez que fizer um scan com ele, o mesmo detectará esses cookies — considerando-os Tracking Cookies. Um software de limpeza, como o CCleaner, por exemplo, limpa tais arquivos.
- Faça o download do '>http://images.malwareremoval.com/random/RSIT.exe"]**RSIT** e salve no seu desktop;
● Dê dois cliques em **RSIT.exe** para executar o programa;
● Na janela que abrir clique no botão **Continue** para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (**log.txt**) na sua próxima resposta;● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.
A ta certo :D ja entendi valeu!
o log normal
Logfile of random's system information tool 1.06 (written by random/random)
Run by Vânia at 2010-02-19 19:51:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (71%) free of 38 GB
Total RAM: 895 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:16, on 19/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\HiYo\bin\HiYo.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\RSIT.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\Vânia.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7614 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\OGALogon.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-12-20 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}]
Flash Video Decoder for FLV - C:\WINDOWS\system32\flash10flv.dll [2010-02-07 1307136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-12-20 2043160]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"SMSERIAL"=C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"Hiyo"=C:\Arquivos de programas\HiYo\bin\HiYo.exe [2010-02-18 230768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"PowerBar"= []
"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-14 1695232]
"SUPERAntiSpyware"=C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-25 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe"="C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-19 19:51:31 ----D---- C:\rsit
2010-02-18 10:46:44 ----D---- C:\Documents and Settings\Vânia\Dados de aplicativos\HiYo
2010-02-18 10:46:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\HiYo
2010-02-18 10:35:07 ----D---- C:\Arquivos de programas\HiYo
2010-02-17 22:45:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2010-02-17 22:45:28 ----D---- C:\Documents and Settings\Vânia\Dados de aplicativos\SUPERAntiSpyware.com
2010-02-17 22:45:28 ----D---- C:\Arquivos de programas\SUPERAntiSpyware
2010-02-17 22:44:36 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2010-02-17 22:04:16 ----A---- C:\WINDOWS\cmd.ini
2010-02-11 18:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-11 18:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-11 18:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-11 15:21:37 ----A---- C:\WINDOWS\system32\flash10flv.dll
2010-02-11 09:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-11 09:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 09:28:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-11 09:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-11 09:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-07 00:10:32 ----A---- C:\WINDOWS\system32\eMpnbfDTiUBcONoX.exe
2010-02-01 20:34:29 ----D---- C:\Documents and Settings\Vânia\Dados de aplicativos\Foxit
2010-02-01 20:34:27 ----D---- C:\Arquivos de programas\Foxit Software
======List of files/folders modified in the last 1 months======
2010-02-19 19:51:40 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2010-02-19 19:45:50 ----D---- C:\WINDOWS\Temp
2010-02-19 19:43:59 ----RD---- C:\Arquivos de programas
2010-02-19 15:36:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-19 15:36:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 15:25:40 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-18 13:25:32 ----D---- C:\WINDOWS\system32\drivers
2010-02-18 13:25:31 ----HD---- C:\$AVG8.VAULT$
2010-02-18 10:48:15 ----D---- C:\WINDOWS\system32
2010-02-18 10:46:38 ----SHD---- C:\WINDOWS\Installer
2010-02-18 10:46:36 ----HD---- C:\Config.Msi
2010-02-18 10:25:30 ----D---- C:\Arquivos de programas\Mozilla Firefox
2010-02-18 00:43:51 ----D---- C:\WINDOWS\system32\Restore
2010-02-17 22:44:36 ----D---- C:\Arquivos de programas\Arquivos comuns
2010-02-17 22:33:19 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-17 22:04:16 ----D---- C:\WINDOWS
2010-02-17 13:47:50 ----D---- C:\WINDOWS\Debug
2010-02-17 13:45:58 ----D---- C:\WINDOWS\Prefetch
2010-02-17 13:45:17 ----SD---- C:\WINDOWS\Tasks
2010-02-11 18:20:12 ----HD---- C:\WINDOWS\inf
2010-02-11 18:20:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-11 18:20:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-06 21:14:36 ----D---- C:\Arquivos de programas\Ares
2010-02-02 17:32:49 ----D---- C:\WINDOWS\Help
2010-02-01 17:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-23 13:36:03 ----D---- C:\Arquivos de programas\Internet Explorer
2010-01-23 13:35:52 ----D---- C:\WINDOWS\ie8updates
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-25 108552]
R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]
R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S1 Cuzinho;net; C:\WINDOWS\system32\drivers\drive.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2009-08-25 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-08-25 297752]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 NWCWorkstation;Serviço de cliente para NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
e ai o log info txt
info.txt logfile of random's system information tool 1.06 2010-02-19 19:52:19
======Uninstall list======
-->C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AMD Processor Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0416 -removeonly
Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Atualização de Segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.5-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"
EVEREST Ultimate Edition v5.00-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Foxit Reader-->C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe
Free WMA to MP3 Converter 1.16-->"C:\Arquivos de programas\Free WMA to MP3 Converter\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Vânia\Meus documentos\Downloads\HijackThis.exe" /uninstall
HiYo -->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"
HiYo-->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4}
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software (ptb)-->C:\Arquivos de programas\HP\Digital Imaging\{D1AE6D4D-C37A-487d-83D8-C333125B2459}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero 7 Essentials-->MsiExec.exe /I{F87DA817-8D53-42CC-AA45-93A100341033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe"
PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}
Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}
Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: AVG Anti-Virus Free
AV: avast! antivirus 4.8.1169 [VPS 091021-0] (outdated)
======System event log======
Computer Name: V-24EC962BE4AC4
Event Code: 7036
Message: O serviço Localizador de computadores entrou no estado interrompido.
Record Number: 4712
Source Name: Service Control Manager
Time Written: 20100211174550.000000-120
Event Type: Informações
User:
Computer Name: V-24EC962BE4AC4
Event Code: 7036
Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.
Record Number: 4711
Source Name: Service Control Manager
Time Written: 20100211174546.000000-120
Event Type: Informações
User:
Computer Name: V-24EC962BE4AC4
Event Code: 7036
Message: O serviço Serviço 'Gateway de camada de aplicativo' entrou no estado executando.
Record Number: 4710
Source Name: Service Control Manager
Time Written: 20100211174540.000000-120
Event Type: Informações
User:
Computer Name: V-24EC962BE4AC4
Event Code: 7035
Message: O serviço Serviço 'Gateway de camada de aplicativo' recebeu com êxito um controle Iniciar.
Record Number: 4709
Source Name: Service Control Manager
Time Written: 20100211174540.000000-120
Event Type: Informações
User: AUTORIDADE NT\SYSTEM
Computer Name: V-24EC962BE4AC4
Event Code: 7036
Message: O serviço IMAPI CD-Burning COM Service entrou no estado interrompido.
Record Number: 4708
Source Name: Service Control Manager
Time Written: 20100211174540.000000-120
Event Type: Informações
User:
=====Application event log=====
Computer Name: V-24EC962BE4AC4
Event Code: 1000
Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.
Record Number: 1804
Source Name: Application Error
Time Written: 20091210230747.000000-120
Event Type: Erro
User:
Computer Name: V-24EC962BE4AC4
Event Code: 1000
Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.
Record Number: 1803
Source Name: Application Error
Time Written: 20091210225732.000000-120
Event Type: Erro
User:
Computer Name: V-24EC962BE4AC4
Event Code: 1000
Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.
Record Number: 1802
Source Name: Application Error
Time Written: 20091210224717.000000-120
Event Type: Erro
User:
Computer Name: V-24EC962BE4AC4
Event Code: 1000
Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.
Record Number: 1801
Source Name: Application Error
Time Written: 20091210223702.000000-120
Event Type: Erro
User:
Computer Name: V-24EC962BE4AC4
Event Code: 1000
Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.
Record Number: 1800
Source Name: Application Error
Time Written: 20091210215922.000000-120
Event Type: Erro
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=7f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Desculpe a demora!
- Faça o download do '>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o na área de trabalho;
● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone *combofix.exe* para iniciar o scan;
● Leia o contrato que aparecerá e clique em **Sim** para continuar;
● Abrirá uma janela do *Console de Recuperação*, clique em **Sim** para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle **N**;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;● Será gerado um log em C:\ComboFix.txt.
Cole este log em sua próxima resposta.
ComboFix 10-03-03.03 - Vânia 04/03/2010 14:33:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.895.387 [GMT -3:00]
Executando de: c:\documents and settings\Vânia\Meus documentos\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 091021-0] On-access scanning enabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\cmd.ini
c:\windows\system32\drivers\drive.sys.off
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CUZINHO
-------\Service_Cuzinho
(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))
.
2010-02-24 18:53 . 2010-02-24 18:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-22 21:40 . 2010-02-22 22:19 -------- d-----w- c:\windows\system32\Adobe
2010-02-19 21:51 . 2010-02-19 21:52 -------- d-----w- C:\rsit
2010-02-18 12:46 . 2010-02-18 12:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HiYo
2010-02-18 12:35 . 2010-02-18 12:46 -------- d-----w- c:\arquivos de programas\HiYo
2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware
2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2010-02-11 17:21 . 2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll
2010-02-07 02:10 . 2008-04-14 02:21 11776 ----a-w- c:\windows\system32\eMpnbfDTiUBcONoX.exe
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 02:26 . 2001-10-28 15:07 48846 ----a-w- c:\windows\system32\perfc016.dat
2010-02-21 02:26 . 2001-10-28 15:07 344734 ----a-w- c:\windows\system32\perfh016.dat
2010-02-06 23:14 . 2009-11-04 18:33 -------- d-----w- c:\arquivos de programas\Ares
2010-02-01 22:34 . 2010-02-01 22:34 -------- d-----w- c:\arquivos de programas\Foxit Software
2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2009-08-13 23:07 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-08-04 02:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2004-10-01 18:00 . 2009-08-13 23:37 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}]
2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 13:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-12-20 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Hiyo"="c:\arquivos de programas\HiYo\bin\HiYo.exe" [2010-02-18 230768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 16:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 22:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/8/2009 20:29 75856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/8/2009 19:03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/8/2009 19:03 108552]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [5/1/2010 06:56 9968]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [5/1/2010 06:56 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/8/2009 20:29 20560]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [25/8/2009 19:03 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [25/8/2009 19:03 297752]
R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [5/1/2010 06:56 7408]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-03-04 c:\windows\Tasks\OGALogon.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://mystart.hiyo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {098FDC35-D3D8-46EB-BEFA-9121837A50B6} = 200.223.0.83 200.223.0.84
FF - ProfilePath - c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official
FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=
FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.HKCU-Run-PowerBar - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 14:41
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?Y?????????????????????????????????????????????????????????? ??|??|????]??|??w????????pY????@?8?@?????pY??c"?s???s??????@?????N'?s?W2?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?sd{2??$@?8?@?8?@?????????p{2??C2????s???s`W2?PC2??C2?0i?s?????????W2????
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\arquiv~1\AVG\AVG8\avgrsx.exe
c:\arquiv~1\AVG\AVG8\avgnsx.exe
c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-03-04 14:47:04 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-03-04 17:47
Pré-execução: 6 pasta(s) 27.907.305.472 bytes disponíveis
Pós execução: 10 pasta(s) 27.819.761.664 bytes disponíveis
Você está com dois antivirus: Avast! e AVG. Isto não é recomendável. Sugiro que escolha apenas um e desinstale o outro. Pois além de fazer com que o sistema perca mais em desempenho, pode haver conflitos entre ambos.
Executando de: c:\documents and settings\Vânia\Meus documentos\Downloads\ComboFix.exe
O ComboFix deve estar salvo no desktop. Delete-o e baixe-o aqui'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]aqui novamente, salvando no desktop desta vez, para que possamos prosseguir com as instruções abaixo.
Selecione o texto abaixo e copie (a partir de File). Cole no Bloco de Notas e salve no desktop com o nome de CFScript.txt
File::c:\windows\system32\eMpnbfDTiUBcONoX.exe
SysRst::
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:
/applications/core/interface/imageproxy/imageproxy.php?img=http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif&key=aa06bb7a384f8fa15f7e1a4f58abd652eaebf82f4abc577ab5cdd4b0f21e4492" alt="CFScript.gif" />
● Se for solicitado à você, pressione **Enter** para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\**ComboFix.txt**;● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
combofix txt
ComboFix 10-03-05.06 - Vânia 06/03/2010 16:51:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.895.539 [GMT -3:00]
Executando de: c:\documents and settings\Vânia\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Vânia\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1169 [VPS 091021-0] On-access scanning enabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\eMpnbfDTiUBcONoX.exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\eMpnbfDTiUBcONoX.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-06 to 2010-03-06 ))))))))))))))))))))))))))))
.
2010-02-24 18:53 . 2010-02-24 18:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-22 21:40 . 2010-02-22 22:19 -------- d-----w- c:\windows\system32\Adobe
2010-02-19 21:51 . 2010-02-19 21:52 -------- d-----w- C:\rsit
2010-02-18 12:46 . 2010-02-18 12:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HiYo
2010-02-18 12:35 . 2010-02-18 12:46 -------- d-----w- c:\arquivos de programas\HiYo
2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com
2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware
2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard
2010-02-11 17:21 . 2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 02:26 . 2001-10-28 15:07 48846 ----a-w- c:\windows\system32\perfc016.dat
2010-02-21 02:26 . 2001-10-28 15:07 344734 ----a-w- c:\windows\system32\perfh016.dat
2010-02-06 23:14 . 2009-11-04 18:33 -------- d-----w- c:\arquivos de programas\Ares
2010-02-01 22:34 . 2010-02-01 22:34 -------- d-----w- c:\arquivos de programas\Foxit Software
2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-04 03:45 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2009-08-13 23:07 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-10-01 18:00 . 2009-08-13 23:37 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.
06/03/2010 13:49 641320 c:\arquivos de programas\Alwil Software\Avast4\DATA\aswar0.dll
10/02/2010 18:35 641320 \RP100\A0040215.dll
09/02/2010 12:20 641320 \RP99\A0040151.dll
06/03/2010 13:49 391216 c:\arquivos de programas\Alwil Software\Avast4\DATA\clnr0.dll
10/02/2010 18:35 391216 \RP100\A0040216.dll
09/02/2010 12:20 391216 \RP99\A0040149.dll
06/03/2010 13:49 10536 c:\arquivos de programas\Alwil Software\Avast4\DATA\exts0.dll
10/02/2010 18:35 10536 \RP100\A0040217.dll
09/02/2010 12:20 10536 \RP99\A0040150.dll
06/03/2010 13:49 3747800 c:\arquivos de programas\Alwil Software\Avast4\DATA\uiaux0.dll
10/02/2010 18:35 3747800 \RP100\A0040218.dll
09/02/2010 12:20 3747800 \RP99\A0040152.dll
c:\arquivos de programas\AVG\AVG8\avg7api.dll
25/08/2009 19:03 222488 \RP112\A0055104.dll
c:\arquivos de programas\AVG\AVG8\avgabout.dll
08/10/2009 09:57 1216280 \RP112\A0055054.dll
c:\arquivos de programas\AVG\AVG8\avgamnot.dll
25/08/2009 19:03 271640 \RP112\A0055101.dll
c:\arquivos de programas\AVG\AVG8\avgapix.dll
25/08/2009 19:03 1262872 \RP112\A0055105.dll
c:\arquivos de programas\AVG\AVG8\avgcclix.dll
25/08/2009 19:03 418072 \RP112\A0055108.dll
c:\arquivos de programas\AVG\AVG8\avgcfgex.exe
25/08/2009 19:03 730392 \RP112\A0055037.exe
c:\arquivos de programas\AVG\AVG8\avgcfgx.dll
25/08/2009 19:03 836888 \RP112\A0055092.dll
c:\arquivos de programas\AVG\AVG8\avgclitx.dll
25/08/2009 19:03 390424 \RP112\A0055110.dll
c:\arquivos de programas\AVG\AVG8\avgcmgr.exe
20/12/2009 08:53 845080 \RP112\A0055061.exe
c:\arquivos de programas\AVG\AVG8\avgcorex.dll
10/02/2010 18:54 2067224 \RP112\A0055106.dll
c:\arquivos de programas\AVG\AVG8\avgcrlpx.dll
25/08/2009 19:03 70424 \RP112\A0055107.dll
c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe
25/08/2009 19:03 693016 \RP112\A0055109.exe
c:\arquivos de programas\AVG\AVG8\avgdumpx.exe
25/08/2009 19:03 100120 \RP112\A0055038.exe
c:\arquivos de programas\AVG\AVG8\avgemc.exe
25/08/2009 19:03 908056 \RP112\A0055041.exe
c:\arquivos de programas\AVG\AVG8\avgfrw.exe
25/08/2009 19:03 1217816 \RP112\A0055056.exe
c:\arquivos de programas\AVG\AVG8\avginet.dll
20/12/2009 08:42 759064 \RP112\A0055048.dll
c:\arquivos de programas\AVG\AVG8\avgiproxy.exe
25/08/2009 19:03 587032 \RP112\A0055049.exe
c:\arquivos de programas\AVG\AVG8\avglngx.dll
25/08/2009 19:03 310552 \RP112\A0055095.dll
c:\arquivos de programas\AVG\AVG8\avglogx.dll
25/08/2009 19:03 337176 \RP112\A0055111.dll
c:\arquivos de programas\AVG\AVG8\avglvex.dll
25/08/2009 19:03 197912 \RP112\A0055115.dll
c:\arquivos de programas\AVG\AVG8\avgmail.dll
25/08/2009 19:03 177432 \RP112\A0055040.dll
c:\arquivos de programas\AVG\AVG8\avgmvflx.dll
25/08/2009 19:03 305944 \RP112\A0055102.dll
c:\arquivos de programas\AVG\AVG8\avgnsx.exe
25/08/2009 19:03 595736 \RP112\A0055113.exe
c:\arquivos de programas\AVG\AVG8\avgoff2k.dll
25/08/2009 19:03 264984 \RP112\A0055042.dll
c:\arquivos de programas\AVG\AVG8\avgpp.dll
25/08/2009 19:03 87320 \RP112\A0055063.dll
c:\arquivos de programas\AVG\AVG8\avgresf.dll
25/08/2009 19:03 2352920 \RP112\A0055058.dll
c:\arquivos de programas\AVG\AVG8\avgrsx.exe
25/08/2009 19:03 486680 \RP112\A0055112.exe
c:\arquivos de programas\AVG\AVG8\avgscanx.dll
29/12/2009 12:00 340736 \RP112\A0055093.dll
c:\arquivos de programas\AVG\AVG8\avgscanx.exe
29/12/2009 12:00 761600 \RP112\A0055035.exe
c:\arquivos de programas\AVG\AVG8\avgsched.dll
25/08/2009 19:03 530712 \RP112\A0055096.dll
c:\arquivos de programas\AVG\AVG8\avgse.dll
25/08/2009 19:03 114968 \RP112\A0055060.dll
c:\arquivos de programas\AVG\AVG8\avgsrmax.exe
25/08/2009 19:03 341272 \RP112\A0055094.exe
c:\arquivos de programas\AVG\AVG8\avgsrmx.dll
20/12/2009 08:53 682776 \RP112\A0055036.dll
c:\arquivos de programas\AVG\AVG8\avgssie.dll
20/12/2009 08:53 1111320 \RP112\A0055062.dll
c:\arquivos de programas\AVG\AVG8\avgtbapi.dll
25/08/2009 19:03 493848 \RP112\A0055083.dll
c:\arquivos de programas\AVG\AVG8\AVGToolbarInstall.exe
25/08/2009 19:03 839808 \RP112\A0055084.exe
c:\arquivos de programas\AVG\AVG8\avgtray.exe
20/12/2009 08:53 2043160 \RP112\A0055053.exe
c:\arquivos de programas\AVG\AVG8\avgui.exe
10/02/2010 18:54 3533592 \RP112\A0055055.exe
c:\arquivos de programas\AVG\AVG8\avguiadv.dll
25/08/2009 19:03 2308888 \RP112\A0055059.dll
c:\arquivos de programas\AVG\AVG8\avguires.dll
25/08/2009 19:03 2808600 \RP112\A0055057.dll
c:\arquivos de programas\AVG\AVG8\avgupd.dll
20/12/2009 08:43 1478936 \RP112\A0055103.dll
c:\arquivos de programas\AVG\AVG8\avgupd.exe
20/12/2009 08:43 1143064 \RP112\A0055050.exe
c:\arquivos de programas\AVG\AVG8\avgvvx.dll
25/08/2009 19:03 515864 \RP112\A0055098.dll
c:\arquivos de programas\AVG\AVG8\avgwd.dll
25/08/2009 19:03 1262368 \RP112\A0055097.dll
c:\arquivos de programas\AVG\AVG8\avgwdsvc.exe
25/08/2009 19:03 297752 \RP112\A0055099.exe
c:\arquivos de programas\AVG\AVG8\avgwdwsc.dll
25/08/2009 19:03 423424 \RP112\A0055100.dll
c:\arquivos de programas\AVG\AVG8\avgxpl.dll
25/08/2009 19:03 1008920 \RP112\A0055114.dll
c:\arquivos de programas\AVG\AVG8\dbghelp.dll
25/08/2009 19:03 1045128 \RP112\A0055085.dll
c:\arquivos de programas\AVG\AVG8\Firefox\Components\avgssff.dll
25/08/2009 19:03 1033496 \RP112\A0055033.dll
c:\arquivos de programas\AVG\AVG8\fixcfg.exe
25/08/2009 19:03 423192 \RP112\A0055039.exe
c:\arquivos de programas\AVG\AVG8\libsasl.dll
25/08/2009 19:03 53528 \RP112\A0055043.dll
c:\arquivos de programas\AVG\AVG8\saslcrammd5.dll
25/08/2009 19:03 18200 \RP112\A0055046.dll
c:\arquivos de programas\AVG\AVG8\sasldigestmd5.dll
25/08/2009 19:03 36632 \RP112\A0055047.dll
c:\arquivos de programas\AVG\AVG8\sasllogin.dll
25/08/2009 19:03 16664 \RP112\A0055044.dll
c:\arquivos de programas\AVG\AVG8\saslplain.dll
25/08/2009 19:03 16664 \RP112\A0055045.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils2.dll
02/09/2009 11:58 103680 \RP91\A0037889.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils3.dll
02/09/2009 11:58 103680 \RP91\A0037890.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils35.dll
02/09/2009 11:58 103680 \RP91\A0037891.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\xpavgtbapi.dll
02/09/2009 11:58 99584 \RP91\A0037892.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
25/11/2009 12:01 111872 \RP112\A0055079.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
25/11/2009 12:01 111872 \RP112\A0055080.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
25/11/2009 12:01 111872 \RP112\A0055081.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
25/11/2009 12:01 99584 \RP112\A0055082.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\IE8Lib.dll
08/07/2009 05:09 59136 \RP112\A0055064.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
02/09/2009 10:58 1107200 \RP112\A0055129.dll
c:\arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe
02/09/2009 10:58 255232 \RP112\A0055130.exe
18/02/2010 09:34 623448 c:\arquivos de programas\HiYo\Bin\HiYo_Install.exe
09/02/2010 21:43 623448 \RP107\A0041980.exe
21/12/2009 16:07 246272 c:\arquivos de programas\Internet Explorer\ieproxy.dll
29/08/2009 04:57 246272 \RP85\A0032912.dll
29/10/2009 04:42 246272 \RP97\A0039227.dll
21/12/2009 16:08 12800 c:\arquivos de programas\Internet Explorer\xpshims.dll
29/08/2009 04:57 12800 \RP85\A0032911.dll
29/10/2009 04:42 12800 \RP97\A0039226.dll
16/01/2010 00:18 17880 c:\arquivos de programas\Mozilla Firefox\AccessibleMarshal.dll
06/01/2010 19:14 17880 \RP104\A0041663.dll
17/12/2009 13:21 17880 \RP92\A0038356.dll
16/01/2010 00:18 23000 c:\arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll
06/01/2010 19:14 23512 \RP104\A0041699.dll
17/12/2009 13:21 23512 \RP92\A0038358.dll
16/01/2010 00:18 138712 c:\arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll
06/01/2010 19:15 137176 \RP104\A0041700.dll
17/12/2009 13:21 137176 \RP92\A0038359.dll
16/01/2010 00:18 120792 c:\arquivos de programas\Mozilla Firefox\crashreporter.exe
06/01/2010 19:15 120280 \RP104\A0041656.exe
17/12/2009 13:21 120280 \RP92\A0038360.exe
16/01/2010 00:18 910296 c:\arquivos de programas\Mozilla Firefox\firefox.exe
06/01/2010 19:15 908248 \RP104\A0041654.exe
17/12/2009 13:21 908248 \RP92\A0038361.exe
15/01/2010 21:13 249856 c:\arquivos de programas\Mozilla Firefox\freebl3.dll
06/01/2010 19:15 249856 \RP104\A0041662.dll
17/12/2009 13:21 249856 \RP92\A0038362.dll
16/01/2010 00:18 1014232 c:\arquivos de programas\Mozilla Firefox\js3250.dll
06/01/2010 19:15 918488 \RP104\A0041671.dll
17/12/2009 13:21 917464 \RP92\A0038363.dll
16/01/2010 00:18 718296 c:\arquivos de programas\Mozilla Firefox\mozcrt19.dll
06/01/2010 19:15 722392 \RP104\A0041672.dll
17/12/2009 13:21 722392 \RP92\A0038364.dll
16/01/2010 00:18 169432 c:\arquivos de programas\Mozilla Firefox\nspr4.dll
06/01/2010 19:15 169432 \RP104\A0041660.dll
17/12/2009 13:21 169432 \RP92\A0038365.dll
16/01/2010 00:18 636376 c:\arquivos de programas\Mozilla Firefox\nss3.dll
06/01/2010 19:15 636376 \RP104\A0041673.dll
17/12/2009 13:21 636376 \RP92\A0038366.dll
16/01/2010 00:18 341464 c:\arquivos de programas\Mozilla Firefox\nssckbi.dll
06/01/2010 19:15 316888 \RP104\A0041661.dll
17/12/2009 13:21 316888 \RP92\A0038368.dll
15/01/2010 21:13 98304 c:\arquivos de programas\Mozilla Firefox\nssdbm3.dll
06/01/2010 19:15 98304 \RP104\A0041659.dll
17/12/2009 13:21 98304 \RP92\A0038369.dll
16/01/2010 00:18 87512 c:\arquivos de programas\Mozilla Firefox\nssutil3.dll
06/01/2010 19:15 87512 \RP104\A0041674.dll
17/12/2009 13:21 87512 \RP92\A0038370.dll
16/01/2010 00:18 20440 c:\arquivos de programas\Mozilla Firefox\plc4.dll
06/01/2010 19:15 20440 \RP104\A0041676.dll
17/12/2009 13:21 20440 \RP92\A0038372.dll
16/01/2010 00:18 17368 c:\arquivos de programas\Mozilla Firefox\plds4.dll
06/01/2010 19:15 17368 \RP104\A0041677.dll
17/12/2009 13:21 17368 \RP92\A0038373.dll
c:\arquivos de programas\Mozilla Firefox\plugins\np_gp.dll
17/12/2009 15:37 31936 \RP92\A0038499.dll
16/01/2010 00:18 64984 c:\arquivos de programas\Mozilla Firefox\plugins\npnul32.dll
06/01/2010 19:15 64984 \RP104\A0041698.dll
17/12/2009 13:21 64984 \RP92\A0038374.dll
16/01/2010 00:18 103896 c:\arquivos de programas\Mozilla Firefox\smime3.dll
06/01/2010 19:15 103896 \RP104\A0041678.dll
17/12/2009 13:21 103896 \RP92\A0038375.dll
15/01/2010 21:13 155648 c:\arquivos de programas\Mozilla Firefox\softokn3.dll
06/01/2010 19:15 155648 \RP104\A0041679.dll
17/12/2009 13:21 155648 \RP92\A0038376.dll
16/01/2010 00:18 458200 c:\arquivos de programas\Mozilla Firefox\sqlite3.dll
06/01/2010 19:15 457688 \RP104\A0041658.dll
17/12/2009 13:21 457688 \RP92\A0038377.dll
16/01/2010 00:18 136664 c:\arquivos de programas\Mozilla Firefox\ssl3.dll
06/01/2010 19:15 136664 \RP104\A0041680.dll
17/12/2009 13:21 136664 \RP92\A0038378.dll
16/01/2010 00:18 553152 c:\arquivos de programas\Mozilla Firefox\uninstall\helper.exe
06/01/2010 19:15 553216 \RP104\A0041710.exe
17/12/2009 13:21 553216 \RP92\A0038379.exe
16/01/2010 00:18 243160 c:\arquivos de programas\Mozilla Firefox\updater.exe
06/01/2010 19:15 244696 \RP104\A0041655.exe
17/12/2009 13:21 244696 \RP92\A0038380.exe
16/01/2010 00:18 17880 c:\arquivos de programas\Mozilla Firefox\xpcom.dll
06/01/2010 19:15 17880 \RP104\A0041657.dll
17/12/2009 13:21 17880 \RP92\A0038381.dll
16/01/2010 00:18 11623896 c:\arquivos de programas\Mozilla Firefox\xul.dll
06/01/2010 19:15 10810840 \RP104\A0041633.dll
17/12/2009 13:21 10802648 \RP92\A0038382.dll
c:\arquivos de programas\NOS\bin\getPlus_Helper.dll
17/12/2009 15:37 67360 \RP92\A0038501.dll
c:\arquivos de programas\NOS\bin\getPlusPlus_Adobe.exe
17/12/2009 15:37 349552 \RP92\A0038500.exe
c:\arquivos de programas\Windows Live\Messenger\ampFsETkdKZAzbIve.dll
06/02/2010 23:10 1307136 \RP101\A0040300.dll
c:\arquivos de programas\Word Password Recover Genie\unins000.exe
27/06/2004 07:00 77257 \RP104\A0041807.exe
c:\arquivos de programas\Word Password Recover Genie\WordKey.exe
12/03/2006 12:29 731136 \RP104\A0041806.exe
c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll
24/07/2009 09:55 1090816 \RP112\A0055065.dll
c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll
16/01/2010 13:01 2066200 \RP107\A0041953.dll
29/12/2009 12:00 2066200 \RP97\A0039473.dll
c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe
30/11/2009 10:28 2029336 \RP91\A0037991.exe
c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe
30/11/2009 10:28 3514648 \RP91\A0037992.exe
c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
17/12/2009 15:37 29344 \RP92\A0038502.exe
c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
17/12/2009 15:37 31936 \RP92\A0038504.dll
21/02/2010 19:02 52224 c:\documents and settings\Vânia\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
17/02/2010 21:59 52224 \RP107\A0042224.dll
21/02/2010 19:02 117760 c:\documents and settings\Vânia\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
17/02/2010 21:59 117760 \RP107\A0042223.DLL
c:\windows\_000004_.tmp.dll
17/12/2009 05:22 9383 \RP101\A0040239.dll
13/10/2009 08:23 9370 \RP83\A0031659.dll
c:\windows\_000005_.tmp.dll
27/11/2009 14:51 10795 \RP101\A0040253.dll
21/11/2009 14:03 11111 \RP93\A0038877.dll
c:\windows\_000006_.tmp.dll
21/10/2009 03:20 12194 \RP83\A0031682.dll
c:\windows\_000008_.tmp.dll
27/11/2009 14:13 15031 \RP101\A0040243.dll
c:\windows\_000009_.tmp.dll
21/11/2009 07:25 10999 \RP84\A0032729.dll
c:\windows\_000035_.tmp.dll
29/10/2009 06:53 18258 \RP85\A0032902.dll
05/01/2010 18:27 18271 \RP97\A0039217.dll
21/11/2009 12:58 471552 c:\windows\AppPatch\aclayers.dll
13/04/2008 23:20 451072 \RP93\A0038885.dll
04/12/2009 15:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
24/10/2008 08:21 455296 \RP102\A0040312.sys
c:\windows\inf\_000000_.tmp.dll
05/01/2010 15:43 926 \RP101\A0040238.dll
21/11/2009 13:10 926 \RP97\A0039204.dll
18/02/2010 09:46 15086 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\ARPPRODUCTICON.exe
09/02/2010 21:59 15086 \RP107\A0041983.exe
18/02/2010 09:46 15086 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut1_644D622AEF3D40E290EE92523E2DA87A.exe
09/02/2010 21:59 15086 \RP107\A0041984.exe
18/02/2010 09:46 15086 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut2_569C74F853D147C0802E971DD74EC31B.exe
09/02/2010 21:59 15086 \RP107\A0041985.exe
18/02/2010 09:46 8854 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut3_661346DFE29D45B2AB0F791526D873EC.exe
09/02/2010 21:59 8854 \RP107\A0041986.exe
18/02/2010 09:46 25214 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut5_DDCE803CDC5C411082D68C5AD6497A2A.exe
09/02/2010 21:59 25214 \RP107\A0041987.exe
18/02/2010 09:46 17542 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut6_D93733619CA548BBB3075870A1681AAB.exe
09/02/2010 21:59 17542 \RP107\A0041988.exe
25/10/2009 06:11 77312 c:\windows\MBR.exe
25/10/2009 06:11 77312 \RP112\A0055150.exe
c:\windows\system32\_000005_.tmp.dll
13/04/2008 23:20 32256 \RP101\A0040272.dll
c:\windows\system32\avg.exe
\RP107\A0041992.exe
c:\windows\system32\avgrsstx.dll
25/08/2009 19:03 11952 \RP112\A0055086.dll
27/11/2009 13:08 85504 c:\windows\system32\avifil32.dll
10/06/2009 11:14 85504 \RP101\A0040248.dll
27/11/2009 13:08 85504 c:\windows\system32\dllcache\avifil32.dll
10/06/2009 11:14 85504 \RP101\A0040250.dll
15/10/2009 13:32 81920 c:\windows\system32\dllcache\fontsub.dll
29/07/2009 01:36 81920 \RP93\A0038875.dll
21/12/2009 10:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
28/08/2009 07:38 173056 \RP85\A0032927.exe
28/10/2009 11:40 173056 \RP97\A0039242.exe
21/12/2009 16:07 387584 c:\windows\system32\dllcache\iedkcs32.dll
29/08/2009 04:57 387584 \RP85\A0032926.dll
29/10/2009 04:42 387584 \RP97\A0039241.dll
21/12/2009 16:07 11070464 c:\windows\system32\dllcache\ieframe.dll
29/08/2009 04:57 11069440 \RP85\A0032925.dll
29/10/2009 04:42 11069952 \RP97\A0039240.dll
21/12/2009 16:07 184320 c:\windows\system32\dllcache\iepeers.dll
29/08/2009 04:57 184320 \RP85\A0032924.dll
29/10/2009 04:42 184320 \RP97\A0039239.dll
21/12/2009 16:07 246272 c:\windows\system32\dllcache\ieproxy.dll
29/08/2009 04:57 246272 \RP85\A0032923.dll
29/10/2009 04:42 246272 \RP97\A0039238.dll
21/12/2009 16:07 1985536 c:\windows\system32\dllcache\iertutil.dll
29/08/2009 04:57 1985536 \RP85\A0032922.dll
29/10/2009 04:42 1985536 \RP97\A0039237.dll
09/12/2009 02:54 726528 c:\windows\system32\dllcache\jscript.dll
22/06/2009 03:48 726528 \RP108\A0051493.dll
21/12/2009 16:07 25600 c:\windows\system32\dllcache\jsproxy.dll
29/08/2009 04:57 25600 \RP85\A0032920.dll
29/10/2009 04:42 25600 \RP97\A0039235.dll
04/12/2009 15:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
24/10/2008 08:21 455296 \RP102\A0040313.sys
21/12/2009 16:07 594432 c:\windows\system32\dllcache\msfeeds.dll
29/08/2009 04:57 594432 \RP85\A0032919.dll
29/10/2009 04:42 594432 \RP97\A0039234.dll
21/12/2009 16:07 55296 c:\windows\system32\dllcache\msfeedsbs.dll
29/08/2009 04:57 55296 \RP85\A0032918.dll
29/10/2009 04:42 55296 \RP97\A0039233.dll
21/12/2009 16:07 5942784 c:\windows\system32\dllcache\mshtml.dll
22/10/2009 06:17 5939712 \RP85\A0032917.dll
29/10/2009 04:42 5940736 \RP97\A0039232.dll
27/11/2009 13:08 28672 c:\windows\system32\dllcache\msvidc32.dll
28/10/2001 12:07 25600 \RP101\A0040249.dll
21/12/2009 16:07 206848 c:\windows\system32\dllcache\occache.dll
29/08/2009 04:57 206848 \RP85\A0032916.dll
29/10/2009 04:42 206848 \RP97\A0039231.dll
27/11/2009 14:13 1296384 c:\windows\system32\dllcache\quartz.dll
03/06/2009 16:10 1295872 \RP101\A0040256.dll
31/12/2009 13:50 353792 c:\windows\system32\dllcache\srv.sys
11/12/2008 07:57 333952 \RP102\A0040319.sys
15/10/2009 13:32 119808 c:\windows\system32\dllcache\t2embed.dll
29/07/2009 01:36 119808 \RP93\A0038874.dll
21/12/2009 16:08 1208832 c:\windows\system32\dllcache\urlmon.dll
29/08/2009 04:57 1208832 \RP85\A0032915.dll
29/10/2009 04:42 1208832 \RP97\A0039230.dll
25/08/2009 06:19 354816 c:\windows\system32\dllcache\winhttp.dll
16/12/2008 09:31 354304 \RP83\A0031657.dll
21/12/2009 16:08 916480 c:\windows\system32\dllcache\wininet.dll
29/08/2009 04:57 916480 \RP85\A0032914.dll
29/10/2009 04:42 916480 \RP97\A0039229.dll
21/12/2009 16:08 12800 c:\windows\system32\dllcache\xpshims.dll
29/08/2009 04:57 12800 \RP85\A0032913.dll
29/10/2009 04:42 12800 \RP97\A0039228.dll
c:\windows\system32\drivers\_000005_.tmp.dll
24/10/2008 08:21 455296 \RP102\A0040311.dll
11/12/2008 07:57 333952 \RP102\A0040318.dll
c:\windows\system32\drivers\_000007_.tmp.dll
13/04/2008 15:53 264832 \RP83\A0031683.dll
c:\windows\system32\drivers\avgldx86.sys
25/08/2009 19:03 335240 \RP112\A0055117.sys
c:\windows\system32\drivers\avgmfx86.sys
25/08/2009 19:03 27784 \RP112\A0055116.sys
c:\windows\system32\drivers\avgtdix.sys
25/08/2009 19:03 108552 \RP112\A0055118.sys
c:\windows\system32\drivers\drive.sys
\RP105\A0041854.sys
\RP107\A0042010.sys
c:\windows\system32\eMpnbfDTiUBcONoX.exe
13/04/2008 23:21 11776 \RP112\A0055167.exe
15/10/2009 13:32 81920 c:\windows\system32\fontsub.dll
29/07/2009 01:36 81920 \RP93\A0038873.dll
c:\windows\system32\GbpSv.exe
\RP107\A0041991.exe
21/10/2009 02:39 25088 c:\windows\system32\httpapi.dll
13/04/2008 23:20 24576 \RP83\A0031694.dll
21/12/2009 10:22 173056 c:\windows\system32\ie4uinit.exe
28/08/2009 07:38 173056 \RP85\A0032910.exe
28/10/2009 11:40 173056 \RP97\A0039225.exe
21/12/2009 16:07 387584 c:\windows\system32\iedkcs32.dll
29/08/2009 04:57 387584 \RP85\A0032909.dll
29/10/2009 04:42 387584 \RP97\A0039224.dll
21/12/2009 16:07 11070464 c:\windows\system32\ieframe.dll
29/08/2009 04:57 11069440 \RP85\A0032953.dll
29/10/2009 04:42 11069952 \RP97\A0039254.dll
21/12/2009 16:07 184320 c:\windows\system32\iepeers.dll
29/08/2009 04:57 184320 \RP85\A0032908.dll
29/10/2009 04:42 184320 \RP97\A0039223.dll
21/12/2009 16:07 1985536 c:\windows\system32\iertutil.dll
29/08/2009 04:57 1985536 \RP85\A0032952.dll
29/10/2009 04:42 1985536 \RP97\A0039253.dll
27/11/2009 13:08 48128 c:\windows\system32\iyuv_32.dll
13/04/2008 23:20 47616 \RP101\A0040247.dll
09/12/2009 02:54 726528 c:\windows\system32\jscript.dll
22/06/2009 03:48 726528 \RP108\A0051492.dll
21/12/2009 16:07 25600 c:\windows\system32\jsproxy.dll
29/08/2009 04:57 25600 \RP85\A0032906.dll
29/10/2009 04:42 25600 \RP97\A0039221.dll
28/10/2009 00:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
18/07/2009 00:21 3883424 \RP92\A0038486.dll
28/10/2009 00:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
18/07/2009 00:21 257440 \RP92\A0038487.exe
06/01/2010 20:59 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
16/08/2009 18:27 85173 \RP92\A0038488.exe
01/02/2010 16:26 30364104 c:\windows\system32\MRT.exe
04/01/2010 21:17 29634504 \RP102\A0040315.exe
01/12/2009 17:06 25966024 \RP93\A0038869.exe
21/12/2009 16:07 594432 c:\windows\system32\msfeeds.dll
29/08/2009 04:57 594432 \RP85\A0032951.dll
29/10/2009 04:42 594432 \RP97\A0039252.dll
21/12/2009 16:07 55296 c:\windows\system32\msfeedsbs.dll
29/08/2009 04:57 55296 \RP85\A0032950.dll
29/10/2009 04:42 55296 \RP97\A0039251.dll
21/12/2009 16:07 5942784 c:\windows\system32\mshtml.dll
22/10/2009 06:17 5939712 \RP85\A0032949.dll
29/10/2009 04:42 5940736 \RP97\A0039250.dll
17/12/2009 04:41 345600 c:\windows\system32\mspaint.exe
13/04/2008 23:21 345600 \RP101\A0040240.exe
27/11/2009 13:08 11264 c:\windows\system32\msrle32.dll
13/04/2008 23:20 11264 \RP101\A0040246.dll
27/11/2009 13:08 28672 c:\windows\system32\msvidc32.dll
28/10/2001 12:07 25600 \RP101\A0040245.dll
27/11/2009 14:13 17920 c:\windows\system32\msyuv.dll
13/04/2008 23:20 16896 \RP101\A0040255.dll
13/10/2009 07:34 271360 c:\windows\system32\oakley.dll
13/04/2008 23:20 271360 \RP83\A0031660.dll
13/04/2008 23:20 271360 \RP83\A0031690.dll
21/12/2009 16:07 206848 c:\windows\system32\occache.dll
29/08/2009 04:57 206848 \RP85\A0032905.dll
29/10/2009 04:42 206848 \RP97\A0039220.dll
27/11/2009 14:13 1296384 c:\windows\system32\quartz.dll
03/06/2009 16:10 1295872 \RP101\A0040254.dll
03/06/2009 16:10 1295872 \RP101\A0040270.dll
12/10/2009 10:39 79872 c:\windows\system32\raschap.dll
13/04/2008 23:20 79872 \RP83\A0031680.dll
13/04/2008 23:20 79872 \RP83\A0031692.dll
12/10/2009 10:39 150016 c:\windows\system32\rastls.dll
13/04/2008 23:20 150528 \RP83\A0031679.dll
13/04/2008 23:20 150528 \RP83\A0031691.dll
08/12/2009 06:24 474112 c:\windows\system32\shlwapi.dll
13/04/2008 23:20 474112 \RP101\A0040259.dll
13/04/2008 23:20 474112 \RP101\A0040271.dll
21/10/2009 02:39 75776 c:\windows\system32\strmfilt.dll
13/04/2008 23:20 75776 \RP83\A0031693.dll
15/10/2009 13:32 119808 c:\windows\system32\t2embed.dll
29/07/2009 01:36 119808 \RP93\A0038872.dll
27/11/2009 13:08 8704 c:\windows\system32\tsbyuv.dll
28/10/2001 12:06 8192 \RP101\A0040244.dll
23/01/2010 05:11 46080 c:\windows\system32\tzchange.exe
28/10/2009 12:07 46080 \RP108\A0051489.exe
21/12/2009 16:08 1208832 c:\windows\system32\urlmon.dll
29/08/2009 04:57 1208832 \RP85\A0032904.dll
29/10/2009 04:42 1208832 \RP97\A0039249.dll
25/08/2009 06:19 354816 c:\windows\system32\winhttp.dll
16/12/2008 09:31 354304 \RP83\A0031656.dll
16/12/2008 09:31 354304 \RP83\A0031689.dll
21/12/2009 16:08 916480 c:\windows\system32\wininet.dll
29/08/2009 04:57 916480 \RP85\A0032903.dll
29/10/2009 04:42 916480 \RP97\A0039248.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}]
2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Hiyo"="c:\arquivos de programas\HiYo\bin\HiYo.exe" [2010-02-18 230768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 16:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/8/2009 20:29 75856]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [5/1/2010 06:56 9968]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [5/1/2010 06:56 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/8/2009 20:29 20560]
R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [5/1/2010 06:56 7408]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
--- =Outros Serviços/Drivers Na Memória ---
Deregistered - AvgLdx86
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-03-06 c:\windows\Tasks\OGALogon.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://mystart.hiyo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {098FDC35-D3D8-46EB-BEFA-9121837A50B6} = 200.223.0.83 200.223.0.84
FF - ProfilePath - c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official
FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 16:55
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Tempo para conclusão: 2010-03-06 16:57:50
ComboFix-quarantined-files.txt 2010-03-06 19:57
ComboFix2.txt 2010-03-04 17:47
Pré-execução: 8 pasta(s) 28.502.663.168 bytes disponíveis
Pós execução: 9 pasta(s) 28.473.372.672 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
do hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:42, on 6/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\HiYo\bin\HiYo.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vânia\Meus documentos\Downloads\Vânia.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5792 bytes
:D
Vá em Iniciar > Executar, cole o comando abaixo na caixa e dê um OK:
Combofix.exe /uninstall
A ferramenta será removida de seu sistema. Caso a pasta C:\ComboFix e o log C:\ComboFix.txt permaneçam, delete-os manualmente.
Vá em Iniciar > Executar novamente. Digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema e marque a opção "Desativar restauração do sistema" > OK. Logo após, retorne ao mesmo local e desmarque a opção.
Os logs estão limpos.
Algum problema ainda?
nada tudo ok.
obrigado por tudo :D
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
1ª Etapa
Você instalou um adware contido na instalação do programa HiYo, o MyStart.
Desinstale o HiYo pelo Adicionar ou Remover Programas e mais tarde volte a instalá-lo, sem aceitar a instalação do MyStart. Veja nas imagens abaixo e configure de tal maneira:
/applications/core/interface/imageproxy/imageproxy.php?img=http://f.imagehost.org/0013/imagem_4.png&key=773b6e315d60459c25fde65a2ff3581c077fb38d09a7aa2c7a1251b87f24725a" alt="imagem_4.png" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://f.imagehost.org/0058/imagem_1.png&key=7387ab2fe338a14db096e5aef7dc999d5a0b4b45459f470fd1f148d3b9923c4d" alt="imagem_1.png" />
2ª Etapa
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.
Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.
Delete a pasta C:\LinhaDefensiva após colar seu log aqui.