alexgunM 0 Denunciar post Postado Outubro 29, 2008 desculpe-me.. mais mo adicionar ou remover programas não tem o AskTBar... :huh: E agora? Compartilhar este post Link para o post Compartilhar em outros sites
alexgunM 0 Denunciar post Postado Outubro 29, 2008 ComboFix 08-10-29.06 - Alex 2008-10-29 14:31:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.539 [GMT -2:00] Executando de: C:\Documents and Settings\Alex\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\sglt02.exe . ---- Previous Run ------- . C:\Documents and Settings\Alex\Dados de aplicativos\inst.exe C:\WINDOWS\LSPRN.EXE C:\WINDOWS\shapi32.dll C:\WINDOWS\system32\39upd.dll C:\WINDOWS\system32\acpoqfxd.ini C:\WINDOWS\system32\adqrqdiv.ini C:\WINDOWS\system32\akwpqxyg.ini C:\WINDOWS\system32\ankiflag.ini C:\WINDOWS\system32\apibsc32.dll C:\WINDOWS\system32\asysvxce.ini C:\WINDOWS\system32\avlpogft.ini C:\WINDOWS\system32\avrerken.ini C:\WINDOWS\system32\axajohgp.ini C:\WINDOWS\system32\bbnipxyi.ini C:\WINDOWS\system32\bcjhdsmg.ini C:\WINDOWS\system32\bdhvdkfw.ini C:\WINDOWS\system32\bfiaicgu.ini C:\WINDOWS\system32\boadasge.ini C:\WINDOWS\system32\bqffhvab.ini C:\WINDOWS\system32\bxuucuqc.ini C:\WINDOWS\system32\casifwqb.ini C:\WINDOWS\system32\ccmnvqxm.ini C:\WINDOWS\system32\cdbaixda.ini C:\WINDOWS\system32\cfimwkrj.ini C:\WINDOWS\system32\copviwdh.ini C:\WINDOWS\system32\cptaayay.ini C:\WINDOWS\system32\ctphleam.ini C:\WINDOWS\system32\cvkhvdbm.ini C:\WINDOWS\system32\dbwqvdnx.ini C:\WINDOWS\system32\dcwocfrk.ini C:\WINDOWS\system32\ddfesomm.ini C:\WINDOWS\system32\dhjmvfks.ini C:\WINDOWS\system32\dhqffhxk.ini C:\WINDOWS\system32\divxdrv32.exe C:\WINDOWS\system32\dqbqcifn.ini C:\WINDOWS\system32\dsgmlvyi.ini C:\WINDOWS\system32\duybnlid.ini C:\WINDOWS\system32\dvtmdxyu.ini C:\WINDOWS\system32\eaokpdso.ini C:\WINDOWS\system32\eaptwbfe.ini C:\WINDOWS\system32\emuismqn.ini C:\WINDOWS\system32\enyfwiwa.ini C:\WINDOWS\system32\ewnptwlu.ini C:\WINDOWS\system32\ewwosvij.ini C:\WINDOWS\system32\faovuvbn.ini C:\WINDOWS\system32\frdsqunn.ini C:\WINDOWS\system32\hfnevdya.ini C:\WINDOWS\system32\hhgpesph.ini C:\WINDOWS\system32\hlkwsugh.ini C:\WINDOWS\system32\holudwap.ini C:\WINDOWS\system32\hrpcstec.ini C:\WINDOWS\system32\isiqidgc.ini C:\WINDOWS\system32\jcratkcl.ini C:\WINDOWS\system32\jilnymhu.ini C:\WINDOWS\system32\jinjlxkg.ini C:\WINDOWS\system32\jjkkj.ini C:\WINDOWS\system32\jjkkj.ini2 C:\WINDOWS\system32\juaqfhue.ini C:\WINDOWS\system32\kkqeikmd.ini C:\WINDOWS\system32\kqoruihs.ini C:\WINDOWS\system32\KUDcJkkj.ini C:\WINDOWS\system32\kwtcfgmq.ini C:\WINDOWS\system32\lcrnspjm.ini C:\WINDOWS\system32\lfgbytik.ini C:\WINDOWS\system32\logabyih.ini C:\WINDOWS\system32\lqikgecp.ini C:\WINDOWS\system32\lvcnetxo.ini C:\WINDOWS\system32\mavimvng.ini C:\WINDOWS\system32\mdinkuqd.ini C:\WINDOWS\system32\mifyntuj.ini C:\WINDOWS\system32\mnndjakj.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\ncacfbfj.ini C:\WINDOWS\system32\njbybtns.ini C:\WINDOWS\system32\nlgxeryx.ini C:\WINDOWS\system32\nocglnuk.ini C:\WINDOWS\system32\olpbyjap.ini C:\WINDOWS\system32\oomwjjlb.ini C:\WINDOWS\system32\ooytxsuw.ini C:\WINDOWS\system32\pcmtmjua.ini C:\WINDOWS\system32\pdfshvsh.ini C:\WINDOWS\system32\plevqtum.ini C:\WINDOWS\system32\poileahe.ini C:\WINDOWS\system32\PRINTDRV.EXE C:\WINDOWS\system32\pvsdlntk.ini C:\WINDOWS\system32\pyitogyp.ini C:\WINDOWS\system32\pyjxwsaq.ini C:\WINDOWS\system32\qBeOrtwa.ini C:\WINDOWS\system32\qBeOrtwa.ini2 C:\WINDOWS\system32\qdufykks.ini C:\WINDOWS\system32\qhduydjt.ini C:\WINDOWS\system32\qladljnt.ini C:\WINDOWS\system32\qqrpgygv.ini C:\WINDOWS\system32\qsnlvaly.ini C:\WINDOWS\system32\rdffytdq.ini C:\WINDOWS\system32\rheiacod.ini C:\WINDOWS\system32\rlgvvpfh.ini C:\WINDOWS\system32\rqioaygv.ini C:\WINDOWS\system32\rvmumsvh.ini C:\WINDOWS\system32\scjdctbx.ini C:\WINDOWS\system32\sfpdiucv.ini C:\WINDOWS\system32\spxwynhj.ini C:\WINDOWS\system32\thjcqxgf.ini C:\WINDOWS\system32\tjreruwc.ini C:\WINDOWS\system32\toutrpcg.ini C:\WINDOWS\system32\trepxhor.ini C:\WINDOWS\system32\tylhdnqo.ini C:\WINDOWS\system32\umhdndto.ini C:\WINDOWS\system32\umnpuwxq.ini C:\WINDOWS\system32\unqcthjw.ini C:\WINDOWS\system32\uwhoqxgc.ini C:\WINDOWS\system32\vbyonuvp.ini C:\WINDOWS\system32\vcwrihav.ini C:\WINDOWS\system32\vffhyvjn.ini C:\WINDOWS\system32\vfjtdlmg.ini C:\WINDOWS\system32\vkktaejx.ini C:\WINDOWS\system32\vmlmrbum.ini C:\WINDOWS\system32\vneakvtk.ini C:\WINDOWS\system32\wbumogxh.ini C:\WINDOWS\system32\wnignvsh.ini C:\WINDOWS\system32\wrywekmo.ini C:\WINDOWS\system32\wywdqcde.ini C:\WINDOWS\system32\xcxtrqug.ini C:\WINDOWS\system32\xqyjnahh.ini C:\WINDOWS\system32\xtbayuls.ini C:\WINDOWS\system32\xtysgpox.ini C:\WINDOWS\system32\yckpuhge.ini C:\WINDOWS\system32\yeksbnvw.ini C:\WINDOWS\system32\yeweqaft.ini C:\WINDOWS\system32\yhfjukfp.ini C:\WINDOWS\system32\ylipcphq.ini C:\WINDOWS\system32\yrxsvgpp.ini C:\WINDOWS\system32\yspdhvkp.ini . (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))) . 2008-10-27 20:21 . 2008-10-27 21:44 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp 2008-10-27 18:29 . 2008-10-27 21:45 <DIR> d-------- C:\Hijack 2008-10-25 14:10 . 2008-09-02 15:33 262,144 --a------ C:\Arquivos de programas\Uninstall Ask Toolbar.dll 2008-10-24 23:08 . 2008-10-24 23:09 <DIR> d-------- C:\Arquivos de programas\Torpedos Online 2008-10-24 21:49 . 2008-10-24 21:49 <DIR> d-------- C:\Documents and Settings\Alex\Dados de aplicativos\PC Tools 2008-10-24 21:49 . 2008-10-27 18:42 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor 2008-10-24 21:49 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-10-24 21:49 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-10-24 21:49 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-10-24 21:49 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-10-24 20:40 . 2008-10-24 20:40 <DIR> d-------- C:\Documents and Settings\Alex\Dados de aplicativos\Malwarebytes 2008-10-24 20:40 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-24 20:40 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-24 20:39 . 2008-10-24 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2008-10-24 20:39 . 2008-10-24 20:40 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2008-10-24 18:03 . 2008-10-24 18:03 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy 2008-10-24 15:59 . 2008-10-24 15:59 <DIR> d-------- C:\WINDOWS\system32\SpycatcherAgentSetupTemp 2008-10-24 14:43 . 2008-10-24 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft 2008-10-24 14:43 . 2008-10-24 14:43 <DIR> d-------- C:\Arquivos de programas\Lavasoft 2008-10-24 14:42 . 2008-10-24 14:42 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-10-24 14:26 . 2008-10-24 14:26 <DIR> d--hs---- C:\Documents and Settings\Alex\PrivacIE 2008-10-24 14:09 . 2008-10-24 14:10 <DIR> d--h-c--- C:\WINDOWS\ie8 2008-10-24 14:00 . 2008-10-24 14:00 887 --a------ C:\WINDOWS\Active Setup Log.BAK 2008-10-21 21:57 . 2008-10-27 21:21 590 --a------ C:\WINDOWS\iexplore.html 2008-10-21 19:48 . 2008-10-27 20:21 2,970 --a------ C:\WINDOWS\system32\apisc32.dll 2008-10-21 19:47 . 2008-10-29 14:16 23,040 --a------ C:\WINDOWS\system32\upd01.exe 2008-10-21 19:47 . 2008-10-29 14:16 2,970 --a------ C:\WINDOWS\system32\sc02.sc 2008-10-21 19:13 . 2008-10-21 19:13 846,635 --a------ C:\WINDOWS\system32\CSRLT.EXE 2008-10-21 19:13 . 2008-10-21 19:13 846,635 --a------ C:\WINDOWS\MSBLT.EXE 2008-10-20 17:52 . 2008-10-20 17:52 <DIR> d-------- C:\Documents and Settings\Alex\Dados de aplicativos\Uniblue 2008-10-16 18:50 . 2008-10-16 18:50 <DIR> d-------- C:\965c226ad4cc9ba3dcf7260cdbfcfa 2008-10-14 16:33 . 2008-10-14 16:33 65,536 --a------ C:\WINDOWS\UnInstallX.exe 2008-10-10 20:31 . 2008-10-10 21:24 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-10-05 20:36 . 2008-10-05 20:36 <DIR> d-------- C:\DVDVideoSoft 2008-10-03 21:36 . 2008-10-03 21:36 <DIR> d-------- C:\Documents and Settings\José Cardoso\Dados de aplicativos\Netscape 2008-10-03 21:36 . 2008-10-03 21:37 <DIR> d-------- C:\Documents and Settings\José Cardoso\Dados de aplicativos\AVGTOOLBAR 2008-09-30 15:01 . 2008-09-30 15:01 <DIR> d-------- C:\WINDOWS\system32\VIRepair 2008-09-30 14:49 . 2008-09-30 15:01 <DIR> d-------- C:\WINDOWS\system32\VITrans 2008-09-30 14:49 . 2008-09-30 15:02 <DIR> d-------- C:\VTPFiles 2008-09-30 14:49 . 2008-09-30 14:49 <DIR> d-------- C:\Documents and Settings\Alex\Dados de aplicativos\Styler 2008-09-30 14:49 . 2006-12-03 18:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe 2008-09-30 14:49 . 2004-11-27 20:00 94,208 --a------ C:\WINDOWS\system32\pskill.exe 2008-09-30 14:49 . 2006-12-03 18:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe 2008-09-30 14:49 . 2006-12-03 18:15 19,968 --a------ C:\WINDOWS\system32\reico.exe 2008-09-30 14:49 . 2006-12-03 18:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe 2008-09-30 14:25 . 2008-09-30 14:25 <DIR> d-------- C:\Temp\lgfwauto . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 16:25 --------- d-----w C:\Arquivos de programas\lg_fwupdate 2008-10-27 23:14 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2008-10-26 19:47 --------- d-----w C:\Arquivos de programas\OnGame 2008-10-25 18:13 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\LimeWire 2008-10-25 17:00 --------- d---a-w C:\Arquivos de programas\AskSBar 2008-10-25 16:23 --------- d-----w C:\Arquivos de programas\Google 2008-10-25 16:19 --------- d-----w C:\Arquivos de programas\DVDlabPro2 2008-10-25 16:18 --------- d-----w C:\Arquivos de programas\Digital Video Converter 2008-10-25 16:15 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-10-24 22:10 --------- d-----w C:\Arquivos de programas\Conduit 2008-10-24 21:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-10-24 18:59 --------- d-----w C:\Arquivos de programas\GameSpy Arcade 2008-10-24 18:53 --------- d-----w C:\Arquivos de programas\Yahoo! 2008-10-24 15:30 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight 2008-10-21 20:39 --------- d-----w C:\Arquivos de programas\Image-Line 2008-10-19 20:40 --------- d-----w C:\Arquivos de programas\Yamp 2.3 2008-10-17 20:23 --------- d-----w C:\Arquivos de programas\DAP 2008-09-29 22:28 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\AVGTOOLBAR 2008-09-29 22:06 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-09-22 22:39 --------- d-----w C:\Arquivos de programas\AskTBar 2008-09-22 16:34 --------- d-----w C:\Arquivos de programas\VirtualDJ 2008-09-21 22:39 --------- d-----w C:\Arquivos de programas\Vstplugins 2008-09-21 19:05 47,360 ----a-w C:\Documents and Settings\Alex\Dados de aplicativos\pcouffin.sys 2008-09-21 19:05 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Vso 2008-09-21 19:05 --------- d-----w C:\Arquivos de programas\VSO 2008-09-21 18:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk 2008-09-21 18:35 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-19 23:01 --------- d-----w C:\Arquivos de programas\MSXML 6.0 2008-09-19 22:23 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-09-19 22:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller 2008-09-19 22:16 --------- d-----w C:\Arquivos de programas\Windows Live 2008-09-19 21:45 --------- d-----w C:\Arquivos de programas\MessengerPlus! 3 2008-09-19 17:42 --------- d-----w C:\Arquivos de programas\Microsoft 2008-09-19 17:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Windows Live 2008-09-19 15:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8 2008-09-18 19:50 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Sony 2008-09-18 19:04 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Publish Providers 2008-09-18 19:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony 2008-09-18 19:01 --------- d-----w C:\Arquivos de programas\Sony 2008-09-18 18:40 --------- d-----w C:\Arquivos de programas\MSBuild 2008-09-18 18:27 --------- d-----w C:\Arquivos de programas\Reference Assemblies 2008-09-18 17:50 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Sony Setup 2008-09-18 17:49 --------- d-----w C:\Arquivos de programas\Sony Setup 2008-09-18 17:39 --------- d-----w C:\Arquivos de programas\MP3 Player Utilities 3.68 2008-09-17 16:30 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-09-17 16:30 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-09-17 16:30 --------- d-----w C:\Arquivos de programas\AVG 2008-09-16 19:41 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Ahead 2008-09-16 17:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead 2008-09-16 17:51 --------- d-----w C:\Arquivos de programas\Ahead 2008-09-15 15:40 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-09 00:10 95,744 ----a-w C:\WINDOWS\system32\yxjaglhp.dll 2008-09-08 00:09 95,744 ----a-w C:\WINDOWS\system32\kfotfbhy.dll 2008-09-07 19:45 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Toribash 2008-09-07 19:40 --------- d-----w C:\Arquivos de programas\Toribash-3.24 2008-09-07 00:10 --------- d-----w C:\Arquivos de programas\Opera 2008-09-07 00:07 95,744 ----a-w C:\WINDOWS\system32\plwuqdaa.dll 2008-09-06 00:06 95,744 ----a-w C:\WINDOWS\system32\wgeqmkvj.dll 2008-09-03 16:44 --------- d-----w C:\Arquivos de programas\Project64 1.6 2008-09-03 16:24 --------- d-----w C:\Arquivos de programas\Project64 2008-09-03 16:16 --------- d-----w C:\Arquivos de programas\1964 2008-09-02 17:33 --------- d-----w C:\Arquivos de programas\Mailinfo 2008-09-01 20:15 --------- d-----w C:\Documents and Settings\Alex\Dados de aplicativos\Netscape 2008-09-01 20:15 --------- d-----w C:\Arquivos de programas\Netscape 2008-08-29 19:14 355 ----a-w C:\677.bat 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-24 18:34 26,240 ----a-w C:\Documents and Settings\Alex\Dados de aplicativos\GDIPFONTCACHEV1.DAT 2008-08-23 19:19 40 ----a-w C:\Documents and Settings\Alex\language.dat 2008-08-22 05:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-22 05:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-08-22 05:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll 2008-08-22 05:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll 2008-08-22 05:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll 2008-08-22 05:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-08-22 05:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll 2008-08-22 05:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-08-22 05:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-08-22 05:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-08-22 04:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-08-14 13:45 2,184,576 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:45 2,061,952 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-13 17:05 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2008-08-05 19:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll 2008-05-04 06:54 1,940 ----a-w C:\Documents and Settings\Alex\Dados de aplicativos\lebendig.reg 2008-04-15 18:02 10,274,304 ----a-w C:\Arquivos de programas\RWCursorEditor32.msi 2008-04-15 17:55 257,775 ----a-w C:\Arquivos de programas\NeonCrsr.zip 2008-04-15 03:59 14,848,400 ----a-w C:\Arquivos de programas\CursorFX_public.exe 2008-04-15 03:57 2,383,872 ----a-w C:\Arquivos de programas\cursorxp_free.exe 2008-04-15 03:50 25,811,528 ----a-w C:\Arquivos de programas\wmp11-windowsxp-x86-pt-bruu.exe 2008-04-14 18:39 5,735,424 ----a-w C:\Arquivos de programas\xVideoServiceThief_1_7_1_alpha_win32_installer.msi 2008-04-14 17:22 1,495,112 ----a-w C:\Arquivos de programas\install_flash_player.exe 2008-04-01 22:15 3,490,554 ----a-w C:\Arquivos de programas\vdownloader.zip 2008-04-01 22:07 4,768,080 ----a-w C:\Arquivos de programas\MsgPlusLive-460.exe 2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe . ------- Sigcheck ------- 2007-06-13 11:21 1035264 1187a46d435be49418ac77e57add7c08 C:\WINDOWS\explorer.exe 2007-06-13 11:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 01:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\explorer.exe 2007-06-13 11:21 1035264 1187a46d435be49418ac77e57add7c08 C:\WINDOWS\system32\dllcache\explorer.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-09-21 57344] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] 2008-08-21 16:15 94736 --a------ C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "NBJ"="C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000] "CursorFX"="C:\Arquivos de programas\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] "Google Update"="C:\Documents and Settings\Alex\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 7630848] "LGODDFU"="C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" [2006-02-20 245760] "Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Motive SmartBridge"="C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 86016] "AppleSyncNotifier"="C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="C:\Arquivos de programas\Ringz Studio\Storm Codec\qttask.exe" [2008-05-27 413696] "AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "CSRLT.EXE"="C:\WINDOWS\system32\CSRLT.EXE" [2008-10-21 846635] "nwiz"="nwiz.exe" [2006-08-16 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-23 113664] Assistente Tecnico Speedy.lnk - C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-04-04 217088] Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-21 00:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=secuload.dll,avgrsstx.dll,bynmpg.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Documents and Settings\\Alex\\Meus documentos\\the duel\\theduel.exe"= "C:\\Documents and Settings\\Alex\\Meus documentos\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"= "C:\\Arquivos de programas\\Ahead\\Nero ShowTime\\ShowTime.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5000:TCP"= 5000:TCP:AresChatServer R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928] R2 avg8wd;AVG Free8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704] S2 GF0003;GASIA GF0003 Filter Driver;C:\WINDOWS\system32\DRIVERS\GF0003.sys [2006-04-28 9216] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368] S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ] S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys [ ] S3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys [ ] S3 XDva200;XDva200;C:\WINDOWS\system32\XDva200.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a1fe586-cb5c-11dc-a333-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{540e5670-a288-11dc-a2bd-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e6a1a27-c4fb-11dc-a321-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81813686-bae3-11dc-a304-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0be629a-6939-11dc-a226-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5fed4dd-ea20-11dc-a38e-f39250312a86}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c87fa17e-7f12-11dc-a25e-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9ddadf1-4ffb-11dc-a1db-001bb960a1a2}] \Shell\AutoRun\command - E:\nncu6kk.com \Shell\explore\Command - E:\nncu6kk.com \Shell\open\Command - E:\nncu6kk.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69ea335-54dc-11dc-a1ee-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f487e8-c778-11dc-a326-001bb960a1a2}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae5299d-b0bd-11dc-a2e3-001bb960a1a2}] \Shell\AutoRun\command - bqk.bat \Shell\explore\Command - bqk.bat \Shell\open\Command - bqk.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd1e09b2-e70f-11dc-a380-cb9df8702079}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Conteúdo da pasta 'Tarefas Agendadas' 2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2007-12-03 C:\WINDOWS\Tasks\At100.job - C:\WINDOWS\system32\svvci32.exe [] 2007-12-03 C:\WINDOWS\Tasks\At101.job - C:\WINDOWS\system32\svvci32.exe [] 2007-12-03 C:\WINDOWS\Tasks\At102.job - C:\WINDOWS\system32\svvci32.exe [] 2007-12-03 C:\WINDOWS\Tasks\At103.job - C:\WINDOWS\system32\svvci32.exe [] 2007-12-03 C:\WINDOWS\Tasks\At104.job - C:\WINDOWS\system32\svvci32.exe [] 2008-07-15 C:\WINDOWS\Tasks\At105.job - C:\WINDOWS\system32\svvci32.exe [] 2008-08-23 C:\WINDOWS\Tasks\At106.job - C:\WINDOWS\system32\svvci32.exe [] 2008-07-15 C:\WINDOWS\Tasks\At107.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-25 C:\WINDOWS\Tasks\At108.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-25 C:\WINDOWS\Tasks\At109.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-29 C:\WINDOWS\Tasks\At110.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-29 C:\WINDOWS\Tasks\At111.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-24 C:\WINDOWS\Tasks\At112.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-25 C:\WINDOWS\Tasks\At113.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-26 C:\WINDOWS\Tasks\At114.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-26 C:\WINDOWS\Tasks\At115.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-27 C:\WINDOWS\Tasks\At116.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-27 C:\WINDOWS\Tasks\At117.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-27 C:\WINDOWS\Tasks\At118.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-28 C:\WINDOWS\Tasks\At119.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-28 C:\WINDOWS\Tasks\At120.job - C:\WINDOWS\system32\svvci32.exe [] 2008-04-15 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe [] 2008-04-15 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe [] 2007-09-10 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe [] 2007-09-10 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe [] 2007-09-10 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe [] 2007-09-10 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe [] 2007-09-10 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe [] 2007-09-10 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe [] 2008-07-15 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe [] 2008-08-23 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe [] 2008-07-15 C:\WINDOWS\Tasks\At35.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-25 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-25 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-29 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-29 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-24 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-25 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-26 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-26 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-27 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-27 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-27 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-28 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe [] 2008-10-28 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe [] 2008-04-15 C:\WINDOWS\Tasks\At73.job - C:\WINDOWS\system32\svvci32.exe [] 2008-04-15 C:\WINDOWS\Tasks\At74.job - C:\WINDOWS\system32\svvci32.exe [] 2007-09-23 C:\WINDOWS\Tasks\At75.job - C:\WINDOWS\system32\svvci32.exe [] 2007-09-23 C:\WINDOWS\Tasks\At76.job - C:\WINDOWS\system32\svvci32.exe [] 2007-09-23 C:\WINDOWS\Tasks\At77.job - C:\WINDOWS\system32\svvci32.exe [] 2007-09-23 C:\WINDOWS\Tasks\At78.job - C:\WINDOWS\system32\svvci32.exe [] 2007-09-23 C:\WINDOWS\Tasks\At79.job - C:\WINDOWS\system32\svvci32.exe [] 2007-09-23 C:\WINDOWS\Tasks\At80.job - C:\WINDOWS\system32\svvci32.exe [] 2008-07-15 C:\WINDOWS\Tasks\At81.job - C:\WINDOWS\system32\svvci32.exe [] 2008-08-23 C:\WINDOWS\Tasks\At82.job - C:\WINDOWS\system32\svvci32.exe [] 2008-07-15 C:\WINDOWS\Tasks\At83.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-25 C:\WINDOWS\Tasks\At84.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-25 C:\WINDOWS\Tasks\At85.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-29 C:\WINDOWS\Tasks\At86.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-29 C:\WINDOWS\Tasks\At87.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-24 C:\WINDOWS\Tasks\At88.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-25 C:\WINDOWS\Tasks\At89.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-26 C:\WINDOWS\Tasks\At90.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-26 C:\WINDOWS\Tasks\At91.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-27 C:\WINDOWS\Tasks\At92.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-27 C:\WINDOWS\Tasks\At93.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-27 C:\WINDOWS\Tasks\At94.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-28 C:\WINDOWS\Tasks\At95.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-28 C:\WINDOWS\Tasks\At96.job - C:\WINDOWS\system32\svvci32.exe [] 2008-04-15 C:\WINDOWS\Tasks\At97.job - C:\WINDOWS\system32\svvci32.exe [] 2008-04-15 C:\WINDOWS\Tasks\At98.job - C:\WINDOWS\system32\svvci32.exe [] 2007-12-03 C:\WINDOWS\Tasks\At99.job - C:\WINDOWS\system32\svvci32.exe [] 2008-10-24 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Alex\Configura [] . - - - - ORFÃOS REMOVIDOS - - - - URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) BHO-{0392E0F4-4CAC-4A26-9834-10DA454D5C09} - (no file) BHO-{5BE6F8F2-A0AF-4A2A-9AF3-E5932BFB839E} - (no file) BHO-{703E97CD-8F5A-49C9-BA24-5335A0BEF960} - (no file) BHO-{864CB0A6-F301-4419-AB0C-75893CB0A1A4} - (no file) BHO-{8ABB5E08-6B97-413E-981F-488ED0BEAB2B} - (no file) BHO-{93D31EFB-AB67-4AA9-B241-F3F0620ECB1D} - (no file) BHO-{94F83540-3E14-4E3D-B1DC-A1405967C090} - C:\WINDOWS\system32\awtrOeBq.dll WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) HKCU-Run-ares - C:\Arquivos de programas\Ares\Ares.exe HKCU-Run-LClock - C:\Arquivos de programas\LClock\LClock.exe HKCU-Run-Vista Sidebar - C:\Arquivos de programas\Vista Sidebar\sidebar.exe HKCU-Run-ViStart - C:\Arquivos de programas\ViStart\ViStart.exe HKCU-Run-ViOrb - C:\Arquivos de programas\ViOrb\ViOrb.exe HKCU-Run-Uniblue RegistryBooster 2009 - C:\Arquivos de programas\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-OKGO - C:\WINDOWS\system32\Press_Schutz.exe HKLM-Run-InCD - C:\Arquivos de programas\Ahead\InCD\InCD.exe HKLM-Run-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe HKLM-Run-MediaKey - C:\ARQUIV~1\INTERN~2\MEDIAKEY.EXE HKLM-Run-Discador iG - C:\Arquivos de programas\iGv6\Discador iG.exe HKLM-Run-Printer Driver - C:\WINDOWS\system32\PRINTDRV.EXE HKLM-Run-TkBellExe - realsched.exe HKLM-Explorer_Run-PrinterSecurityLayer - C:\WINDOWS\LSPRN.EXE ShellExecuteHooks-{0076C234-2AE1-43E0-BE7F-12C145C36700} - (no file) . ------- Scan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Alex\Dados de aplicativos\Mozilla\Firefox\Profiles\9j3uk5hx.default\ FF -: plugin - C:\Arquivos de programas\Google\Google Earth Plugin\npgeplugin.dll FF -: plugin - C:\Arquivos de programas\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Arquivos de programas\Google\Update\1.2.131.25\npGoogleOneClick6.dll FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll FF -: plugin - C:\Documents and Settings\Alex\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.25\npGoogleOneClick6.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 14:35:07 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-10-29 14:41:07 ComboFix-quarantined-files.txt 2008-10-29 16:40:59 Pré-execução: 27 pasta(s) 23,893,803,008 bytes disponíveis Pós execução: 27 pasta(s) 23,923,593,216 bytes disponíveis 594 --- E O F --- 2008-10-24 22:18:03 Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 29, 2008 Faça o download do Avenger e salve no seu Desktop em seguida descompacte-o. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo: Files to delete:C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL C:\WINDOWS\system32\CSRLT.EXE Execute o Avenger.exe no desktop. ◘ Clique direito do mouse na janela Input script here:, em seguida clique em Paste ou (control + v). ◘ Clique em Execute ◘ Escolha "Yes" duas vezes, quando solicitado. Ao acabar de executar o script o PC será reiniciado. É possivel que o PC seja reiniciado mais de uma vez. Poste o log que encontrará em C:\avenger.txt - Reinicie o computador em modo seguro. - Abra o HijackThis, e clique em Do a system scan only. - Marque as entradas, logo abaixo, e clique em Fix checked! R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O4 - HKLM\..\Run: [CSRLT.EXE] C:\WINDOWS\system32\CSRLT.EXE O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE O4 - HKLM\..\RunOnce: [MSBLT.EXE] C:\WINDOWS\MSBLT.EXE - Reinicie o computador normalmente. na sua proxima resposta poste o log do hijackthis mais avenger - Sobre o combofix consegue executa-lo em modo segurança Compartilhar este post Link para o post Compartilhar em outros sites
alexgunM 0 Denunciar post Postado Outubro 29, 2008 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" not found! Deletion of file "C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\CSRLT.EXE" deleted successfully. Completed script processing. ******************* Finished! Terminate. Compartilhar este post Link para o post Compartilhar em outros sites
alexgunM 0 Denunciar post Postado Outubro 29, 2008 Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:30, on 2008-10-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AlienGUIse\wbload.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\lg_fwupdate\fwupdate.exe C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Stardock\CursorFX\CursorFX.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\Alex\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe C:\Arquivos de programas\Netscape\Navigator 9\navigator.exe C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Arquivos de programas\Java\jre1.6.0_06\bin\jucheck.exe C:\Hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: (no name) - {0392E0F4-4CAC-4A26-9834-10DA454D5C09} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5BE6F8F2-A0AF-4A2A-9AF3-E5932BFB839E} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: (no name) - {703E97CD-8F5A-49C9-BA24-5335A0BEF960} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {864CB0A6-F301-4419-AB0C-75893CB0A1A4} - (no file) O2 - BHO: (no name) - {8ABB5E08-6B97-413E-981F-488ED0BEAB2B} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {93D31EFB-AB67-4AA9-B241-F3F0620ECB1D} - (no file) O2 - BHO: (no name) - {94F83540-3E14-4E3D-B1DC-A1405967C090} - (no file) O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Arquivos de programas\Acelerador POP\components\NOWImaging.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\Ringz Studio\Storm Codec\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [CursorFX] "C:\Arquivos de programas\Stardock\CursorFX\CursorFX.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alex\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Arquivos de programas\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [OKGO] C:\WINDOWS\system32\Press_Schutz.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Arquivos de programas\Adobe Media Player\Adobe Media Player.exe O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://cdn.hangame.com/hangame/hansetup/HanSetup1010.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C35F2158-6357-41A4-9A59-C52512E1C5E2}: NameServer = 200.204.0.10 200.204.0.138 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Alex/Desktop/alex/jogos/xbox%20blue.jpg O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Alex/Desktop/alex/jogos/ps%20logo.jpg O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Alex/Desktop/alex/arquivos/curso/12.jpg O24 - Desktop Component 3: (no name) - http://www.zwani.com/_theme/images/onion2-TL.gif O24 - Desktop Component 4: (no name) - http://img4.orkut.com/js/gen/scraps005.js O24 - Desktop Component 5: (no name) - http://img2.orkut.com/js/gen/scraps006.js O24 - Desktop Component 6: (no name) - http://img4.orkut.com/js/gen/common007.js O24 - Desktop Component 7: (no name) - http://graphics.amigos.com/images/ffe/emai...button_left.gif -- End of file - 13074 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 29, 2008 Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo: Begin copying here:Folders to delete: C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL C:\WINDOWS\system32\CSRLT.EXE Execute o Avenger.exe no desktop. ◘ Clique direito do mouse na janela Input script here:, em seguida clique em Paste ou (control + v). ◘ Clique em Execute ◘ Escolha "Yes" duas vezes, quando solicitado. Ao acabar de executar o script o PC será reiniciado. É possivel que o PC seja reiniciado mais de uma vez. Poste o log que encontrará em C:\avenger.txt Compartilhar este post Link para o post Compartilhar em outros sites
alexgunM 0 Denunciar post Postado Outubro 29, 2008 :( ta aki..... Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: folder "C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" not found! Deletion of folder "C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\WINDOWS\system32\CSRLT.EXE" not found! Deletion of folder "C:\WINDOWS\system32\CSRLT.EXE" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 31, 2008 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::C:\WINDOWS\system32\CSRLT.EXE E:\nncu6kk.com C:\WINDOWS\Tasks\At100.job C:\WINDOWS\Tasks\At101.job C:\WINDOWS\Tasks\At102.job C:\WINDOWS\Tasks\At103.job C:\WINDOWS\Tasks\At104.job C:\WINDOWS\Tasks\At105.job C:\WINDOWS\Tasks\At106.job C:\WINDOWS\Tasks\At107.job C:\WINDOWS\Tasks\At108.job C:\WINDOWS\Tasks\At109.job C:\WINDOWS\Tasks\At110.job C:\WINDOWS\Tasks\At111.job C:\WINDOWS\Tasks\At112.job C:\WINDOWS\Tasks\At113.job C:\WINDOWS\Tasks\At114.job C:\WINDOWS\Tasks\At115.job C:\WINDOWS\Tasks\At116.job C:\WINDOWS\Tasks\At117.job C:\WINDOWS\Tasks\At118.job C:\WINDOWS\Tasks\At119.job C:\WINDOWS\Tasks\At120.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At73.job C:\WINDOWS\Tasks\At74.job C:\WINDOWS\Tasks\At75.job C:\WINDOWS\Tasks\At76.job C:\WINDOWS\Tasks\At77.job C:\WINDOWS\Tasks\At78.job C:\WINDOWS\Tasks\At79.job C:\WINDOWS\Tasks\At80.job C:\WINDOWS\Tasks\At81.job C:\WINDOWS\Tasks\At82.job C:\WINDOWS\Tasks\At83.job C:\WINDOWS\Tasks\At84.job C:\WINDOWS\Tasks\At85.job C:\WINDOWS\Tasks\At86.job C:\WINDOWS\Tasks\At87.job C:\WINDOWS\Tasks\At88.job C:\WINDOWS\Tasks\At89.job .C:\WINDOWS\Tasks\At90.job C:\WINDOWS\Tasks\At91.job C:\WINDOWS\Tasks\At92.job C:\WINDOWS\Tasks\At93.job C:\WINDOWS\Tasks\At94.job C:\WINDOWS\Tasks\At95.job C:\WINDOWS\Tasks\At96.job C:\WINDOWS\Tasks\At97.job C:\WINDOWS\Tasks\At98.job C:\WINDOWS\Tasks\At99.job C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job Folder: C:\Arquivos de programas\AskSBar C:\Arquivos de programas\Conduit C:\Arquivos de programas\AskTBar C:\Documents and Settings\Alex\Dados de aplicativos\GDIPFONTCACHEV1.DAT C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CSRLT.EXE"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a1fe586-cb5c-11dc-a333-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{540e5670-a288-11dc-a2bd-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e6a1a27-c4fb-11dc-a321-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81813686-bae3-11dc-a304-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0be629a-6939-11dc-a226-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5fed4dd-ea20-11dc-a38e-f39250312a86}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c87fa17e-7f12-11dc-a25e-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9ddadf1-4ffb-11dc-a1db-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69ea335-54dc-11dc-a1ee-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f487e8-c778-11dc-a326-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae5299d-b0bd-11dc-a2e3-001bb960a1a2}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd1e09b2-e70f-11dc-a380-cb9df8702079}] Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Dezembro 7, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
