Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
O COMPUTADOR ESTÁ LENTO HÁ ALGUM TEMPO, TRAVANDO PRINCIPALMENTE QUANDO USO O NAVEGADOR, QUALQUER UM DELES. JOGO NEM PENSAR, FICA LENTO ATÉ O DA COBRINHA.
SEGUE ABAIXO O LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:02:34, on 13/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\uu\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm
O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://www.masterkids.ddns.com.br/ActiveViewGUI.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://www.masterkids.ddns.com.br/ActiveView.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 15919 bytes
Apenas não consegui desligar o norton totalmente (não sabia como), apenas desativei o firewall dele e as outras proteções, aí o programa perguntou se continuava mesmo assim e escolhi continuar. Não deu nenhum erro, e nenhuma mensagem diferente. Acho que já melhorou a velocidade, e ainda não travou, mas acabo de reiniciar, vou observar melhor.
Seguem os logs:
ComboFix 11-02-13.04 - uu 14/02/2011 20:45:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.501 [GMT -3:00]
Executando de: C:\Documents and Settings\uu\desktop\combofix.exe
Comandos utilizados :: /killall
AV: Norton 360 Enabled/Updated {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Spyware Doctor with AntiVirus Disabled/Updated {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton 360 Disabled {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 204 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Arquivos de programas\Mozilla Firefox\componentes
C:\Arquivos de programas\Mozilla Firefox\componentes\browser.xpt
C:\Arquivos de programas\Mozilla Firefox\componentes\browserdirprovider.dll
C:\Arquivos de programas\Mozilla Firefox\componentes\brwsrcmp.dll
C:\Arquivos de programas\Mozilla Firefox\componentes\coFFPlgn.dll
C:\Arquivos de programas\Mozilla Firefox\componentes\components.list
C:\Arquivos de programas\Mozilla Firefox\componentes\FeedConverter.js
C:\Arquivos de programas\Mozilla Firefox\componentes\FeedProcessor.js
C:\Arquivos de programas\Mozilla Firefox\componentes\FeedWriter.js
C:\Arquivos de programas\Mozilla Firefox\componentes\fuelApplication.js
C:\Arquivos de programas\Mozilla Firefox\componentes\GPSDGeolocationProvider.js
C:\Arquivos de programas\Mozilla Firefox\componentes\jsconsole-clhandler.js
C:\Arquivos de programas\Mozilla Firefox\componentes\NetworkGeolocationProvider.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nppl3260.xpt
C:\Arquivos de programas\Mozilla Firefox\componentes\nsAddonRepository.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsBadCertHandler.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsBlocklistService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsBrowserContentHandler.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsBrowserGlue.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsContentDispatchChooser.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsContentPrefService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsDefaultCLH.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsDownloadManagerUI.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsExtensionManager.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsFormAutoComplete.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsHandlerService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsHelperAppDlg.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsINIProcessor.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsIQTScriptablePlugin.xpt
C:\Arquivos de programas\Mozilla Firefox\componentes\nsJSRealPlayerPlugin.xpt
C:\Arquivos de programas\Mozilla Firefox\componentes\nsLivemarkService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsLoginInfo.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsLoginManager.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsLoginManagerPrompter.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsMicrosummaryService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsPlacesAutoComplete.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsPlacesDBFlush.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsPlacesTransactionsService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsPrivateBrowsingService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsProxyAutoConfig.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSafebrowsingApplication.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSearchService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSearchSuggestions.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSessionStartup.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSessionStore.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSetDefaultBrowser.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsSidebar.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsTaggingService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsTryToClose.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsUpdateService.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsUpdateServiceStub.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsUpdateTimerManager.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsUrlClassifierLib.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsUrlClassifierListManager.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsURLFormatter.js
C:\Arquivos de programas\Mozilla Firefox\componentes\nsWebHandlerApp.js
C:\Arquivos de programas\Mozilla Firefox\componentes\pluginGlue.js
C:\Arquivos de programas\Mozilla Firefox\componentes\storage-Legacy.js
C:\Arquivos de programas\Mozilla Firefox\componentes\storage-mozStorage.js
C:\Arquivos de programas\Mozilla Firefox\componentes\txEXSLTRegExFunctions.js
C:\Arquivos de programas\Mozilla Firefox\componentes\WebContentConverter.js
C:\Documents and Settings\uu\Dados de aplicativos\logs.dat
C:\Documents and Settings\uu\gbas.dll_u
C:\WINDOWS\command
C:\WINDOWS\system32\antav
C:\WINDOWS\system32\antav\av.exe
C:\WINDOWS\system32\antav\nameversion
C:\WINDOWS\system32\HideFyles
C:\WINDOWS\system32\HideFyles\apointy.exe
C:\WINDOWS\system32\HideFyles\inuus
C:\WINDOWS\system32\HideFyles\ntfy
C:\WINDOWS\system32\HidesFileLogs
C:\WINDOWS\system32\HidesFileLogs\01.log
C:\WINDOWS\system32\HidesFileLogs\02.log
C:\WINDOWS\system32\HidesFileLogs\03.log
C:\WINDOWS\system32\HidesFileLogs\04.log
C:\WINDOWS\system32\HidesFileLogs\05.log
C:\WINDOWS\system32\HidesFileLogs\06.log
C:\WINDOWS\system32\HidesFileLogs\07.log
C:\WINDOWS\system32\HidesFileLogs\08.log
C:\WINDOWS\system32\HidesFileLogs\09.log
C:\WINDOWS\system32\HidesFileLogs\10.log
C:\WINDOWS\system32\HidesFileLogs\11.log
C:\WINDOWS\system32\HidesFileLogs\12.log
C:\WINDOWS\system32\HidesFileLogs\13.log
C:\WINDOWS\system32\HidesFileLogs\14.log
C:\WINDOWS\system32\HidesFileLogs\15.log
C:\WINDOWS\system32\HidesFileLogs\16.log
C:\WINDOWS\system32\HidesFileLogs\17.log
C:\WINDOWS\system32\HidesFileLogs\18.log
C:\WINDOWS\system32\HidesFileLogs\19.log
C:\WINDOWS\system32\HidesFileLogs\20.log
C:\WINDOWS\system32\HidesFileLogs\21.log
C:\WINDOWS\system32\HidesFileLogs\22.log
C:\WINDOWS\system32\HidesFileLogs\23.log
C:\WINDOWS\system32\HidesFileLogs\24.log
C:\WINDOWS\system32\HidesFileLogs\25.log
C:\WINDOWS\system32\HidesFileLogs\26.log
C:\WINDOWS\system32\HidesFileLogs\27.log
C:\WINDOWS\system32\HidesFileLogs\28.log
C:\WINDOWS\system32\HidesFileLogs\29.log
C:\WINDOWS\system32\HidesFileLogs\30.log
C:\WINDOWS\system32\HidesFileLogs\31.log
C:\WINDOWS\system32\HidesFileLogs\32.log
C:\WINDOWS\system32\HidesFileLogs\33.log
C:\WINDOWS\system32\HidesFileLogs\34.log
C:\WINDOWS\system32\HidesFileLogs\35.log
C:\WINDOWS\system32\HidesFileLogs\36.log
C:\WINDOWS\system32\HidesFileLogs\37.log
C:\WINDOWS\system32\HidesFileLogs\38.log
C:\WINDOWS\system32\HidesFileLogs\39.log
C:\WINDOWS\system32\HidesFileLogs\40.log
C:\WINDOWS\system32\HidesFileLogs\41.log
C:\WINDOWS\system32\HidesFileLogs\42.log
C:\WINDOWS\system32\HidesFileLogs\43.log
C:\WINDOWS\system32\HidesFileLogs\44.log
C:\WINDOWS\system32\HidesFileLogs\45.log
C:\WINDOWS\system32\HidesFileLogs\46.log
C:\WINDOWS\system32\HidesFileLogs\47.log
C:\WINDOWS\system32\HidesFileLogs\48.log
C:\WINDOWS\system32\HidesFileLogs\49.log
C:\WINDOWS\system32\HidesFileLogs\50.log
C:\WINDOWS\system32\HidesFileLogs\51.log
C:\WINDOWS\system32\HidesFileLogs\sair.log
C:\WINDOWS\system32\install
C:\WINDOWS\system32\SITE\empresa05
C:\WINDOWS\system32\SITE\empresa05\AC_RunActiveContent.js
C:\WINDOWS\system32\SITE\empresa05\block.html
C:\WINDOWS\system32\SITE\empresa05\erro.gif
C:\WINDOWS\system32\SITE\empresa05\erro.html
C:\WINDOWS\system32\SITE\empresa05\id.txt
C:\WINDOWS\system32\SITE\empresa05\index.html
C:\WINDOWS\system32\SITE\empresa05\index.swf
C:\WINDOWS\system32\SITE\empresa05\settings.sol
C:\WINDOWS\system32\SITE\empresa05\sync.txt
C:\WINDOWS\system32\SITE\empresa09
C:\WINDOWS\system32\SITE\empresa09\AC_RunActiveContent.js
C:\WINDOWS\system32\SITE\empresa09\block.html
C:\WINDOWS\system32\SITE\empresa09\erro.gif
C:\WINDOWS\system32\SITE\empresa09\erro.html
C:\WINDOWS\system32\SITE\empresa09\id.txt
C:\WINDOWS\system32\SITE\empresa09\index.html
C:\WINDOWS\system32\SITE\empresa09\index.swf
C:\WINDOWS\system32\SITE\empresa09\sync.txt
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\twunk_32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GBPSV
-------\Service_GbpSv
(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))
.
2011-02-07 17:57:44 . 2011-02-07 17:59:07 -------- d-----w- C:\Documents and Settings\uu\Dados de aplicativos\SecondLife
2011-02-07 17:57:43 . 2011-02-07 18:00:39 -------- d-----w- C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\SecondLife
2011-02-07 17:56:17 . 2011-02-07 17:57:33 -------- d-----w- C:\Arquivos de programas\SecondLifeViewer2
2011-01-30 18:45:02 . 2010-12-16 13:53:18 155136 ----a-w- C:\WINDOWS\system32\AI_ContextMenu.dll
2011-01-30 18:44:51 . 2010-11-19 21:02:34 496640 ----a-w- C:\WINDOWS\system32\xvid.ax
2011-01-30 18:44:50 . 2010-11-19 21:02:36 892928 ----a-w- C:\WINDOWS\system32\iconv.dll
2011-01-30 18:44:50 . 2010-11-19 21:02:36 675840 ----a-w- C:\WINDOWS\system32\ac3filter.ax
2011-01-30 18:44:37 . 2011-01-30 18:44:37 -------- d-----w- C:\Arquivos de programas\Aimersoft
2011-01-30 18:33:05 . 2007-04-12 17:19:50 129024 ----a-w- C:\WINDOWS\system32\AVERM.dll
2011-01-30 18:33:05 . 2006-09-26 16:57:40 28672 ----a-w- C:\WINDOWS\system32\AVEQT.dll
2011-01-30 18:33:00 . 2011-01-30 18:36:59 -------- d-----w- C:\Arquivos de programas\Movie DVD Maker
2011-01-26 17:06:44 . 2011-01-26 17:06:46 -------- d-----w- C:\Arquivos de programas\Convert Multiple FLV Files To MPEG or AVI Files Software
2011-01-26 16:51:52 . 2011-01-26 16:51:56 -------- d-----w- C:\Arquivos de programas\Efficient WMA MP3 Converter
2011-01-26 16:46:18 . 2011-01-26 16:46:20 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Common Share
2011-01-26 16:46:18 . 2008-12-18 16:38:32 719872 ----a-w- C:\WINDOWS\system32\devil.dll
2011-01-26 16:46:17 . 2008-12-18 16:38:30 351744 ----a-w- C:\WINDOWS\system32\avisynth.dll
2011-01-26 16:46:16 . 2008-12-18 16:38:30 1700352 ----a-w- C:\WINDOWS\system32\gdiplus.dll
2011-01-26 16:46:12 . 2011-01-26 16:46:12 -------- d-----w- C:\Arquivos de programas\OJOsoft
2011-01-26 16:42:02 . 2011-01-26 16:42:02 -------- d-----w- C:\Arquivos de programas\Emicsoft Studio
2011-01-26 16:37:47 . 2011-01-26 16:37:47 -------- d-----w- C:\Arquivos de programas\Doremisoft
2011-01-26 16:32:22 . 2011-01-26 16:32:22 -------- d-----w- C:\Mp3 Output
2011-01-26 16:32:19 . 2011-01-26 16:32:19 -------- d-----w- C:\Arquivos de programas\Smallvideosoft
2011-01-26 16:32:19 . 2009-06-08 18:33:08 8676883 ----a-w- C:\WINDOWS\system32\mp3Media2.dll
2011-01-25 00:41:29 . 2011-01-25 00:41:29 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit
2011-01-25 00:40:11 . 2011-01-25 00:44:32 -------- d-----w- C:\Arquivos de programas\DAP
2011-01-21 23:07:59 . 2011-01-21 23:07:59 -------- d-----w- C:\ubuntu-backup
2011-01-21 17:48:06 . 2010-12-03 19:59:23 25048 ----a-w- C:\Arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll
2011-01-21 17:48:06 . 2010-12-03 19:59:23 140248 ----a-w- C:\Arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll
2011-01-21 17:48:02 . 2010-12-03 19:59:23 912344 ----a-w- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
2011-01-21 14:55:50 . 2011-01-21 14:55:50 -------- d-----w- C:\Documents and Settings\uu\Dados de aplicativos\IObit
2011-01-21 14:55:49 . 2011-01-21 14:55:49 -------- d-----w- C:\Arquivos de programas\IObit
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 01:08:54 . 2010-12-29 01:08:54 0 ----a-w- C:\WINDOWS\system32\ConduitEngine.tmp
2010-12-28 13:46:30 . 2009-08-17 16:50:55 46600 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys
2010-12-24 00:54:18 . 2010-12-24 00:54:16 143360 ----a-w- C:\WINDOWS\system32\unzip32.dll
2010-01-26 13:11:08 . 2010-11-23 23:26:53 444283 ----a-w- C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 10:26:36 3908192]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26:36 3908192 ----a-w- C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2010-10-18 10:26:36 3908192 ----a-w- C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 10:26:36 3908192]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll" [2010-10-18 10:26:36 3908192]
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-06-29 09:24:52 286720]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [2006-11-03 14:01:16 319488]
"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 14:44:34 31072]
"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2008-10-17 18:52:10 51048]
"osCheck"="C:\Arquivos de programas\Norton 360\osCheck.exe" [2008-02-26 14:50:44 988512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-02-01 11:50:26 354592 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe
backup=C:\WINDOWS\pss\Flash.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]
path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Download Mage.lnk]
path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Download Mage.lnk
backup=C:\WINDOWS\pss\Download Mage.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]
path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK
backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Skyscape SmartUpdate.lnk]
path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Skyscape SmartUpdate.lnk
backup=C:\WINDOWS\pss\Skyscape SmartUpdate.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 02:07:44 932288 ----a-r- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 07:47:04 35760 ----a-w- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42:00 33120 ----a-w- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-14 03:57:24 135664 ----atw- C:\Documents and Settings\uu\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
2004-05-05 16:54:34 262210 ------w- C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 14:01:16 319488 ----a-w- C:\WINDOWS\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:21:10 1695232 ----a-w- C:\Arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57:24 153136 ----a-w- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 16:50:26 54576 ----a-w- C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 09:24:52 286720 ----a-w- C:\Arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-05-26 03:01:44 49152 ----a-r- C:\WINDOWS\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 19:49:48 14940040 ----a-r- C:\Arquivos de programas\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2003-12-31 04:39:04 40960 ----a-w- C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2004-09-23 15:41:54 860160 ----a-w- C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 12:11:10 1388544 ----a-w- C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-14 03:38:53 149280 ----a-w- C:\Arquivos de programas\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-25 01:38:51 39408 ----a-w- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Arquivos de programas\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"C:\\GenialGiFT\\gift\\giFT.exe"=
"C:\\Arquivos de programas\\K-LiteNitro\\giFT\\giFTl.exe"=
"skp66.exe"= skp66.exe:BNDMSS
"C:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=
"ud32.exe"= ud32.exe:BNDMSS
"C:\\Arquivos de programas\\Ares\\Ares.exe"=
"C:\\Documents and Settings\\uu\\Meus documentos\\emulator-win\\Emulator.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\Valve\\Counter-Strike Source\\srcds.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Arquivos de programas\\Valve\\hl.exe"=
"C:\\Arquivos de programas\\Valve\\hlds.exe"=
"C:\\RemoteView\\BcastTcp.exe"=
"C:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15615:TCP"= 15615:TCP:NortonAV
"17371:TCP"= 17371:TCP:NortonAV
"17598:TCP"= 17598:TCP:NortonAV
"16173:TCP"= 16173:TCP:NortonAV
"15121:TCP"= 15121:TCP:NortonAV
"18053:TCP"= 18053:TCP:NortonAV
"16092:TCP"= 16092:TCP:NortonAV
"14679:TCP"= 14679:TCP:NortonAV
"12345:TCP"= 12345:TCP:NortonAV
"15458:TCP"= 15458:TCP:NortonAV
"15379:TCP"= 15379:TCP:NortonAV
"17238:TCP"= 17238:TCP:NortonAV
"15994:TCP"= 15994:TCP:NortonAV
"17564:TCP"= 17564:TCP:NortonAV
"13620:TCP"= 13620:TCP:NortonAV
"13793:TCP"= 13793:TCP:NortonAV
"12503:TCP"= 12503:TCP:NortonAV
"15290:TCP"= 15290:TCP:NortonAV
"15012:TCP"= 15012:TCP:NortonAV
"14760:TCP"= 14760:TCP:NortonAV
"12891:TCP"= 12891:TCP:NortonAV
"12835:TCP"= 12835:TCP:NortonAV
"12557:TCP"= 12557:TCP:NortonAV
"18892:TCP"= 18892:TCP:NortonAV
"14865:TCP"= 14865:TCP:NortonAV
"18611:TCP"= 18611:TCP:NortonAV
R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [17/8/2009 13:50:55 46600]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2/7/2009 09:52:27 28544]
R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [14/8/2010 13:37:08 207280]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [6/5/2010 19:26:38 691696]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe [14/8/2010 13:40:03 112592]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [21/7/2008 12:50:02 106496]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCSVCHST.EXE [18/2/2008 16:37:20 149352]
R2 npf;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [26/1/2010 23:09:02 50704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2011 02:32:20 102448]
R3 NTProcDrv;Process creation detector for NT.;C:\WINDOWS\temp\drv1.tmp [14/2/2011 21:01:20 3584]
S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [10/6/2010 09:24:08 136176]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\drivers\COH_Mon.sys [12/1/2008 23:32:00 23888]
S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys --> D:\Fxdrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [14/8/2010 13:36:58 365280]
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\drivers\usb2vcom.sys [17/4/2008 16:32:15 30368]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\drivers\ulink.sys [30/7/2008 17:17:29 40060]
S3 zlportio;zlportio;\??\C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys --> C:\Documents and Settings\uu\Desktop\Renan\Downloads - RG\Jogos\UltraSta Deluxe 1.1\zlportio.sys [?]
--- =Outros Serviços/Drivers Na Memória ---
NewlyCreated - COMHOST
.
Conteúdo da pasta 'Tarefas Agendadas'
2011-02-15 C:\WINDOWS\Tasks\Google Software Updater.job
2011-02-15 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2011-02-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2010-05-31 C:\WINDOWS\Tasks\mixpadSevenDaysInit.job
2010-06-10 C:\WINDOWS\Tasks\mixpadShakeIcon.job
2010-06-10 C:\WINDOWS\Tasks\photostageShakeIcon.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
IE: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
IE: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
IE: Download Links As... - file://C:\WINDOWS\system32\page.htm
IE: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm
IE: E&xport to Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\ARQUIV~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\ARQUIV~1\DAP\dapie.dll
DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} - hxxp://www.masterkids.ddns.com.br/ActiveViewGUI.cab
DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} - hxxp://www.masterkids.ddns.com.br/ActiveView.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - C:\Documents and Settings\uu\Dados de aplicativos\Mozilla\Firefox\Profiles\94m5qc5q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - FreeOnlineRadioPlayerRecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.http - 192.168.1.64
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - Ext: YouTube Video Downloader: firefox-ext@youtubekeep.com - %profile%\extensions\firefox-ext@youtubekeep.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Arquivos de programas\DAP\DAPFireFox
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-Nokia.PCSync - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AMsnMonitor - C:\Arquivos de programas\AwinSoft\MsnMonitor\A_MSN_Monitor.exe
MSConfigStartUp-AVG - C:\WINDOWS\system32\antav\av.exe
MSConfigStartUp-AVG7_CC - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-AVG8_TRAY - C:\ARQUIV~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Emurayden PSX Emulator - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-EPSON Stylus C67 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE
MSConfigStartUp-Flash - C:\Arquivos de programas\Flash.exe
MSConfigStartUp-LanguageShortcut - C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-MsnMonitor - C:\Arquivos de programas\IMMonitor\MSN Messenger Monitor Sniffer\MsnMonitor.exe
MSConfigStartUp-PCSuiteTrayApplication - C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-RemoteControl - C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-SpeedBitVideoAccelerator - C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
MSConfigStartUp-SUPERAntiSpyware - C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Virtual PDF Printer - C:\Arquivos de programas\Virtual PDF Printer\VirtualPDFPrinter.exe
MSConfigStartUp-WatchDog - C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:16:08, on 14/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\uu\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\tbFre0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton 360\osCheck.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm
O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2ADE19BB-1E79-4EC4-976E-AC74339ADD76} (ActiveViewGUI Control) - http://www.masterkids.ddns.com.br/ActiveViewGUI.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://www.masterkids.ddns.com.br/ActiveView.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Arquivos de programas\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 13722 bytes
:) Vários problemas foram removidos pelo Combofix.
________________________
:seta: Siga, por gentileza, estas dicas:
Tutorial do Malwarebytes Anti-Malware
__________________________
:seta: Depois disso é só voltar aqui no fórum e postar um novo log do Hijackthis, o log do Malwarebytes e o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC depois disto.
Ficamos no aguardo de sua resposta.
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
:) Olá Nigel!
:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:
Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall
/applications/core/interface/imageproxy/imageproxy.php?img=http://img181.imageshack.us/img181/5825/combofixejr8.gif&key=0d882a59a7a65b06e1b50e837804afc9002b25433ef74e0c3f66f43a58058f7b" alt="combofixejr8.gif" />
* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Rookit_found.gif&key=eb1b849776e4208479b15adbf0e86845810495533720ff18c63647e4d0943f29" alt="Rookit_found.gif" />
* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>
Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.
Ficamos no aguardo.