[Resolvido!]Fvr ver meu log do hijackthis

[ZecAdi 0]

Parabéns pela solidariedade colocada em ação. Tenho 3 PC´s em casa em rede. Em um deles, aparece msg de infectado pelo virus BV:KILLFILLES-K. Baixei e instalei o Hijackthis conf. instruções daqui. Envio abaixo o log do mesmo. Agradeço pela ajuda. Prof. Avelar

 

Logfile of HijackThis v1.99.1

Scan saved at 17:05:29, on 25/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibedep.com.br/

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [explore] C:\WINDOWS\system32\explore.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Wapp] C:\Arquivos de programas\Wapp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [idol type] C:\DOCUME~1\User\DADOSD~1\ERRORH~1\livedashowns.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O4 - Global Startup: Wapp.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[jgarcia 1]

Opa ZecAdi,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[ZecAdi 0]

Obrigado Jose Carlos (chará) pela pronta atenção.

Desculpa só responder agora. Estive fora uns dias. Abaixo, envio o novo log do Hijack mais o Relat. do Banker.

Agradeço sinceramente, e novamente parabenizo pela solidariedade.

Prof. Jose Carlos Avelar ZecAdi

 

Logfile of HijackThis v1.99.1

Scan saved at 12:34:00, on 6/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibedep.com.br/

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [idol type] C:\DOCUME~1\User\DADOSD~1\ERRORH~1\livedashowns.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 6/10/2007 - 12:3

-------------------------------------------------------

Lista de Definição: 2007-09-30-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\Tasks\startt.job

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

[jgarcia 1]

Opa ZecAdi,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[ZecAdi 0]

Oi Jose Carlos

Te repasso os logs do ComboFix e Jijack

Abrços, Prof. Zeca

 

ComboFix 07-10-06.5 - User 2007-10-06 20:17:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.222 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Configura‡äes locais\Temporary Internet Files\Content.IE5\MPQ3STUJ\ComboFix[1].exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\1.exe

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\ScreenSaver\ImagesC816E6.urr

C:\Arquivos de programas\FunWebProducts\ScreenSaver\ImagesE0F933.urr

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Arquivos de programas\internet explorer\msimg32.dll

C:\Arquivos de programas\MSN Messenger\msimg32.dll

C:\Arquivos de programas\MyWebSearch

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Arquivos de programas\MyWebSearch\bar\Cache067FD1

C:\Arquivos de programas\MyWebSearch\bar\Cache137EB9.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache139B0B.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache139F41.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache13A423.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache4D0095

C:\Arquivos de programas\MyWebSearch\bar\Cache752ACF

C:\Arquivos de programas\MyWebSearch\bar\CacheCC42D5

C:\Arquivos de programas\MyWebSearch\bar\CacheCC7147

C:\Arquivos de programas\MyWebSearch\bar\CacheCC9AD8.bin

C:\Arquivos de programas\MyWebSearch\bar\CacheCCA2D7.bin

C:\Arquivos de programas\MyWebSearch\bar\CacheCCA6DE.bin

C:\Arquivos de programas\MyWebSearch\bar\CacheCCA9AD.bin

C:\Arquivos de programas\MyWebSearch\bar\CacheCCAD47.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache10036F1

C:\Arquivos de programas\MyWebSearch\bar\Cache278C9E5.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache278CE1B.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache278DC63.bin

C:\Arquivos de programas\MyWebSearch\bar\Cache\files.ini

C:\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S

C:\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S

C:\Arquivos de programas\MyWebSearch\bar\History\search2

C:\Arquivos de programas\MyWebSearch\bar\Search\COMMON.F3S

C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat

C:\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Documents and Settings\MiNaSa\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EM3BF4K2\iforex.com

C:\Documents and Settings\MiNaSa\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\EM3BF4K2\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\MiNaSa\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\MiNaSa\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\Documents and Settings\PattydZ\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WAM5YFNN\iforex.com

C:\Documents and Settings\PattydZ\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\WAM5YFNN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\PattydZ\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\PattydZ\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\WINDOWS\system32\f3PSSavr.scr

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-06 to 2007-10-06 ))))))))))))))))))))))))))))))))

.

 

2007-10-06 20:15 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-06 11:58 <DIR> d-------- C:\LinhaDefensiva

2007-09-29 17:10 <DIR> d-------- C:\Arquivos de programas\GCN

2007-09-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2007-09-25 21:19 <DIR> d-------- C:\Arquivos de programas\IObit

2007-09-25 17:01 <DIR> d-------- C:\Hijack

2007-09-15 15:50 1,117,491 --a------ C:\Arquivos de programas\dvdshrink32setup.exe

2007-09-15 15:50 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-06 20:19 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-10-05 18:14 --------- d-------- C:\Documents and Settings\MiNaSa\Dados de aplicativos\MegauploadToolbar

2007-10-02 12:39 --------- d-------- C:\Arquivos de programas\Winamp

2007-09-28 15:31 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-09-26 16:08 --------- d-------- C:\Arquivos de programas\ADSTechnology

2007-09-26 16:04 --------- d-------- C:\Arquivos de programas\ActivationManager

2007-09-09 00:39 --------- d-------- C:\Arquivos de programas\TraduNet

2007-09-09 00:05 --------- d-------- C:\Arquivos de programas\K-LiteNitro

2007-09-06 07:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 07:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 07:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 07:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 07:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-09-04 10:24 --------- d-------- C:\Arquivos de programas\Umbrella Corp

2007-09-01 02:03 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2007-09-01 02:02 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-08-31 10:31 --------- d-------- C:\Arquivos de programas\Adverts

2007-08-31 10:30 --------- d-------- C:\Arquivos de programas\Windows Live

2007-08-31 10:30 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-29 21:41 --------- d-------- C:\Arquivos de programas\Google

2007-08-27 21:30 --------- d-------- C:\Arquivos de programas\LimeWire

2007-08-11 15:44 --------- d-------- C:\Arquivos de programas\PhotoFiltre Studio

2007-08-10 14:18 --------- d-------- C:\Documents and Settings\User\Dados de aplicativos\Error heart view

2007-07-11 16:52 13357278 --a------ C:\videoconvertersetup.exe

2007-03-15 13:52 611264 --a------ C:\Arquivos de programas\kazaa_setup.exe

2007-03-15 13:31 2791684 --a------ C:\Arquivos de programas\klitekpp243b.exe

2007-01-10 16:54 4859480 --a------ C:\Arquivos de programas\MsgPlusLive-411.exe

2006-12-17 14:15 1735680 --a------ C:\Arquivos de programas\vagalume-letras-mediaplayer-plugin-v1-2.exe

2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

2006-12-17 18:06:45 88 --sh--r C:\WINDOWS\system32\4B8637DCE8.sys

2006-12-17 18:07:02 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

2007-09-12 11:52 221184 --a------ C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-16 14:55]

"nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2001-12-16 14:55]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 15:49]

"PowerBar"="C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]

"idol type"="C:\DOCUME~1\User\DADOSD~1\ERRORH~1\livedashowns.exe" []

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-04-11 20:50]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.exe.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-18 14:38:50]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

Remote Controller.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE [2006-08-18 11:28:47]

TV Scheduler.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE [2006-08-18 11:28:47]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll [2007-03-06 10:00 222376]

 

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.SYS

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS

S3 dTVdrvNT;dTVdrvNT;\??\C:\Arquivos de programas\Prolink\PlayTV Pro\dTVdrvNT.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f3f6c43-2c69-11db-a0a8-806d6172696f}]

AutoRun\command- D:\instalar.exe /AUTORUN

configure\command- D:\instalar.exe

install\command- D:\instalar.exe

Web\Command- D:\runshell.exe http://www.badcd.i8.com

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-06 22:32:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-06 20:22:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpip_patcher]

"ImagePath"="\??\C:\Arquivos de programas\Ares\tcpip_patcher.sys"

.

Tempo para conclusão: 2007-10-06 20:24:54 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-06 20:24

.

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:37:04, on 6/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibedep.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [idol type] C:\DOCUME~1\User\DADOSD~1\ERRORH~1\livedashowns.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk142YYBR

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[jgarcia 1]

Opa ZecAdi,

 

Vamos lá.

 

Desinstale:

-> AskSBar

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Documents and Settings\User\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\PattydZ\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\MiNaSa\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\Loren\Dados de aplicativos\GDIPFONTCACHEV1.DAT

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Localize e delete:

 

C:\Arquivos de programas\AskSBar <- a pasta

C:\Arquivos de programas\Error heart view <- a pasta

 

3ª Etapa

 

Ainda em Modo Seguro execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

Clique em Fix Checked.

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Vá até a pasta C:\!Killbox e delete o conteúdo.

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\Arquivos de programas\Ares\tcpip_patcher.sys

 

O resultado que você postou refere-se ao arquivo winsup.exe, não ao tcpip_patcher.sys.

 

Retorne com o resultado e novos logs do ComboFix e HijackThis.

 

Um abraço.

[ZecAdi 0]

Prezado amigoAinda não pude efetuar conf. sua orientação. Quando fui desinstalar o MyWebSearch, pelo add remov progr. apareceu esta Msg: RUNDLL - "Erro ao carregar C:\ARQUIV~\MYWEBS~1\bar\1.bin\mwsbar.dll". Pergunto o que devo fazer, e como desistalar esse Programa (existe outro caminho?)Abrços,ZecAdi

[jgarcia 1]

Prezado amigo

Ainda não pude efetuar conf. sua orientação. Quando fui desinstalar o MyWebSearch, pelo add remov progr. apareceu esta Msg:

RUNDLL - "Erro ao carregar C:\ARQUIV~\MYWEBS~1\bar\1.bin\mwsbar.dll". Pergunto o que devo fazer, e como desistalar esse Programa (existe outro caminho?)

Abrços,

ZecAdi

Pule esta etapa e siga as demais. ;)

[ZecAdi 0]

Prezado amigo

Ainda não pude efetuar conf. sua orientação. Quando fui desinstalar o MyWebSearch, pelo add remov progr. apareceu esta Msg:

RUNDLL - "Erro ao carregar C:\ARQUIV~\MYWEBS~1\bar\1.bin\mwsbar.dll". Pergunto o que devo fazer, e como desistalar esse Programa (existe outro caminho?)

Abrços,

ZecAdi

Pule esta etapa e siga as demais. ;)

 

 

Tive alguma dificuldade, mas penso que cumpri as orientações. Seguem informações.

Abrços,

ZecAdi

 

 

1 = jotti – verificação de arquivo

 

Last file scanned at least one scanner reported something about: winsup.exe (MD5: e682f9a7951a74c4adddacca986dd1fb, size: 151374 bytes), detected by:

Scanner Malware name

A-Squared Backdoor.IRC.Zapchast

AntiVir X

ArcaVir Trojan.Psw.Magania.Gs

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web Tool.CleanDisk

F-Prot Antivirus X

F-Secure Anti-Virus X

Fortinet X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Rising Antivirus Worm.Win32.Agent.vjs

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives

We are not affiliated with any third parties that conduct tests using this service.

 

 

ComboFix 07-10-09.2 - User 2007-10-08 22:29:06.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.242 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\MSN Messenger\msimg32.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))

.

 

2007-10-08 21:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\Webroot

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2007-10-08 21:04 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2007-10-08 21:04 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2007-10-08 21:04 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2007-10-08 21:04 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2007-10-08 20:55 <DIR> d-------- C:\!KillBox

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Arquivos de programas\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Arquivos de programas\AskSBar

2007-10-08 16:46 1,521,464 --a------ C:\WINDOWS\WRSetup.dll

2007-10-08 16:46 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2007-10-08 16:46 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-10-08 16:46 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2007-10-08 16:46 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys

2007-10-08 16:45 164 --a------ C:\install.dat

2007-10-06 21:09 <DIR> d-------- C:\Arquivos de programas\Error heart view

2007-10-06 20:15 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-29 17:10 <DIR> d-------- C:\Arquivos de programas\GCN

2007-09-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2007-09-25 21:19 <DIR> d-------- C:\Arquivos de programas\IObit

2007-09-25 17:01 <DIR> d-------- C:\Hijack

2007-09-15 15:50 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-09 01:31 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-10-09 00:11 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\MEGAUPLOADTOOLBAR

2007-10-08 18:29 90,776 ----a-w C:\Documents and Settings\User\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-07 00:09 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-10-07 00:09 --------- d-----w C:\Arquivos de programas\Adverts

2007-10-05 21:14 --------- d-----w C:\Documents and Settings\MiNaSa\Dados de aplicativos\MegauploadToolbar

2007-10-02 15:39 --------- d-----w C:\Arquivos de programas\Winamp

2007-09-28 18:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-09-26 19:08 --------- d-----w C:\Arquivos de programas\ADSTechnology

2007-09-26 19:04 --------- d-----w C:\Arquivos de programas\ActivationManager

2007-09-09 03:39 --------- d-----w C:\Arquivos de programas\TraduNet

2007-09-09 03:05 --------- d-----w C:\Arquivos de programas\K-LiteNitro

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-09-04 13:24 --------- d-----w C:\Arquivos de programas\Umbrella Corp

2007-09-01 05:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2007-09-01 05:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-08-31 13:30 --------- d-----w C:\Arquivos de programas\Windows Live

2007-08-30 00:41 --------- d-----w C:\Arquivos de programas\Google

2007-08-28 00:30 --------- d-----w C:\Arquivos de programas\LimeWire

2007-08-11 18:44 --------- d-----w C:\Arquivos de programas\PhotoFiltre Studio

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-06-21 16:29 87,592 ----a-w C:\Documents and Settings\PattydZ\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2006-10-26 19:04 19,576 ----a-w C:\Documents and Settings\MiNaSa\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2006-08-22 13:49 19,576 ----a-w C:\Documents and Settings\Loren\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2006-12-17 18:07:02 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2007-10-06_20.23.59.23 )))))))))))))))))))))))))))))))))))))))))

.

----a-w 16,184 2007-07-20 01:42:36 C:\WINDOWS\system32\ssiefr.EXE

----a-w 219,448 2007-07-20 01:42:36 C:\WINDOWS\system32\WRLogonNtf.dll

----a-w 26,424 2007-07-20 01:42:36 C:\WINDOWS\system32\wrlzma.dll

----atw 16,384 2007-10-09 01:34:28 C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

2007-09-12 11:52 221184 --a------ C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

2007-10-08 16:46 267592 --a------ C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-10-08 16:46 267592]

 

[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-10-08 16:46 267592]

 

[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

"SpySweeper"="C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 15:49]

"PowerBar"="C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]

"idol type"="C:\DOCUME~1\User\DADOSD~1\ERRORH~1\livedashowns.exe" []

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2007-04-11 20:50]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.exe.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-18 14:38:50]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

Remote Controller.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE [2006-08-18 11:28:47]

TV Scheduler.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE [2006-08-18 11:28:47]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll [2007-03-06 10:00 222376]

 

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.SYS

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS

S3 dTVdrvNT;dTVdrvNT;\??\C:\Arquivos de programas\Prolink\PlayTV Pro\dTVdrvNT.sys

AutoRun\command - D:\instalar.exe /AUTORUN

configure\command - D:\instalar.exe

install\command - D:\instalar.exe

Web\Command - D:\runshell.exe http://www.badcd.i8.com

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-09 01:32:11 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

"2007-10-08 19:46:45 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-08 22:35:41

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-08 22:38:13 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-10-08 22:37

C:\ComboFix2.txt ... 2007-10-06 20:24

.

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:52:08, on 8/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibedep.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

[jgarcia 1]

Opa ZecAdi,

 

Vamos lá.

 

Desinstale:

-> AskSBar

 

Utilize Adicionar / Remover programas.

 

Desinstale e reinicie após tê-lo feito.

 

Obs.: Caso não encontre o programa acima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Documents and Settings\User\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\PattydZ\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\MiNaSa\Dados de aplicativos\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\Loren\Dados de aplicativos\GDIPFONTCACHEV1.DAT

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro.

 

Localize e delete:

 

C:\Arquivos de programas\AskSBar <- a pasta

C:\Arquivos de programas\Error heart view <- a pasta

 

3ª Etapa

 

Ainda em Modo Seguro execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

Clique em Fix Checked.

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Vá até a pasta C:\!Killbox e delete o conteúdo.

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\Arquivos de programas\Ares\tcpip_patcher.sys

 

O resultado que você postou refere-se ao arquivo winsup.exe, não ao tcpip_patcher.sys.

 

Retorne com o resultado e novos logs do ComboFix e HijackThis.

 

Um abraço.

 

PS.: Eu já havia postado a resposta, mas acabei me confundindo e editei a resposta anterior ao invés de postá-la de modo distinto. :(

[ZecAdi 0]

Obrigado Amigo

Amanhã ou depois, vou fazer o que orientado, visto que devo primeiro, arrumar um probl. no teclado desse PC. Desculpe pela demora na resposta - eu ñ a tinha visto ainda.

Novamente Grato - Prof. Avelar

[jgarcia 1]

Obrigado Amigo

Amanhã ou depois, vou fazer o que orientado, visto que devo primeiro, arrumar um probl. no teclado desse PC. Desculpe pela demora na resposta - eu ñ a tinha visto ainda.

Novamente Grato - Prof. Avelar

Ok. Ficarei no aguardo. :thumbsup:

[ZecAdi 0]

Ola Amigo.

Agora ha pouco, estive fazendo o orientado. Informo que 1) ñ constava o Progr. AskSbar; 2) ñ tinha a mesma Pasta (2a. Etapa) 3) Executando no Modo Seguro o HijackThis não constavam no Quadro os Arquivos 02 - BHO: AskToolbar... e 03 - Toolbar: AskToolbar; 4) Não pude submeter o Arquivo C:\Arqu...Progr...\Ares\tcpip_patcher.sys, visto que o mesmo não consta mais no PC.

Estou postando agora, os logs do ComboFix e HijackThis.

Obrigado pelo PS - e eu que peço desculpas, por ter pensado que o amigo não tinha visto meu problema. Abrços. ZecAdi

 

ComboFix 07-10-23.2 - User 2007-10-27 13:37:07.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.274 [GMT -3:00]

Executando de: C:\Documents and Settings\User\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))))

.

 

2007-10-27 12:57 73,728 --a------ C:\KillBox.exe

2007-10-16 18:46 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2007-10-16 18:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-10-16 18:45 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-10-13 16:16 <DIR> d-------- C:\Documents and Settings\MiNaSa\Dados de aplicativos\Webroot

2007-10-12 23:03 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-10-10 15:44 <DIR> d-------- C:\Documents and Settings\User\TEMP

2007-10-10 15:31 298,496 --a------ C:\WINDOWS\unin0416.exe

2007-10-10 15:29 <DIR> d-------- C:\Arquivos de programas\MGI

2007-10-10 15:29 15,664 --a------ C:\WINDOWS\system32\PSUITE.SCR

2007-10-10 15:26 <DIR> d-------- C:\Acrobat3

2007-10-10 15:24 327,168 --a------ C:\WINDOWS\IsUn0416.exe

2007-10-09 09:10 <DIR> d-------- C:\Documents and Settings\PattydZ\Dados de aplicativos\Webroot

2007-10-08 21:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\Webroot

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2007-10-08 21:04 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2007-10-08 21:04 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2007-10-08 21:04 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2007-10-08 21:04 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2007-10-08 21:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot

2007-10-08 16:46 <DIR> d-------- C:\Arquivos de programas\Webroot

2007-10-08 16:46 1,521,464 --a------ C:\WINDOWS\WRSetup.dll

2007-10-08 16:46 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2007-10-08 16:46 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-10-08 16:46 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2007-10-08 16:46 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys

2007-10-08 16:45 164 --a------ C:\install.dat

2007-10-06 20:15 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-29 17:10 <DIR> d-------- C:\Arquivos de programas\GCN

2007-09-28 18:57 <DIR> d-------- C:\WINDOWS\Sun

2007-09-28 18:57 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2007-09-28 18:55 <DIR> d-------- C:\Arquivos de programas\Java

2007-09-28 18:48 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-27 16:22 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-10-27 15:21 --------- d-----w C:\Arquivos de programas\K-LiteNitro

2007-10-26 22:00 --------- d-----w C:\Arquivos de programas\ActivationManager

2007-10-10 21:44 --------- d-----w C:\Arquivos de programas\LimeWire

2007-10-10 21:43 --------- d-----w C:\Arquivos de programas\Winamp

2007-10-10 21:41 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2007-10-10 14:31 --------- d-----w C:\Documents and Settings\PattydZ\Dados de aplicativos\MEGAUPLOADTOOLBAR

2007-10-09 01:31 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-10-05 21:14 --------- d-----w C:\Documents and Settings\MiNaSa\Dados de aplicativos\MegauploadToolbar

2007-09-26 19:08 --------- d-----w C:\Arquivos de programas\ADSTechnology

2007-09-26 00:19 --------- d-----w C:\Arquivos de programas\IObit

2007-09-15 18:50 --------- d-----w C:\Arquivos de programas\DVD Shrink

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-09-01 05:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-09-01 05:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-08-30 00:41 --------- d-----w C:\Arquivos de programas\Google

2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-16 19:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2006-12-17 18:07:02 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2007-10-06_20.23.59.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-08-22 12:57:21 1,023,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll

+ 2007-08-22 12:57:21 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll

+ 2007-08-22 12:57:21 1,055,744 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll

+ 2007-08-22 12:57:21 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll

+ 2007-08-22 12:57:21 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll

+ 2007-08-22 12:57:21 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll

+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe

+ 2007-08-22 12:57:21 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll

+ 2007-08-22 12:57:21 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll

+ 2007-08-22 12:57:21 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll

+ 2007-08-22 12:57:23 3,085,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll

+ 2007-08-22 12:57:23 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll

+ 2007-08-22 12:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll

+ 2007-08-22 12:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll

+ 2007-08-22 12:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll

+ 2007-08-22 12:57:24 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll

+ 2007-08-22 12:57:24 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll

+ 2007-08-21 10:50:38 359,936 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\spru0416.dll

+ 2007-08-22 12:57:25 619,008 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll

+ 2007-08-22 12:57:26 667,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll

+ 2007-08-21 06:25:40 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll

- 2007-09-28 12:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe

+ 2007-10-20 09:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe

- 2007-08-19 19:41:09 32,768 ----a-w C:\WINDOWS\Downloaded Program Files\MsnChat40pt-br.dll

+ 2007-10-12 23:33:55 32,768 ----a-w C:\WINDOWS\Downloaded Program Files\MsnChat40pt-br.dll

+ 2002-05-31 12:20:20 117,328 ----a-w C:\WINDOWS\Downloaded Program Files\PURpt-br.dll

+ 2007-10-13 20:35:22 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2007-10-13 02:03:54 29,926 ----a-r C:\WINDOWS\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

- 2007-08-16 15:42:00 167,936 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\accicons.exe

+ 2007-10-11 05:20:26 167,936 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\accicons.exe

- 2007-08-16 15:42:00 81,920 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\fpicon.exe

+ 2007-10-11 05:20:26 81,920 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\fpicon.exe

- 2007-08-16 15:42:00 34,304 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2007-10-11 05:20:26 34,304 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\misc.exe

- 2007-08-16 15:42:00 8,192 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2007-10-11 05:20:26 8,192 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\mspicons.exe

- 2007-08-16 15:42:00 3,584 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2007-10-11 05:20:26 3,584 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\opwicon.exe

- 2007-08-16 15:42:01 114,688 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2007-10-11 05:20:26 114,688 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\outicon.exe

- 2007-08-16 15:42:00 16,384 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2007-10-11 05:20:26 16,384 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\PEicons.exe

- 2007-08-16 15:42:00 30,720 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\pptico.exe

+ 2007-10-11 05:20:26 30,720 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\pptico.exe

- 2007-08-16 15:42:01 22,528 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2007-10-11 05:20:26 22,528 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\unbndico.exe

- 2007-08-16 15:42:00 45,056 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2007-10-11 05:20:26 45,056 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\wordicon.exe

- 2007-08-16 15:42:00 90,112 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2007-10-11 05:20:26 90,112 ----a-r C:\WINDOWS\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\xlicons.exe

- 1998-10-29 20:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe

+ 1998-10-29 19:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe

- 2007-06-14 18:09:18 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

+ 2007-08-22 13:13:26 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll

- 2007-06-14 18:09:19 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

+ 2007-08-22 13:13:26 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

- 2007-06-14 18:09:19 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

+ 2007-08-22 13:13:27 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

- 2007-06-14 18:09:18 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll

+ 2007-08-22 13:13:26 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll

- 2007-06-14 18:09:19 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll

+ 2007-08-22 13:13:26 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll

- 2007-06-14 18:09:19 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

+ 2007-08-22 13:13:27 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

- 2007-06-14 18:09:19 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2007-08-22 13:13:27 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-06-14 18:09:19 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2007-08-22 13:13:27 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2007-08-22 13:13:27 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

+ 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

- 2007-06-14 18:09:19 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2007-08-22 13:13:28 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

- 2007-05-16 15:13:54 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

+ 2007-08-21 06:17:40 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

- 2007-06-14 18:09:19 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

+ 2007-08-22 13:13:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2007-08-22 13:13:28 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2007-06-14 18:09:22 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2007-08-22 13:13:29 3,079,168 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-06-14 18:09:20 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2007-08-22 13:13:29 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-06-14 18:09:20 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2007-08-22 13:13:29 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-06-14 18:09:21 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2007-08-22 13:13:30 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-06-14 18:09:21 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2007-08-22 13:13:30 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2004-08-04 03:45:26 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll

+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll

- 2007-06-14 18:09:21 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2007-08-22 13:13:31 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2007-06-14 18:09:21 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2007-08-22 13:13:32 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

- 2007-06-14 18:09:21 616,448 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2007-08-22 13:13:32 616,448 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-06-26 14:09:18 660,992 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2007-08-22 13:13:32 660,992 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2001-08-18 00:05:12 48,000 ----a-w C:\WINDOWS\system32\drivers\OVCam2.sys

+ 2001-08-18 01:05:12 48,000 ----a-w C:\WINDOWS\system32\drivers\OVCam2.sys

- 2001-08-18 00:05:16 28,032 ----a-w C:\WINDOWS\system32\drivers\OVCD.sys

+ 2001-08-18 01:05:16 28,032 ----a-w C:\WINDOWS\system32\drivers\OVCD.sys

- 2001-08-18 00:05:12 351,616 ----a-w C:\WINDOWS\system32\drivers\OVCodek2.sys

+ 2001-08-18 01:05:12 351,616 ----a-w C:\WINDOWS\system32\drivers\OVCodek2.sys

- 2007-06-14 18:09:19 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2007-08-22 13:13:27 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2007-08-22 13:13:27 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2007-08-22 13:13:27 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2007-10-05 13:26:46 272,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2007-10-15 12:20:15 275,448 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2004-08-04 03:55:42 20,992 ----a-w C:\WINDOWS\system32\hid.dll

+ 2004-08-04 03:45:24 20,992 ----a-w C:\WINDOWS\system32\hid.dll

- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

+ 2007-08-22 13:13:28 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

- 2007-06-14 18:09:19 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

+ 2007-08-22 13:13:28 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

- 2004-08-04 02:45:24 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll

+ 2004-08-04 03:45:24 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll

- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-08-22 13:13:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-06-14 18:09:22 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2007-08-22 13:13:29 3,079,168 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-06-14 18:09:20 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2007-08-22 13:13:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-06-14 18:09:20 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2007-08-22 13:13:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-06-14 18:09:21 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2007-08-22 13:13:30 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

- 2004-08-04 02:45:26 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll

+ 2004-08-04 03:45:26 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll

- 2001-09-06 01:50:20 116,736 ----a-w C:\WINDOWS\system32\OVCodec2.dll

+ 2001-09-06 02:50:20 116,736 ----a-w C:\WINDOWS\system32\OVCodec2.dll

- 2001-09-06 01:50:20 44,544 ----a-w C:\WINDOWS\system32\OVUI2.dll

+ 2001-09-06 02:50:20 44,544 ----a-w C:\WINDOWS\system32\OVUI2.dll

- 2001-09-06 01:50:20 42,496 ----a-w C:\WINDOWS\system32\OVUI2RC.dll

+ 2001-09-06 02:50:20 42,496 ----a-w C:\WINDOWS\system32\OVUI2RC.dll

- 2007-06-14 18:09:21 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2007-08-22 13:13:30 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2004-08-04 03:45:26 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll

+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll

- 2007-06-14 18:09:21 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2007-08-22 13:13:31 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2007-06-14 18:09:21 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2007-08-22 13:13:32 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2007-07-20 01:42:36 16,184 ----a-w C:\WINDOWS\system32\ssiefr.EXE

- 2007-10-05 13:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2007-04-02 17:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe

- 2001-09-06 01:50:24 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll

+ 2001-09-06 02:50:24 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll

- 2007-06-14 18:09:21 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2007-08-22 13:13:32 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2004-08-04 02:45:28 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll

+ 2004-08-04 03:45:28 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll

- 2007-06-26 14:09:18 660,992 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-08-22 13:13:32 660,992 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-07-20 01:42:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll

+ 2007-07-20 01:42:36 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll

- 2007-06-14 14:24:20 119,296 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-08-21 10:53:16 119,296 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-10-27 16:20:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat

+ 2000-06-22 08:11:28 23,040 ----a-r C:\WINDOWS\twain_32\600x1200\CloseDET.EXE

+ 2000-07-10 05:21:32 34,816 ----a-r C:\WINDOWS\twain_32\600x1200\DelINF.EXE

+ 2000-08-07 04:00:12 38,400 ----a-r C:\WINDOWS\twain_32\600x1200\Detector.exe

+ 1999-08-31 09:09:44 57,856 ----a-r C:\WINDOWS\twain_32\600x1200\gl.dll

+ 2000-06-07 18:05:32 45,056 ----a-r C:\WINDOWS\twain_32\600x1200\ImgProc.dll

+ 1998-05-14 17:00:28 33,792 ----a-r C:\WINDOWS\twain_32\600x1200\LFbmp90n.dll

+ 1998-04-03 20:23:42 235,008 ----a-r C:\WINDOWS\twain_32\600x1200\LFcmp90n.dll

+ 1998-05-14 16:59:56 64,512 ----a-r C:\WINDOWS\twain_32\600x1200\LFfax90n.dll

+ 1998-04-03 20:24:40 35,840 ----a-r C:\WINDOWS\twain_32\600x1200\LFlma90n.dll

+ 1998-04-03 20:24:46 31,232 ----a-r C:\WINDOWS\twain_32\600x1200\LFlmb90n.dll

+ 1998-04-03 20:25:14 30,720 ----a-r C:\WINDOWS\twain_32\600x1200\LFpcx90n.dll

+ 1998-05-14 17:05:34 118,272 ----a-r C:\WINDOWS\twain_32\600x1200\LFtif90n.dll

+ 1998-04-03 20:26:08 28,160 ----a-r C:\WINDOWS\twain_32\600x1200\LFwmf90n.dll

+ 1998-04-03 20:21:36 220,160 ----a-r C:\WINDOWS\twain_32\600x1200\LTDIS90n.dll

+ 1998-04-03 20:21:46 98,304 ----a-r C:\WINDOWS\twain_32\600x1200\ltfil90n.DLL

+ 1998-04-03 20:22:16 107,008 ----a-r C:\WINDOWS\twain_32\600x1200\ltimg90n.dll

+ 1998-04-03 20:21:14 288,256 ----a-r C:\WINDOWS\twain_32\600x1200\ltkrn90n.dll

+ 2000-02-17 21:14:02 57,344 ----a-r C:\WINDOWS\twain_32\600x1200\PMXUSD.DLL

+ 2000-06-23 03:45:46 31,744 ----a-r C:\WINDOWS\twain_32\600x1200\RunDRV.DLL

+ 2000-03-20 03:31:36 17,920 ----a-r C:\WINDOWS\twain_32\600x1200\RunDRV16.DLL

+ 2000-06-21 10:03:28 73,216 ----a-r C:\WINDOWS\twain_32\600x1200\RunDRV2K.DLL

+ 2000-03-20 03:30:52 64,512 ----a-r C:\WINDOWS\twain_32\600x1200\RunDRV95.DLL

+ 2000-03-20 03:30:58 74,240 ----a-r C:\WINDOWS\twain_32\600x1200\RunDRV98.DLL

+ 2000-03-20 03:31:04 85,504 ----a-r C:\WINDOWS\twain_32\600x1200\RunDRVNT.DLL

+ 2000-07-18 01:08:28 208,896 ----a-r C:\WINDOWS\twain_32\600x1200\Set32.dll

+ 2000-06-15 02:45:48 196,608 ----a-r C:\WINDOWS\twain_32\600x1200\Set32old.DLL

+ 2000-06-07 18:04:06 32,768 ----a-r C:\WINDOWS\twain_32\600x1200\StrBase.dll

+ 2000-06-20 18:45:50 376,832 ----a-r C:\WINDOWS\twain_32\600x1200\TBridge.Exe

+ 2000-08-09 00:23:26 331,776 ----a-r C:\WINDOWS\twain_32\600x1200\UI32.DLL

+ 2000-06-07 18:05:24 118,784 ----a-r C:\WINDOWS\twain_32\600x1200\UI3RD_32.DLL

+ 2000-08-29 06:05:50 233,472 ----a-r C:\WINDOWS\twain_32\600x1200\VICEO.DLL

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

2007-10-26 19:00 233472 --a------ C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2001-12-16 14:55 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 C:\WINDOWS\system32\rundll32.exe]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2005-07-08 11:25]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-05-14 19:22]

"Detector"="C:\WINDOWS\twain_32\600x1200\Detector.exe" [2000-08-07 01:00]

"SpySweeper"="C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 15:49]

"PowerBar"="C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll [2007-03-06 10:00 222376]

 

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.SYS

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS

S3 dTVdrvNT;dTVdrvNT;\??\C:\Arquivos de programas\Prolink\PlayTV Pro\dTVdrvNT.sys

S3 pmxscan;USB 600x1200 V7 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys

AutoRun\command - D:\instalar.exe /AUTORUN

configure\command - D:\instalar.exe

install\command - D:\instalar.exe

Web\Command - D:\runshell.exe http://www.badcd.i8.com

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-08 19:46:45 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"

.

**************************************************************************

 

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-27 13:39:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

**************************************************************************

.

Tempo para conclusão: 2007-10-27 13:41:55

C:\ComboFix-quarantined-files.txt ... 2007-10-08 22:37

C:\ComboFix.txt ... 2007-10-08 22:38

C:\ComboFix3.txt ... 2007-10-06 20:24

.

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:52:36, on 27/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Webroot\Spy Sweeper\SSU.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibedep.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [spySweeper] C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[jgarcia 1]

Opa ZecAdi,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[ZecAdi 0]

Caro Amigo: Terminou ha pouco o scan da Panda. Abaixo o relatorio do mesmo. Aproveito p/ perguntar - considerando que mais de 60 por cento dos probl. relacionados estão na Unid.de Disco "D", se não posso deletar TODAS as pastas dessa unidade, sem afetar o PC - visto tbem que não uso NADA que consta na mesma (ñ sei se algum Progr. usa).

Como sempre - muito obrigado pela atenção! - Prof. Avelar (ZecAdi)

 

Incidência Estado Localização

 

Adware:Adware/Lop Não desinfectado C:\Arquivos de programas\Adverts\uninst.exe

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\Arquivos de programas\MSN Messenger\riched20.dll

Virus:Generic Malware Desinfectado C:\AVELAR\Avelar_Programas\Downloads\Daumlaudis\setupmp3towav.exe

Adware:Adware/SaveNow Não desinfectado C:\AVELAR\Avelar_Programas\Downloads\setupmp3towav.exe

Virus:W32/Sdbot.HLL.worm Desinfectado C:\AVELAR\Avelar_Programas\WinRAR v3.60 Final.rar[setup.exe]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@ad.yieldmanager[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@atdmt[1].txt

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@doubleclick[1].txt

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@fastclick[1].txt

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@media.fastclick[1].txt

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@statcounter[1].txt

Spyware:Cookie/Lop Não desinfectado C:\Documents and Settings\BibaBibi\Configurações locais\Temp\Cookies\bibabibi@www.lop[2].txt

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@2o7[1].txt

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@ad.yieldmanager[2].txt

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@adtech[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@atdmt[2].txt

Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@bravenet[2].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@bs.serving-sys[2].txt

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@doubleclick[1].txt

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@fastclick[2].txt

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@fl01.ct2.comclick[2].txt

Spyware:Cookie/GoClick Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@goclick[2].txt

Spyware:Cookie/QuestionMarket Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@questionmarket[2].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@serving-sys[1].txt

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\BibaBibi\Cookies\bibabibi@statcounter[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.ig.com.br/]

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[fl01.ct2.comclick.com/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.doubleclick.net/]

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.statcounter.com/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.fastclick.net/]

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.statcounter.com/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.fastclick.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.uol.com.br/]

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.2o7.net/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.ad.yieldmanager.com/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.atdmt.com/]

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.serving-sys.com/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.tribalfusion.com/]

Spyware:Cookie/Casalemedia Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.casalemedia.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.terra.com.br/]

Spyware:Cookie/Humanclick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[hc2.humanclick.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[server.iad.liveperson.net/]

Spyware:Cookie/BurstNet Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.burstnet.com/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.adtech.de/]

Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.realmedia.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.de.uol.com.br/]

Spyware:Cookie/WebtrendsLive Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[statse.webtrendslive.com/]

Spyware:Cookie/Go Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.go.com/]

Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.bravenet.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.bannerlandia.com.ar/]

Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.revenue.net/]

Spyware:Cookie/QkSrv Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.qksrv.net/]

Spyware:Cookie/Maxserving Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.maxserving.com/]

Spyware:Cookie/Mediaplex Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.mediaplex.com/]

Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.yadro.ru/]

Spyware:Cookie/QuestionMarket Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.questionmarket.com/]

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.advertising.com/]

Spyware:Cookie/Belnk Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.belnk.com/]

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.atwola.com/]

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.ads.pointroll.com/]

Spyware:Cookie/Apmebf Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies-1.txt[.apmebf.com/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[fl01.ct2.comclick.com/]

Spyware:Cookie/QuestionMarket Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Casalemedia Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.overture.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.com.com/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Humanclick Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[hc2.humanclick.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/BurstNet Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/WebtrendsLive Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Go Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.go.com/]

Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.bannerlandia.com.ar/]

Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.revenue.net/]

Spyware:Cookie/QkSrv Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.qksrv.net/]

Spyware:Cookie/Maxserving Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/Mediaplex Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Advertising Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Belnk Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.belnk.com/]

Spyware:Cookie/Apmebf Não desinfectado C:\Documents and Settings\BibaBibi\Dados de aplicativos\Mozilla\Firefox\Profiles\hlvwj4z4.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Convidado\Dados de aplicativos\Mozilla\Firefox\Profiles\7ax7tdl1.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Searchportal Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.searchportal.information.com/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Zedo Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/WUpd Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\MiNaSa\Dados de aplicativos\Mozilla\Firefox\Profiles\zngjaz1f.default\cookies.txt[.adtech.de/]

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@2o7[2].txt

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@adtech[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@atdmt[1].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@bs.serving-sys[2].txt

Spyware:Cookie/Enhance Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@enhance[2].txt

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@fl01.ct2.comclick[2].txt

Spyware:Cookie/GoClick Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@goclick[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@ig.com[1].txt

Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@serving-sys[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\PattydZ\Cookies\pattydz@uol.com[2].txt

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[de.uol.com.br/]

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[fl01.ct2.comclick.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Toplist Não desinfectado C:\Documents and Settings\PattydZ\Dados de aplicativos\Mozilla\Firefox\Profiles\1cpw53if.default\cookies.txt[.toplist.cz/]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\Cache\9BCAD206d01[nircmd.exe]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\Cache\9BCAD206d01[nircmd.cfexe]

Spyware:Cookie/888 Não desinfectado C:\Documents and Settings\User\Cookies\user@888[2].txt

Spyware:Cookie/Bridgetrack Não desinfectado C:\Documents and Settings\User\Cookies\user@citi.bridgetrack[2].txt

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\User\Cookies\user@fl01.ct2.comclick[2].txt

Spyware:Cookie/GoClick Não desinfectado C:\Documents and Settings\User\Cookies\user@goclick[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Cookies\user@ig.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Cookies\user@terra.com[1].txt

Spyware:Cookie/Toplist Não desinfectado C:\Documents and Settings\User\Cookies\user@toplist[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Cookies\user@uol.com[2].txt

Spyware:Cookie/Weborama Não desinfectado C:\Documents and Settings\User\Cookies\user@weborama[1].txt

Spyware:Cookie/Xiti Não desinfectado C:\Documents and Settings\User\Cookies\user@xiti[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/QuestionMarket Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Traffic Marketplace Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/RealMedia Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/2o7 Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/HotLog Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.hotlog.ru/]

Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[fl01.ct2.comclick.com/]

Spyware:Cookie/Toplist Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/cs.sexcounter Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\2ygpp24k.default\cookies.txt[.terra.com.br/]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Documents and Settings\User\Desktop\ComboFix.exe[nircmd.exe]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Documents and Settings\User\Desktop\ComboFix.exe[nircmd.cfexe]

Ferramenta potencialmente indesejada:Application/FunWeb Não desinfectado C:\Hijack\backups\backup-20071008-212826-118.inf

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\Internet Explorer\msimg32.dll.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir

Ferramenta potencialmente indesejada:Application/FunWeb Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir[contents.rdf]

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir[menu.xul]

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR.vir[toolbarembed.html]

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir

Virus:Generic Malware Desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\Arquivos de programas\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir

Ferramenta potencialmente indesejada:Application/MyWebSearch Não desinfectado C:\qoobox\Quarantine\catchme2007-10-06_202236.06.zip[F3HTMLMU.DLL]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\WINDOWS\NirCmd.exe

Spyware:Cookie/Doubleclick Não desinfectado D:\Documents and Settings\Administrador.ZECAMORE\Cookies\administrador@doubleclick[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Administrador.ZECAMORE\Cookies\administrador@terra.com[1].txt

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@247realmedia[1].txt

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@2o7[1].txt

Spyware:Cookie/Abcsearch Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@abcsearch[1].txt

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@ad.yieldmanager[2].txt

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@admotion.com[2].txt

Spyware:Cookie/AdDynamix Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@ads.addynamix[1].txt

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@ads.pointroll[2].txt

Spyware:Cookie/Apmebf Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@apmebf[2].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@as-us.falkag[2].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@as1.falkag[2].txt

Spyware:Cookie/Atwola Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@atwola[2].txt

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@belnk[1].txt

Spyware:Cookie/Bluestreak Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@bluestreak[2].txt

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@bravenet[2].txt

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@bs.serving-sys[2].txt

Spyware:Cookie/BurstNet Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@burstnet[2].txt

Spyware:Cookie/GoStats Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@c3.gostats[1].txt

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@casalemedia[1].txt

Spyware:Cookie/Ccbill Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@ccbill[1].txt

Spyware:Cookie/CentrPort Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@centrport[1].txt

Spyware:Cookie/Cgi-bin Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@cgi-bin[2].txt

Spyware:Cookie/Cgi-bin Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@cgi-bin[5].txt

Spyware:Cookie/Cgi-bin Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@cgi-bin[8].txt

Spyware:Cookie/Cgi-bin Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@cgi-bin[9].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@com[2].txt

Spyware:Cookie/cs.sexcounter Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@cs.sexcounter[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@de.uol.com[2].txt

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@dist.belnk[2].txt

Spyware:Cookie/Findwhat Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@findwhat[1].txt

Spyware:Cookie/GoStats Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@gostats[2].txt

Spyware:Cookie/Go Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@go[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@ig.com[2].txt

Spyware:Cookie/DomainSponsor Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@landing.domainsponsor[1].txt

Spyware:Cookie/Overture

[ZecAdi 0]

Continuação do Relatorio da Panda

 

Spyware:Cookie/Match Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@promo.match[2].txt

Spyware:Cookie/QkSrv Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@qksrv[1].txt

Spyware:Cookie/QuestionMarket Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@questionmarket[1].txt

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@realmedia[1].txt

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@revenue[1].txt

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@searchportal.information[1].txt

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@serving-sys[1].txt

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@statcounter[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@terra.com[1].txt

Spyware:Cookie/Toplist Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@toplist[1].txt

Spyware:Cookie/Tradedoubler Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@tradedoubler[2].txt

Spyware:Cookie/Traffic Marketplace Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@trafficmp[2].txt

Spyware:Cookie/Tribalfusion Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@tribalfusion[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@uol.com[2].txt

Spyware:Cookie/XXXCounter Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@xxxcounter[1].txt

Spyware:Cookie/Adserver Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@z1.adserver[1].txt

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\Avelar\Cookies\avelar@zedo[2].txt

Virus:Generic Malware Desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.2o7.net/]

Spyware:Cookie/888 Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.888.com/]

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.admotion.com.ar/]

Spyware:Cookie/Hbmediapro Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.adopt.hbmediapro.com/]

Spyware:Cookie/Adrevolver Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Adtech Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.ath.belnk.com/]

Spyware:Cookie/Atwola Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.bannerlandia.com.ar/]

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.belnk.com/]

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/BurstNet Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/Enhance Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.c.enhance.com/]

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/CentrPort Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.centrport.net/]

Spyware:Cookie/Clickbank Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.clickbank.net/]

Spyware:Cookie/cs.sexcounter Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Findwhat Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.findwhat.com/]

Spyware:Cookie/FortuneCity Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.fortunecity.com/]

Spyware:Cookie/GoStats Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.gostats.com/]

Spyware:Cookie/Screensavers Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.i.screensavers.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/MediaTickets Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.kinghost.com/]

Spyware:Cookie/LinkExchange Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.linkexchange.ru/]

Spyware:Cookie/Maxserving Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/Overture Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.overture.com/]

Spyware:Cookie/PayCounter Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.paycounter.com/]

Spyware:Cookie/Paypopup Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.paypopup.com/]

Spyware:Cookie/QuestionMarket Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.searchportal.information.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.server.iad.liveperson.net/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.server.iad.liveperson.net/hc/29472027]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.server.iad.liveperson.net/hc/49303385]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.server.iad.liveperson.net/hc/68944346]

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Tickle Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.tickle.com/]

Spyware:Cookie/Traffic Marketplace Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Tribalfusion Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/WebPower Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.webpower.com/]

Spyware:Cookie/SpySheriff Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.www.spysheriff.com/]

Spyware:Cookie/Xiti Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Yadro Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Adserver Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.z1.adserver.com/]

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\Avelar\Dados de aplicativos\Mozilla\Firefox\Profiles\xum5sgnn.default\cookies.txt[.zedo.com/]

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@2o7[1].txt

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@ad.yieldmanager[1].txt

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@admotion.com[1].txt

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@ads.pointroll[1].txt

Spyware:Cookie/Advertising Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@advertising[1].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@as-eu.falkag[2].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@as-us.falkag[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@atdmt[2].txt

Spyware:Cookie/Bluestreak Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@bluestreak[1].txt

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@casalemedia[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@doubleclick[2].txt

Spyware:Cookie/FastClick Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@fastclick[1].txt

Spyware:Cookie/FastClick Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@media.fastclick[1].txt

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@realmedia[2].txt

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@revenue[1].txt

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@searchportal.information[1].txt

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@serving-sys[2].txt

Spyware:Cookie/SpyLog Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@spylog[2].txt

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@statcounter[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@terra.com[1].txt

Spyware:Cookie/Tribalfusion Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@tribalfusion[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@uol.com[2].txt

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\BibaBibi\Cookies\bibabibi@zedo[1].txt

Virus:Trj/Nabload.NB Desinfectado D:\Documents and Settings\Lisa\Configurações locais\Temporary Internet Files\Content.IE5\69D6JM5O\spacer[1].htm

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@2o7[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@acesso.uol.com[1].txt

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@ad.yieldmanager[2].txt

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@admotion.com[1].txt

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@ads.pointroll[2].txt

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@atdmt[2].txt

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@bravenet[2].txt

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@casalemedia[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@doubleclick[1].txt

Spyware:Cookie/FastClick Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@fastclick[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@ig.com[1].txt

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@revenue[2].txt

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@searchportal.information[1].txt

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@statcounter[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@uol.com[1].txt

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\Lisa\Cookies\lisa@zedo[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.admotion.com.ar/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.searchportal.information.com/]

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Doubleclick Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/FastClick Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.2o7.net/]

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\Lisa\Dados de aplicativos\Mozilla\Firefox\Profiles\4vohkve6.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Menina_Flor\Cookies\menina_flor@acesso.uol.com[1].txt

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\Menina_Flor\Cookies\menina_flor@admotion.com[1].txt

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\Menina_Flor\Cookies\menina_flor@atdmt[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Menina_Flor\Cookies\menina_flor@de.uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Menina_Flor\Cookies\menina_flor@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\Menina_Flor\Cookies\menina_flor@uol.com[1].txt

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@2o7[1].txt

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@ad.yieldmanager[2].txt

Spyware:Cookie/Hbmediapro Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@adopt.hbmediapro[2].txt

Spyware:Cookie/AdDynamix Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@ads.addynamix[2].txt

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@ads.pointroll[2].txt

Spyware:Cookie/Advertising Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@advertising[2].txt

Spyware:Cookie/Apmebf Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@apmebf[2].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@as-eu.falkag[2].txt

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@atdmt[2].txt

Spyware:Cookie/Bluestreak Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@bluestreak[2].txt

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@bravenet[2].txt

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@casalemedia[1].txt

 

 

Parte Final Relat Panda

 

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@doubleclick[1].txt

Spyware:Cookie/ErrorSafe Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@errorsafe[2].txt

Spyware:Cookie/FastClick Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@fastclick[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@ig.com[1].txt

Spyware:Cookie/Overture Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@perf.overture[1].txt

Spyware:Cookie/QkSrv Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@qksrv[2].txt

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@realmedia[2].txt

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@revenue[2].txt

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@searchportal.information[2].txt

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@serving-sys[2].txt

Spyware:Cookie/SexList Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@sexlist[1].txt

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@statcounter[1].txt

Spyware:Cookie/Reliablestats Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@stats1.reliablestats[1].txt

Spyware:Cookie/WebtrendsLive Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@statse.webtrendslive[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@uol.com[1].txt

Spyware:Cookie/WinFixer Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@winfixer[2].txt

Spyware:Cookie/ErrorSafe Não desinfectado D:\Documents and Settings\MiNaSa\Cookies\minasa@www.errorsafe[1].txt

Spyware:Cookie/888 Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@888[1].txt

Spyware:Cookie/888 Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@888[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@acesso.uol.com[2].txt

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@ad.yieldmanager[2].txt

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@atdmt[2].txt

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@belnk[1].txt

Spyware:Cookie/Cassava Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@cassava[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@de.uol.com[1].txt

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@dist.belnk[2].txt

Spyware:Cookie/Overture Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@overture[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@terra.com[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@uol.com[1].txt

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\User\Configurações locais\Temp\Cookies\user@zedo[2].txt

Adware:Adware/Gmter Não desinfectado D:\Documents and Settings\User\Configurações locais\Temporary Internet Files\Content.IE5\2X9IJ7B0\popup[1].htm

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\User\Cookies\user@2o7[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Cookies\user@acesso.uol.com[2].txt

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\User\Cookies\user@admotion.com[1].txt

Spyware:Cookie/Hbmediapro Não desinfectado D:\Documents and Settings\User\Cookies\user@adopt.hbmediapro[1].txt

Spyware:Cookie/AdDynamix Não desinfectado D:\Documents and Settings\User\Cookies\user@ads.addynamix[2].txt

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\User\Cookies\user@as-eu.falkag[1].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\User\Cookies\user@as-us.falkag[2].txt

Spyware:Cookie/Atwola Não desinfectado D:\Documents and Settings\User\Cookies\user@atwola[2].txt

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\User\Cookies\user@belnk[1].txt

Spyware:Cookie/Bluestreak Não desinfectado D:\Documents and Settings\User\Cookies\user@bluestreak[1].txt

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\User\Cookies\user@bravenet[2].txt

Spyware:Cookie/BurstNet Não desinfectado D:\Documents and Settings\User\Cookies\user@burstnet[2].txt

Spyware:Cookie/GoClick Não desinfectado D:\Documents and Settings\User\Cookies\user@c.goclick[2].txt

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\User\Cookies\user@casalemedia[2].txt

Spyware:Cookie/Ccbill Não desinfectado D:\Documents and Settings\User\Cookies\user@ccbill[1].txt

Spyware:Cookie/Cgi-bin Não desinfectado D:\Documents and Settings\User\Cookies\user@cgi-bin[4].txt

Spyware:Cookie/Cgi-bin Não desinfectado D:\Documents and Settings\User\Cookies\user@cgi-bin[5].txt

Spyware:Cookie/cs.sexcounter Não desinfectado D:\Documents and Settings\User\Cookies\user@cs.sexcounter[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Cookies\user@de.uol.com[1].txt

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\User\Cookies\user@dist.belnk[2].txt

Spyware:Cookie/ErrorSafe Não desinfectado D:\Documents and Settings\User\Cookies\user@errorsafe[1].txt

Spyware:Cookie/fe.lea.lycos Não desinfectado D:\Documents and Settings\User\Cookies\user@fe.lea.lycos[1].txt

Spyware:Cookie/Humanclick Não desinfectado D:\Documents and Settings\User\Cookies\user@hc2.humanclick[2].txt

Spyware:Cookie/HotLog Não desinfectado D:\Documents and Settings\User\Cookies\user@hotlog[1].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Cookies\user@ig.com[2].txt

Spyware:Cookie/DomainSponsor Não desinfectado D:\Documents and Settings\User\Cookies\user@landing.domainsponsor[2].txt

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\User\Cookies\user@microsofteup.112.2o7[1].txt

Spyware:Cookie/Overture Não desinfectado D:\Documents and Settings\User\Cookies\user@overture[2].txt

Spyware:Cookie/PayCounter Não desinfectado D:\Documents and Settings\User\Cookies\user@paycounter[1].txt

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\User\Cookies\user@realmedia[2].txt

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\User\Cookies\user@revenue[2].txt

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\User\Cookies\user@searchportal.information[1].txt

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\User\Cookies\user@sel.as-eu.falkag[1].txt

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\User\Cookies\user@server.iad.liveperson[2].txt

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\User\Cookies\user@serving-sys[2].txt

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\User\Cookies\user@statcounter[1].txt

Spyware:Cookie/Reliablestats Não desinfectado D:\Documents and Settings\User\Cookies\user@stats1.reliablestats[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Cookies\user@terra.com[1].txt

Spyware:Cookie/Toplist Não desinfectado D:\Documents and Settings\User\Cookies\user@toplist[1].txt

Spyware:Cookie/Tribalfusion Não desinfectado D:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Cookies\user@uol.com[1].txt

Spyware:Cookie/Weborama Não desinfectado D:\Documents and Settings\User\Cookies\user@weborama[1].txt

Spyware:Cookie/ErrorSafe Não desinfectado D:\Documents and Settings\User\Cookies\user@www.errorsafe[2].txt

Spyware:Cookie/Xiti Não desinfectado D:\Documents and Settings\User\Cookies\user@xiti[1].txt

Spyware:Cookie/XXXCounter Não desinfectado D:\Documents and Settings\User\Cookies\user@xxxcounter[1].txt

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\User\Cookies\user@zedo[1].txt

Virus:Generic Malware Desinfectado D:\Documents and Settings\User\Dados de aplicativos\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32

Spyware:Cookie/Atlas DMT Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.as-eu.falkag.net/]

Spyware:Cookie/Zedo Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/YieldManager Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.ad.yieldmanager.com/]

Spyware:Cookie/XXXCounter Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.xxxcounter.com/]

Spyware:Cookie/Xiti Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.xiti.com/]

Spyware:Cookie/Reliablestats Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.stats1.reliablestats.com/]

Spyware:Cookie/Statcounter Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.server.iad.liveperson.net/]

Spyware:Cookie/Tribalfusion Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Toplist Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.toplist.cz/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/Serving-sys Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Weborama Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.weborama.fr/]

Spyware:Cookie/Searchportal Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.searchportal.information.com/]

Spyware:Cookie/PayCounter Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.paycounter.com/]

Spyware:Cookie/WUpd Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.revenue.net/]

Spyware:Cookie/RealMedia Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Overture Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.overture.com/]

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.microsofteup.112.2o7.net/]

Spyware:Cookie/DomainSponsor Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.landing.domainsponsor.com/]

Spyware:Cookie/Humanclick Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.hc2.humanclick.com/]

Spyware:Cookie/HotLog Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.hotlog.ru/]

Spyware:Cookie/bravenetA Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/GoClick Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.c.goclick.com/]

Spyware:Cookie/BurstNet Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/cs.sexcounter Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/Falkag Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.as-us.falkag.net/]

Spyware:Cookie/Belnk Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.belnk.com/]

Spyware:Cookie/cs.sexcounter Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/ErrorSafe Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.errorsafe.com/]

Spyware:Cookie/Bluestreak Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/fe.lea.lycos Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.fe.lea.lycos.es/]

Spyware:Cookie/cs.sexcounter Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.cs.sexcounter.com/]

Spyware:Cookie/Atwola Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.atwola.com/]

Spyware:Cookie/PointRoll Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Casalemedia Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/Com.com Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.de.uol.com.br/]

Spyware:Cookie/Admotion Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.admotion.com.ar/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.server.iad.liveperson.net/hc/19874864]

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Hbmediapro Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.adopt.hbmediapro.com/]

Spyware:Cookie/2o7 Não desinfectado D:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\46lgge8g.default\cookies.txt[.2o7.net/]

Virus:Trj/Agent.DIL Desinfectado D:\WINDOWS\system32\exclean.exe

[jgarcia 1]

Opa ZecAdi,

 

Vamos lá.

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Arquivos de programas\Adverts\uninst.exe

C:\Arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll

C:\Arquivos de programas\MSN Messenger\riched20.dll

C:\Hijack\backups\backup-20071008-212826-118.inf

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo das seguintes pastas:

 

C:\!Killbox

C:\QooBox\Quarantine

 

Execute o CCleaner e clique em Executar Limpeza.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[ZecAdi 0]

Bom Dia amigo. Desculpe só responder agora. Estive fora. Executei conf. instruções, e passei o Active Scan da Panda (que no meu C, demora mais de 3 hs executando). A resposta foi de que existiam somente 2 Arq. infectados. No entanto, notei que os mesmos podiam ser excluidos o que fiz manualmente.

 

Agora, retornando ao trab. neste PC, nos scaneamentos rotineiros do Avast, apareceu 1 virus(jah conhecido de todos) que é o Win32 /Trojan gen no Arquivo C\Arquivos de Programas\...\Activation Manager.dll.

 

Envio log do hijack this para verificação se tem algo a ver com os problemas anteriores (queaq meu ver, foram resolvidos)

Abraços, Prof. Avelar (ZecAdi).

 

Logfile of HijackThis v1.99.1

Scan saved at 14:31:14, on 18/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibedep.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] "C:\Arquivos de programas\Ahead\InCD\InCD.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [PowerBar] "C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[jgarcia 1]

Opa ZecAdi,

 

O seu log está LIMPO. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.