[Resolvido!] Por gentileza, analisem meu log.

[Visitante]

Percebendo uma lentidão em minha máquina, e como uso vários Web Bankings, fiquei preocupado, aí está:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:06, on 2/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\FlashGet Network\FlashGet universal\FlashGet.exe

C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe

C:\Arquivos de programas\Modem Speed\NtwSpeed.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Gustavo\Meus documentos\LitePool\LitePool.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TBSB02209 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [FlashGet] "C:\Arquivos de programas\FlashGet Network\FlashGet universal\FlashGet.exe" /min

O4 - HKLM\..\Run: [CASpeed] "C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe" /HIDE

O4 - HKLM\..\Run: [speed] "C:\Arquivos de programas\Modem Speed\NtwSpeed.exe" /HIDE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [FlashGet] "C:\Arquivos de programas\FlashGet Network\FlashGet universal\FlashGet.exe" /min

O4 - Global Startup: Iniciar o Office Banking Bradesco Plus.lnk = C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe

 

--

End of file - 7307 bytes

 

 

 

Obrigado desde já !

[PedroN 1]

◘ Faça um scan online em: < Kaspersky >

◘ Utilize para isso, o navegador Internet Explorer.

 

• Acesse o site,e clique em: < >

 

◘ Na próxima página,clique em: I Accept

◘ Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

◘ Na próxima página,clique em: My Computer e faça o scan.

◘ Tenha paciência!

◘ Aguarde a atualização da base de dados,e também do exame,que é demorado.

◘ Terminando, salve e poste o relatório.

◘ Clique em Save Report As... Para salvar o log.

◘ Salve o resultado como .txt,segundo a imagem abaixo:

 

 

◘ Poste, também, HijackThis atualizado.

[Visitante]

Kaspersky:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, November 4, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, November 04, 2008 17:31:03

Records in database: 1369581

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

 

Scan statistics:

Files scanned: 188328

Threat name: 11

Infected objects: 22

Suspicious objects: 0

Duration of the scan: 03:43:55

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Gustavo\DoctorWeb\Quarantine\Johnson, L. V. - Don't Cha Mess with My Money, My Honey, or My Woman.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Gustavo\Meus documentos\Avira_Antivir_Premium_Suite_2008.rar Infected: not-a-virus:PSWTool.Win32.IEPassView.ab 1

C:\Documents and Settings\Gustavo\Meus documentos\Meus arquivos recebidos\Nova pasta (2)\Servfull8.22\The Forgotten Server.exe Infected: Trojan.Win32.Delf.fry 1

C:\Documents and Settings\Gustavo\Meus documentos\Meus arquivos recebidos\Nova pasta (2)\Servfull8.22.rar Infected: Trojan.Win32.Delf.fry 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Gustavo - documentos\OTservers\Evolutions 0.7.3 XML\Evolutions 0.7.3 XML\Evolutions-XML.exe Infected: Trojan.Win32.Delf.ehd 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Gustavo - documentos\OTservers\Evolutions Plus 0.7.7 XML\Evolutions Plus-XML.exe Infected: Trojan.Win32.Delf.bsr 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Gustavo - documentos\OTservers\Evolutions_Plus_0_7_7_XML.rar Infected: Trojan.Win32.Delf.bsr 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Gustavo - documentos\OTservers\Nova pasta\aEvolutions_Plus_0_7_7_XML.rar Infected: Trojan.Win32.Delf.bsr 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Gustavo - documentos\OTservers\Nova pasta (5)\Evolutions 0.7.3 XML\Evolutions 0.7.3 XML\Evolutions-XML.exe Infected: Trojan.Win32.Delf.ehd 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Gustavo - documentos\OTservers\Nova pasta (5)\Pvp_Enforced_OTff_0[1].1B.rar Infected: Trojan.Win32.Delf.ehd 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Pastas Desktop\Meus documentos Antigos\awatch.zip Infected: not-a-virus:PSWTool.Win32.NetPass.ag 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Desktop\Programas Desktop\Nova pasta (2)\41331_vdownloader061.zip Infected: not-a-virus:Downloader.Win32.VDown.a 1

C:\Documents and Settings\Gustavo\Meus documentos\Nova pasta\Meus documentos\Nova pasta (12)\41331_vdownloader061.zip Infected: not-a-virus:Downloader.Win32.VDown.a 1

C:\Documents and Settings\Gustavo\Meus documentos\OTSERVERS\gesiorwar\GesiorWar-normal.exe Infected: Trojan.Win32.Delf.ewf 1

C:\Documents and Settings\Gustavo\Meus documentos\OTSERVERS\Nova pasta\gesiorwar\GesiorWar-normal.exe Infected: Trojan.Win32.Delf.ewf 1

C:\Documents and Settings\Gustavo\Meus documentos\OTSERVERS\Nova pasta\gesiorwar_windows.zip Infected: Trojan.Win32.Delf.ewf 1

C:\Documents and Settings\Gustavo\Meus documentos\OTSERVERS\Nova pasta\TFS0.3_WAR_by_Gesior.zip Infected: Trojan.Win32.Delf.erx 1

C:\Documents and Settings\Gustavo\Meus documentos\wqwq\CryptLoad_1.1.4_Baixaki.rar Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1

C:\Downloads\CryptLoad_1.1.4_Baixaki.rar Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1

C:\Downloads\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1

C:\System Volume Information\_restore{A9627C69-0EFA-44CD-83FA-38CD49FF4569}\RP74\A0020330.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1

C:\System Volume Information\_restore{A9627C69-0EFA-44CD-83FA-38CD49FF4569}\RP84\A0025522.exe Infected: not-a-virus:AdWare.Win32.AdBar.ak 1

 

The selected area was scanned.

 

 

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:44, on 4/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\cmd.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TBSB02209 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe

 

--

End of file - 6644 bytes

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

- Na solicitação: "Negação de garantia de software" --> Clique em Sim!

- Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

-- Caso aconteça a notificação de: Aplicativo Win32 inválido, delete a ferramenta e faça,novamente, o download.

-- Salve-a no desktop, renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento, e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em Modo de Segurança.

-- Ps: Evite executar,voluntariamente, esta ferramenta!Siga, àcima, todas as recomendações propostas.

- Abrir-se-á a janela Auto Scan. --> Aguarde!

- Se houver necessidade, digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix, tecle "N".

----------------------

- Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis, atualizado.

[Visitante]

Efetuei corretamente todos os passos, abre-se o auto scan, e na parte aonde fala algo sobre "houve modificações em seu relógio, será restaurado mais tarde", a máquina subitamente reinicia.

Já tentei tanto em Modo normal, quanto Modo de Segurança.

[PedroN 1]

Estar executando o combofix com os programas de proteção desabilitados?

 

 

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Gere novo log do HijackThis e cole na sua resposta.

[Visitante]

Sim, desabilitei todos os Antispywares, Antivírus, etc ...

 

 

 

 

Enfim:

Malwarebytes' Anti-Malware

 

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1372

Windows 5.1.2600 Service Pack 3

 

2008-11-07 16:07:09

mbam-log-2008-11-07 (16-07-09).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 55036

Tempo decorrido: 6 minute(s), 5 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 14

Valores do Registro infectados: 2

Ítens do Registro infectados: 3

Pastas infectadas: 1

Arquivos infectados: 4

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/system32/logof.dll (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{9ec301f7-384d-11d3-9ca3-00a024f0af03} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{59eae925-6127-11d3-9ca9-00a024f0af03} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9ec30203-384d-11d3-9ca3-00a024f0af03} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9ec30204-384d-11d3-9ca3-00a024f0af03} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9ec30204-384d-11d3-9ca3-00a024f0af03} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Delete on reboot.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\Logof.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Logof.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.

 

 

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:19, on 2008-11-07

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\FlashGet Network\FlashGet universal\flashget.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TBSB02209 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O17 - HKLM\System\CS8\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O17 - HKLM\System\CS9\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe

 

--

End of file - 7194 bytes

[PedroN 1]

Veja se agora, consegue executar o combofix

[Visitante]

Agora sim, o log está abaixo, só um detalhe; Meu FlashGet foi desinstalado, ele é uma ameaça ?

 

 

 

ComboFix

 

ComboFix 08-11-07.01 - Gustavo 2008-11-07 19:27:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1006 [GMT -2:00]

Executando de: c:\documents and settings\Gustavo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\FlashGet Network

c:\arquivos de programas\FlashGet Network\FlashGet universal\btcore.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\btwrap.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\BugReport.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\BugReport.exe

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt

c:\arquivos de programas\FlashGet Network\FlashGet universal\dbghelp.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\DBTrans.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\dbtrans_verbose.log

c:\arquivos de programas\FlashGet Network\FlashGet universal\DBTransC.exe

c:\arquivos de programas\FlashGet Network\FlashGet universal\ed2kwrap.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\explorerbar.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\fgoption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\FGVer.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\flashget.exe

c:\arquivos de programas\FlashGet Network\FlashGet universal\gt.exe

c:\arquivos de programas\FlashGet Network\FlashGet universal\hashgen.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\Help\license.txt

c:\arquivos de programas\FlashGet Network\FlashGet universal\Help\Readme.txt

c:\arquivos de programas\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\libupnp.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\LiveUpdateUI.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\Security.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\Security.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\P2PCfg.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\P2PCore.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2pprot.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2snetio.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2spmgr.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2spmgr.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2sprot.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\p2spwrap.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\p4spmgr.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Profiles\config.dat

c:\arquivos de programas\FlashGet Network\FlashGet universal\Profiles\tasks.dat

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\close_default.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\close_press.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\close_select.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\max_default.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\max_press.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\max_select.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\min_default.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\min_press.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\min_select.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\notify.wav

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\notify_board.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp

c:\arquivos de programas\FlashGet Network\FlashGet universal\Skins\Thumbs.db

c:\arquivos de programas\FlashGet Network\FlashGet universal\storage.dll

c:\arquivos de programas\FlashGet Network\FlashGet universal\SysOpt.exe

c:\arquivos de programas\FlashGet Network\FlashGet universal\transaction.log

c:\arquivos de programas\FlashGet Network\FlashGet universal\uninst.exe

c:\arquivos de programas\FlashGet Network\FlashGet universal\zlib.dll

c:\arquivos de programas\Zumie

c:\documents and settings\Gustavo\Dados de aplicativos\BITS

c:\documents and settings\Gustavo\Dados de aplicativos\BITS\BITS.ini

c:\documents and settings\Gustavo\Dados de aplicativos\BITS\DHTTable.dat

c:\documents and settings\Gustavo\Dados de aplicativos\BITS\ProxyList.ini

c:\documents and settings\Gustavo\Dados de aplicativos\BITS\UPnP.ini

c:\documents and settings\Gustavo\hl.exe

c:\documents and settings\Luana\Dados de aplicativos\BITS

c:\documents and settings\Luana\Dados de aplicativos\BITS\BITS.ini

c:\documents and settings\Luana\Dados de aplicativos\BITS\DHTTable.dat

c:\documents and settings\Luana\Dados de aplicativos\BITS\ProxyList.ini

c:\documents and settings\Luana\Dados de aplicativos\BITS\UPnP.ini

c:\windows\config.ini

c:\windows\msvrc20.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Legacy_NPF

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))

.

 

2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\Malwarebytes

2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-07 15:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-07 15:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-06 23:33 . 2008-11-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\pixelStorm

2008-11-03 18:35 . 2008-11-03 18:35 <DIR> d-------- c:\arquivos de programas\Cablenut

2008-11-02 20:52 . 2008-11-02 20:52 3,326 --a------ c:\windows\NTWLOG.000

2008-11-02 20:52 . 2008-11-02 20:52 1,268 --a------ c:\windows\NTWLOG.005

2008-11-02 20:52 . 2008-11-02 20:52 1,136 --a------ c:\windows\NTWLOG.006

2008-11-02 20:51 . 2008-11-02 20:51 <DIR> d-------- c:\arquivos de programas\Modem Speed

2008-11-02 18:07 . 2008-11-02 18:07 <DIR> d-------- c:\arquivos de programas\Cable e ADSL Speed

2008-11-02 18:07 . 2008-11-02 18:07 23,924 --a------ c:\windows\NTWLOG.007

2008-11-02 18:07 . 2008-11-02 18:07 1,592 --a------ c:\windows\NTWLOG.003

2008-11-02 18:07 . 2008-11-02 18:07 400 --a------ c:\windows\NTWLOG.002

2008-11-02 18:07 . 2008-11-02 18:07 218 --a------ c:\windows\NTWLOG.001

2008-11-02 17:01 . 2008-11-02 17:01 <DIR> d-------- c:\arquivos de programas\Ashampoo

2008-11-02 01:18 . 2008-11-02 01:18 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\sqlitestudio

2008-11-02 00:35 . 2008-11-02 00:37 <DIR> d-------- c:\arquivos de programas\GameBoost

2008-10-27 09:53 . 2008-10-27 09:53 <DIR> d-------- C:\temp

2008-10-27 09:52 . 2008-10-27 16:15 <DIR> d-------- C:\OBBPLUS

2008-10-24 08:39 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-22 08:40 . 2008-10-22 08:40 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Media Player Classic

2008-10-22 08:40 . 2008-10-22 08:40 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\DivX

2008-10-21 21:26 . 2008-10-21 21:27 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\Crystal Player

2008-10-21 21:08 . 2007-09-04 14:56 164,352 --a------ c:\windows\system32\unrar.dll

2008-10-21 21:07 . 2008-10-21 21:07 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-10-21 21:07 . 2008-09-15 22:14 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-10-21 21:07 . 2008-09-24 16:41 839,680 --a------ c:\windows\system32\lameACM.acm

2008-10-21 21:07 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-10-21 21:07 . 2008-09-15 22:11 683,520 --a------ c:\windows\system32\divx.dll

2008-10-21 21:07 . 2004-01-25 14:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-10-21 21:07 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-10-21 21:07 . 2007-09-20 22:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-10-21 21:07 . 2008-09-15 22:12 81,920 --a------ c:\windows\system32\dpl100.dll

2008-10-21 21:07 . 2008-06-12 16:36 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-10-21 21:07 . 2007-07-10 14:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-10-21 21:07 . 2008-10-03 10:30 414 --a------ c:\windows\system32\lame_acm.xml

2008-10-20 11:25 . 2008-10-20 11:25 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Windows Desktop Search

2008-10-19 19:48 . 2008-10-19 19:48 <DIR> d-------- c:\arquivos de programas\Opera

2008-10-19 19:45 . 2008-10-19 19:45 <DIR> d-------- C:\profiles

2008-10-18 22:49 . 2008-11-03 22:01 <DIR> d-------- c:\arquivos de programas\Tibia8.22VERDADEIRO

2008-10-18 22:44 . 2008-10-18 22:44 <DIR> d-------- c:\arquivos de programas\Tibia8.22

2008-10-17 20:07 . 2008-10-17 20:07 <DIR> d-------- c:\arquivos de programas\Network Stumbler

2008-10-16 19:24 . 2008-11-07 10:00 <DIR> d-------- c:\arquivos de programas\cFosSpeed

2008-10-16 19:24 . 2008-06-25 10:33 290,008 --------- c:\windows\system32\cfosspeed.dll

2008-10-16 07:28 . 2008-09-08 08:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-16 07:27 . 2008-08-14 11:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 07:27 . 2008-08-14 11:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 07:27 . 2008-08-14 11:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 07:27 . 2008-08-14 11:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 07:27 . 2008-09-15 13:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-10-14 19:26 . 2008-10-14 19:26 140,288 --a------ c:\windows\~GLC0001.TMP

2008-10-14 17:33 . 2008-10-14 17:33 <DIR> d-------- c:\arquivos de programas\Dr.Hardware 2008 english

2008-10-14 17:33 . 2005-12-01 10:49 23,600 --a------ c:\windows\system32\drivers\drhard.sys

2008-10-14 17:33 . 2005-12-01 14:38 20,651 --a------ c:\windows\system32\drivers\DRHARD.VXD

2008-10-14 17:33 . 2005-12-01 14:38 20,651 --a------ c:\windows\system32\DRHARD.VXD

2008-10-13 12:03 . 2008-10-13 12:03 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Windows Search

2008-10-13 11:26 . 2008-10-13 11:26 <DIR> d--hs---- c:\documents and settings\Luana\PrivacIE

2008-10-11 00:50 . 2008-10-11 00:50 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\iolo

2008-10-11 00:12 . 2008-10-11 00:12 <DIR> d--hs---- c:\documents and settings\Gustavo\PrivacIE

2008-10-10 23:54 . 2008-10-10 23:55 <DIR> d--h-c--- c:\windows\ie8

2008-10-10 23:40 . 2008-10-10 23:40 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2008-10-08 20:53 . 2008-10-08 20:53 <DIR> d-------- c:\documents and settings\Gustavo\WINDOWS

2008-10-08 20:53 . 1997-04-08 21:08 299,520 --a------ c:\windows\uninst.exe

2008-10-08 20:48 . 2008-10-08 21:06 <DIR> d-------- c:\arquivos de programas\Windows Live

2008-10-08 20:44 . 2008-10-08 20:44 <DIR> d-------- c:\arquivos de programas\Wiindows live

2008-10-08 01:20 . 2008-10-17 17:57 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Orbit

2008-10-07 22:39 . 2008-10-07 22:39 <DIR> d-------- c:\arquivos de programas\Magic NetTrace

2008-10-07 22:35 . 2008-10-07 22:35 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ZqWare

2008-10-07 20:11 . 2008-10-07 20:11 <DIR> d-------- c:\arquivos de programas\Microsoft

2008-10-07 18:52 . 2008-10-19 21:14 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\Orbit

2008-10-07 16:38 . 2008-10-07 16:38 <DIR> d-------- c:\arquivos de programas\P2P_Torrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 18:43 --------- d-----w c:\arquivos de programas\Valve

2008-11-07 18:43 --------- d-----w c:\arquivos de programas\sXe Injected

2008-11-07 18:09 --------- d-----w c:\arquivos de programas\GbPlugin

2008-11-04 00:08 --------- d-----w c:\arquivos de programas\Anti Trojan Elite

2008-11-04 00:08 --------- d-----w c:\arquivos de programas\Add Remove Pro

2008-11-04 00:06 --------- d-----w c:\arquivos de programas\a-squared Free

2008-11-04 00:01 --------- d-----w c:\arquivos de programas\Tibia Auto

2008-11-03 22:48 --------- d-----w c:\arquivos de programas\Arovax AntiSpyware

2008-11-02 02:44 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS

2008-11-01 15:34 --------- d-----w c:\documents and settings\Luana\Dados de aplicativos\LimeWire

2008-11-01 04:32 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\LimeWire

2008-11-01 02:35 --------- d-----w c:\arquivos de programas\Steam

2008-10-29 22:33 --------- d--h--w c:\arquivos de programas\Scpad

2008-10-27 11:54 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-21 23:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Real

2008-10-21 23:07 --------- d-----w c:\arquivos de programas\XP Codec Pack

2008-10-21 13:15 --------- d-----w c:\arquivos de programas\BPesq

2008-10-21 12:04 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-10-14 21:26 --------- d-----w c:\arquivos de programas\TuneUp Utilities 2008

2008-10-14 16:09 --------- d-----w c:\documents and settings\NetworkService\Dados de aplicativos\iolo

2008-10-13 14:27 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2008-10-08 23:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-10-07 16:18 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-10-07 15:53 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-06 23:48 --------- d-----w c:\arquivos de programas\MSECache

2008-10-04 16:43 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2008-10-02 19:43 140,288 ----a-w c:\windows\~GLC0000.TMP

2008-10-02 19:16 --------- d-----w c:\arquivos de programas\XoftSpySE

2008-10-01 23:35 --------- d-----w c:\arquivos de programas\MaxTruco

2008-09-26 22:20 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\Windows Search

2008-09-26 21:41 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\Windows Desktop Search

2008-09-26 21:41 --------- d-----w c:\arquivos de programas\Windows Desktop Search

2008-09-26 21:40 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-09-26 00:14 --------- d-----w c:\arquivos de programas\Puxa Rápido

2008-09-24 22:58 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2008-09-23 01:20 --------- d-----w c:\arquivos de programas\SpeederXP

2008-09-22 23:36 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-09-21 20:26 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-09-21 04:15 --------- d-----w c:\arquivos de programas\SiSoftware

2008-09-17 21:02 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\MegauploadToolbar

2008-09-17 20:51 --------- d-----w c:\arquivos de programas\Yahoo!

2008-09-15 21:22 --------- d-----w c:\arquivos de programas\PDF Editor 2

2008-09-15 21:19 --------- d-----w c:\arquivos de programas\PDF 2 Word 2

2008-09-15 21:08 74,752 ----a-w c:\windows\cadkasdeinst01e.exe

2008-09-14 23:27 --------- d-----w c:\arquivos de programas\SystemRequirementsLab

2008-09-14 23:16 --------- d-----w c:\arquivos de programas\VS Revo Group

2008-09-14 21:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Symantec

2008-09-14 20:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2008-09-14 19:29 --------- d-----w c:\arquivos de programas\Smith Micro

2008-09-13 23:14 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Corporation

2008-09-13 23:13 --------- d-----w c:\arquivos de programas\Microsoft Windows Vista Upgrade Advisor

2008-09-13 17:21 --------- d-----w c:\arquivos de programas\HD Tune

2008-09-12 23:22 --------- d-----w c:\arquivos de programas\Keylogger Killer

2008-09-12 01:10 --------- d-----w c:\arquivos de programas\a-squared HiJackFree

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-09-08 00:35 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\iolo

2008-09-08 00:32 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\iolo

2008-09-08 00:29 --------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\iolo

2008-09-08 00:28 --------- d-----w c:\arquivos de programas\Iolo

2008-08-03 04:42 11,960 ----a-w c:\documents and settings\Gustavo\ntuserdirect_MyManager.dat

2008-07-03 18:09 774,144 ----a-w c:\arquivos de programas\RngInterstitial.dll

2005-11-30 19:56 1,729,853 ----a-w c:\documents and settings\Gustavo\sw.dll

2005-11-22 21:35 225,280 ----a-w c:\documents and settings\Gustavo\vstdlib_s.dll

2005-11-22 21:35 2,068,480 ----a-w c:\documents and settings\Gustavo\swds.dll

2005-10-04 19:00 258,114 ----a-w c:\documents and settings\Gustavo\vgui2.dll

2005-10-04 18:58 2,058,810 ----a-w c:\documents and settings\Gustavo\hw.dll

2005-08-12 15:31 397,312 ----a-w c:\documents and settings\Gustavo\steamclient.dll

2005-08-09 13:42 217,088 ----a-w c:\documents and settings\Gustavo\tier0_s.dll

2005-06-08 13:36 397,312 ----a-w c:\documents and settings\Gustavo\hlds.exe

2005-06-08 13:36 122,980 ----a-w c:\documents and settings\Gustavo\FileSystem_Steam.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2004-08-13 16:54 69,632 ----a-w c:\documents and settings\Gustavo\dbg.dll

2004-08-13 16:54 610,304 ----a-w c:\documents and settings\Gustavo\proxy.dll

2004-08-13 16:54 53,248 ----a-w c:\documents and settings\Gustavo\voice_miles.dll

2004-08-13 16:54 352,256 ----a-w c:\documents and settings\Gustavo\vgui.dll

2004-08-13 16:54 351,744 ----a-w c:\documents and settings\Gustavo\Mss32.dll

2004-08-13 16:54 3,719,168 ----a-w c:\documents and settings\Gustavo\Steam.dll

2004-08-13 16:54 225,280 ----a-w c:\documents and settings\Gustavo\Core.dll

2004-08-13 16:54 221,184 ----a-w c:\documents and settings\Gustavo\hltv.exe

2004-08-13 16:54 139,264 ----a-w c:\documents and settings\Gustavo\voice_speex.dll

2004-08-13 16:54 118,872 ----a-w c:\documents and settings\Gustavo\FileSystem_Stdio.dll

2004-08-13 16:53 90,112 ----a-w c:\documents and settings\Gustavo\DemoPlayer.dll

2004-08-13 16:53 211,456 ----a-w c:\documents and settings\Gustavo\a3dapi.dll

2008-05-08 22:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050820080509\index.dat

.

 

------- Sigcheck -------

 

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 09:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2004-08-04 10:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys

2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys

2007-10-30 15:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\Service Pack 3\$ntservicepackuninstall$\tcpip.sys

2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS

2008-11-02 00:44 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\dllcache\TCPIP.SYS

2008-11-02 00:44 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\TCPIP.SYS

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]

"nwiz"="nwiz.exe" [2004-10-29 c:\windows\system32\nwiz.exe]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

path=

backup=

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 20:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed]

--a------ 2002-10-29 15:57 214528 c:\arquivos de programas\Modem Speed\NtwSpeed.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

--a------ 2008-07-30 16:00 909904 c:\arquivos de programas\Trojan Remover\Trjscan.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\macabrouz\\counter-strike\\hl.exe"=

"c:\\Documents and Settings\\Gustavo\\Meus documentos\\Meus arquivos recebidos\\Nova pasta (2)\\Servfull8.22\\The Forgotten Server.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R2 drhard;drhard;c:\windows\system32\drivers\drhard.sys [2005-12-01 23600]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328]

R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328]

R2 OBBPLUS;Office Banking Bradesco Plus;c:\obbplus\aplicacao\infra\tomcat\bin\obbplus.exe [2008-03-20 120184]

R3 cm102u32;C-Media CM6501 Like Sound Interface;c:\windows\system32\drivers\c6501.sys [2006-09-05 1419968]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2005-04-06 26752]

R3 usbprint;Microsoft USB PRINTER Class;c:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 ATE_PROCMON;ATE_PROCMON;c:\arquivos de programas\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]

S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [ ]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2005-08-09 28800]

S4 NMSAccessU;NMSAccessU;c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cd2228-39f4-11dd-9f42-000854d9d93e}]

\Shell\AutoRun\command - n.com

\Shell\explore\Command - n.com

\Shell\open\Command - n.com

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-09-12 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClick.exe [2007-12-21 16:17]

 

2008-09-12 c:\windows\Tasks\1-Klick-Wartung.job

- c:\arquivos de programas\TuneUp Utilities 2008\SystemOptimizer.exe [2007-12-21 16:17]

 

2008-09-14 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2008-07-18 12:08]

 

2008-09-13 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Gustavo\Configura []

 

2008-09-12 c:\windows\Tasks\Mantenimiento con 1 clic.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClick.exe [2007-12-21 16:17]

 

2008-09-14 c:\windows\Tasks\RegCure Program Check.job

- c:\arquivos de programas\RegCure\RegCure.exe [2007-08-02 10:20]

 

2008-08-31 c:\windows\Tasks\RegCure.job

- c:\arquivos de programas\RegCure\RegCure.exe [2007-08-02 10:20]

 

2008-09-14 c:\windows\Tasks\XoftSpySE 2.job

- c:\arquivos de programas\XoftSpySE\XoftSpy.exe [2008-08-30 18:07]

 

2008-08-30 c:\windows\Tasks\XoftSpySE.job

- c:\arquivos de programas\XoftSpySE\XoftSpy.exe [2008-08-30 18:07]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

Notify- GbPluginCef - (no file)

Notify-avldr - (no file)

Notify-dimsntfy - (no file)

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\3r8xkiqf.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank

FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\arquivos de programas\Opera\program\plugins\nppdf32.dll

FF -: plugin - c:\arquivos de programas\Opera\program\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\Opera\program\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF -: plugin - c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF -: plugin - c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF -: plugin - c:\documents and settings\Gustavo\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 19:32:46

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\arquivos de programas\cFosSpeed\spd.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\searchindexer.exe

c:\windows\pchealth\helpctr\binaries\helpsvc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-07 19:37:20 - Máquina reiniciou [Gustavo]

ComboFix-quarantined-files.txt 2008-11-07 21:37:17

 

Pré-execução: 30 pasta(s) 67,747,782,656 bytes disponíveis

Pós execução: 30 pasta(s) 68,001,910,784 bytes disponíveis

 

572 --- E O F --- 2008-10-24 10:53:56

 

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:41, on 7/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TBSB02209 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O17 - HKLM\System\CS8\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O17 - HKLM\System\CS9\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe

 

--

End of file - 7375 bytes

[PedroN 1]

Meu FlashGet foi desinstalado, ele é uma ameaça ?

 

Assim que terminarmos o processo de remoção você poderá instala-lo novamente, ok?

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\Tasks\1-Click Maintenance.job

c:\windows\Tasks\1-Klick-Wartung.job

c:\windows\Tasks\GlaryInitialize.job

c:\windows\Tasks\GoogleUpdateTaskUser.job

c:\windows\Tasks\Mantenimiento con 1 clic.job

c:\windows\Tasks\RegCure Program Check.job

c:\windows\Tasks\RegCure.job

c:\windows\Tasks\XoftSpySE 2.job

c:\windows\Tasks\XoftSpySE.job

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cd2228-39f4-11dd-9f42-000854d9d93e}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[Visitante]

ComboFix

 

ComboFix 08-11-09.04 - Gustavo 2008-11-10 21:06:40.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1058 [GMT -2:00]

Executando de: c:\documents and settings\Gustavo\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Gustavo\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\Tasks\1-Click Maintenance.job

c:\windows\Tasks\1-Klick-Wartung.job

c:\windows\Tasks\GlaryInitialize.job

c:\windows\Tasks\GoogleUpdateTaskUser.job

c:\windows\Tasks\Mantenimiento con 1 clic.job

c:\windows\Tasks\RegCure Program Check.job

c:\windows\Tasks\RegCure.job

c:\windows\Tasks\XoftSpySE 2.job

c:\windows\Tasks\XoftSpySE.job

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Tasks\1-Click Maintenance.job

c:\windows\Tasks\1-Klick-Wartung.job

c:\windows\Tasks\GlaryInitialize.job

c:\windows\Tasks\GoogleUpdateTaskUser.job

c:\windows\Tasks\Mantenimiento con 1 clic.job

c:\windows\Tasks\RegCure Program Check.job

c:\windows\Tasks\RegCure.job

c:\windows\Tasks\XoftSpySE 2.job

c:\windows\Tasks\XoftSpySE.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Legacy_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))

.

 

2008-11-10 18:55 . 2008-04-13 19:18 6,144 --a------ c:\windows\system32\kbd106.dll

2008-11-10 18:55 . 2008-04-13 19:18 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll

2008-11-08 13:02 . 2008-11-08 13:02 <DIR> d-------- c:\arquivos de programas\Panasonic

2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\Malwarebytes

2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-11-07 15:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-07 15:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-06 23:33 . 2008-11-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\pixelStorm

2008-11-03 18:35 . 2008-11-03 18:35 <DIR> d-------- c:\arquivos de programas\Cablenut

2008-11-02 20:52 . 2008-11-02 20:52 3,326 --a------ c:\windows\NTWLOG.000

2008-11-02 20:52 . 2008-11-02 20:52 1,268 --a------ c:\windows\NTWLOG.005

2008-11-02 20:52 . 2008-11-02 20:52 1,136 --a------ c:\windows\NTWLOG.006

2008-11-02 20:51 . 2008-11-02 20:51 <DIR> d-------- c:\arquivos de programas\Modem Speed

2008-11-02 18:07 . 2008-11-02 18:07 <DIR> d-------- c:\arquivos de programas\Cable e ADSL Speed

2008-11-02 18:07 . 2008-11-02 18:07 23,924 --a------ c:\windows\NTWLOG.007

2008-11-02 18:07 . 2008-11-02 18:07 1,592 --a------ c:\windows\NTWLOG.003

2008-11-02 18:07 . 2008-11-02 18:07 400 --a------ c:\windows\NTWLOG.002

2008-11-02 18:07 . 2008-11-02 18:07 218 --a------ c:\windows\NTWLOG.001

2008-11-02 17:01 . 2008-11-02 17:01 <DIR> d-------- c:\arquivos de programas\Ashampoo

2008-11-02 01:18 . 2008-11-02 01:18 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\sqlitestudio

2008-11-02 00:35 . 2008-11-02 00:37 <DIR> d-------- c:\arquivos de programas\GameBoost

2008-10-27 09:53 . 2008-10-27 09:53 <DIR> d-------- C:\temp

2008-10-27 09:52 . 2008-10-27 16:15 <DIR> d-------- C:\OBBPLUS

2008-10-24 08:39 . 2008-10-15 14:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-22 08:40 . 2008-10-22 08:40 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Media Player Classic

2008-10-22 08:40 . 2008-10-22 08:40 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\DivX

2008-10-21 21:26 . 2008-10-21 21:27 <DIR> d-------- c:\documents and settings\Gustavo\Dados de aplicativos\Crystal Player

2008-10-21 21:08 . 2007-09-04 14:56 164,352 --a------ c:\windows\system32\unrar.dll

2008-10-21 21:07 . 2008-10-21 21:07 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-10-21 21:07 . 2008-09-15 22:14 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-10-21 21:07 . 2008-09-24 16:41 839,680 --a------ c:\windows\system32\lameACM.acm

2008-10-21 21:07 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-10-21 21:07 . 2008-09-15 22:11 683,520 --a------ c:\windows\system32\divx.dll

2008-10-21 21:07 . 2004-01-25 14:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-10-21 21:07 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-10-21 21:07 . 2007-09-20 22:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-10-21 21:07 . 2008-09-15 22:12 81,920 --a------ c:\windows\system32\dpl100.dll

2008-10-21 21:07 . 2008-06-12 16:36 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-10-21 21:07 . 2007-07-10 14:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-10-21 21:07 . 2008-10-03 10:30 414 --a------ c:\windows\system32\lame_acm.xml

2008-10-20 11:25 . 2008-10-20 11:25 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Windows Desktop Search

2008-10-19 19:48 . 2008-10-19 19:48 <DIR> d-------- c:\arquivos de programas\Opera

2008-10-19 19:45 . 2008-10-19 19:45 <DIR> d-------- C:\profiles

2008-10-18 22:49 . 2008-11-03 22:01 <DIR> d-------- c:\arquivos de programas\Tibia8.22VERDADEIRO

2008-10-18 22:44 . 2008-10-18 22:44 <DIR> d-------- c:\arquivos de programas\Tibia8.22

2008-10-17 20:07 . 2008-10-17 20:07 <DIR> d-------- c:\arquivos de programas\Network Stumbler

2008-10-16 19:24 . 2008-11-07 10:00 <DIR> d-------- c:\arquivos de programas\cFosSpeed

2008-10-16 19:24 . 2008-06-25 10:33 290,008 --------- c:\windows\system32\cfosspeed.dll

2008-10-16 07:28 . 2008-09-08 08:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-16 07:27 . 2008-08-14 11:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 07:27 . 2008-08-14 11:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 07:27 . 2008-08-14 11:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 07:27 . 2008-08-14 11:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 07:27 . 2008-09-15 13:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-10-14 19:26 . 2008-10-14 19:26 140,288 --a------ c:\windows\~GLC0001.TMP

2008-10-14 17:33 . 2008-10-14 17:33 <DIR> d-------- c:\arquivos de programas\Dr.Hardware 2008 english

2008-10-14 17:33 . 2005-12-01 10:49 23,600 --a------ c:\windows\system32\drivers\drhard.sys

2008-10-14 17:33 . 2005-12-01 14:38 20,651 --a------ c:\windows\system32\drivers\DRHARD.VXD

2008-10-14 17:33 . 2005-12-01 14:38 20,651 --a------ c:\windows\system32\DRHARD.VXD

2008-10-13 12:03 . 2008-10-13 12:03 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\Windows Search

2008-10-13 11:26 . 2008-10-13 11:26 <DIR> d--hs---- c:\documents and settings\Luana\PrivacIE

2008-10-11 00:50 . 2008-10-11 00:50 <DIR> d-------- c:\documents and settings\Luana\Dados de aplicativos\iolo

2008-10-11 00:12 . 2008-10-11 00:12 <DIR> d--hs---- c:\documents and settings\Gustavo\PrivacIE

2008-10-10 23:54 . 2008-10-10 23:55 <DIR> d--h-c--- c:\windows\ie8

2008-10-10 23:40 . 2008-10-10 23:40 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 21:38 --------- d--h--w c:\arquivos de programas\Scpad

2008-11-08 17:33 --------- d-----w c:\documents and settings\Luana\Dados de aplicativos\LimeWire

2008-11-08 01:44 --------- d-----w c:\arquivos de programas\Valve

2008-11-07 21:49 --------- d-----w c:\arquivos de programas\sXe Injected

2008-11-07 18:09 --------- d-----w c:\arquivos de programas\GbPlugin

2008-11-04 00:08 --------- d-----w c:\arquivos de programas\Anti Trojan Elite

2008-11-04 00:08 --------- d-----w c:\arquivos de programas\Add Remove Pro

2008-11-04 00:06 --------- d-----w c:\arquivos de programas\a-squared Free

2008-11-04 00:01 --------- d-----w c:\arquivos de programas\Tibia Auto

2008-11-03 22:48 --------- d-----w c:\arquivos de programas\Arovax AntiSpyware

2008-11-02 02:44 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS

2008-11-01 04:32 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\LimeWire

2008-11-01 02:35 --------- d-----w c:\arquivos de programas\Steam

2008-10-27 11:54 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-21 23:20 --------- d-----w c:\arquivos de programas\Arquivos comuns\Real

2008-10-21 23:07 --------- d-----w c:\arquivos de programas\XP Codec Pack

2008-10-21 13:15 --------- d-----w c:\arquivos de programas\BPesq

2008-10-21 12:04 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-10-19 23:14 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\Orbit

2008-10-17 19:57 --------- d-----w c:\documents and settings\Luana\Dados de aplicativos\Orbit

2008-10-14 21:26 --------- d-----w c:\arquivos de programas\TuneUp Utilities 2008

2008-10-14 16:09 --------- d-----w c:\documents and settings\NetworkService\Dados de aplicativos\iolo

2008-10-13 14:27 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2008-10-08 23:06 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-08 23:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-10-08 22:44 --------- d-----w c:\arquivos de programas\Wiindows live

2008-10-08 00:39 --------- d-----w c:\arquivos de programas\Magic NetTrace

2008-10-08 00:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ZqWare

2008-10-07 22:11 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-07 18:38 --------- d-----w c:\arquivos de programas\P2P_Torrent

2008-10-07 16:18 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-10-07 15:53 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-06 23:48 --------- d-----w c:\arquivos de programas\MSECache

2008-10-04 16:43 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2008-10-02 19:43 140,288 ----a-w c:\windows\~GLC0000.TMP

2008-10-02 19:16 --------- d-----w c:\arquivos de programas\XoftSpySE

2008-10-01 23:35 --------- d-----w c:\arquivos de programas\MaxTruco

2008-09-26 22:20 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\Windows Search

2008-09-26 21:41 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\Windows Desktop Search

2008-09-26 21:41 --------- d-----w c:\arquivos de programas\Windows Desktop Search

2008-09-26 21:40 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-09-26 00:14 --------- d-----w c:\arquivos de programas\Puxa Rápido

2008-09-24 22:58 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2008-09-23 01:20 --------- d-----w c:\arquivos de programas\SpeederXP

2008-09-22 23:36 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-09-21 20:26 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-09-21 04:15 --------- d-----w c:\arquivos de programas\SiSoftware

2008-09-17 21:02 --------- d-----w c:\documents and settings\Gustavo\Dados de aplicativos\MegauploadToolbar

2008-09-17 20:51 --------- d-----w c:\arquivos de programas\Yahoo!

2008-09-15 21:22 --------- d-----w c:\arquivos de programas\PDF Editor 2

2008-09-15 21:19 --------- d-----w c:\arquivos de programas\PDF 2 Word 2

2008-09-15 21:08 74,752 ----a-w c:\windows\cadkasdeinst01e.exe

2008-09-14 23:27 --------- d-----w c:\arquivos de programas\SystemRequirementsLab

2008-09-14 23:16 --------- d-----w c:\arquivos de programas\VS Revo Group

2008-09-14 21:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Symantec

2008-09-14 20:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2008-09-14 19:29 --------- d-----w c:\arquivos de programas\Smith Micro

2008-09-13 23:14 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Corporation

2008-09-13 23:13 --------- d-----w c:\arquivos de programas\Microsoft Windows Vista Upgrade Advisor

2008-09-13 17:21 --------- d-----w c:\arquivos de programas\HD Tune

2008-09-12 23:22 --------- d-----w c:\arquivos de programas\Keylogger Killer

2008-09-12 01:10 --------- d-----w c:\arquivos de programas\a-squared HiJackFree

2008-08-03 04:42 11,960 ----a-w c:\documents and settings\Gustavo\ntuserdirect_MyManager.dat

2008-07-03 18:09 774,144 ----a-w c:\arquivos de programas\RngInterstitial.dll

2005-11-30 19:56 1,729,853 ----a-w c:\documents and settings\Gustavo\sw.dll

2005-11-22 21:35 225,280 ----a-w c:\documents and settings\Gustavo\vstdlib_s.dll

2005-11-22 21:35 2,068,480 ----a-w c:\documents and settings\Gustavo\swds.dll

2005-10-04 19:00 258,114 ----a-w c:\documents and settings\Gustavo\vgui2.dll

2005-10-04 18:58 2,058,810 ----a-w c:\documents and settings\Gustavo\hw.dll

2005-08-12 15:31 397,312 ----a-w c:\documents and settings\Gustavo\steamclient.dll

2005-08-09 13:42 217,088 ----a-w c:\documents and settings\Gustavo\tier0_s.dll

2005-06-08 13:36 397,312 ----a-w c:\documents and settings\Gustavo\hlds.exe

2005-06-08 13:36 122,980 ----a-w c:\documents and settings\Gustavo\FileSystem_Steam.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2004-08-13 16:54 69,632 ----a-w c:\documents and settings\Gustavo\dbg.dll

2004-08-13 16:54 610,304 ----a-w c:\documents and settings\Gustavo\proxy.dll

2004-08-13 16:54 53,248 ----a-w c:\documents and settings\Gustavo\voice_miles.dll

2004-08-13 16:54 352,256 ----a-w c:\documents and settings\Gustavo\vgui.dll

2004-08-13 16:54 351,744 ----a-w c:\documents and settings\Gustavo\Mss32.dll

2004-08-13 16:54 3,719,168 ----a-w c:\documents and settings\Gustavo\Steam.dll

2004-08-13 16:54 225,280 ----a-w c:\documents and settings\Gustavo\Core.dll

2004-08-13 16:54 221,184 ----a-w c:\documents and settings\Gustavo\hltv.exe

2004-08-13 16:54 139,264 ----a-w c:\documents and settings\Gustavo\voice_speex.dll

2004-08-13 16:54 118,872 ----a-w c:\documents and settings\Gustavo\FileSystem_Stdio.dll

2004-08-13 16:53 90,112 ----a-w c:\documents and settings\Gustavo\DemoPlayer.dll

2004-08-13 16:53 211,456 ----a-w c:\documents and settings\Gustavo\a3dapi.dll

2008-05-08 22:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008050820080509\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-07_19.36.57.71 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-21 10:06:48 274,432 ----a-w c:\windows\system32\Logof.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]

"nwiz"="nwiz.exe" [2004-10-29 c:\windows\system32\nwiz.exe]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

path=

backup=

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 20:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed]

--a------ 2002-10-29 15:57 214528 c:\arquivos de programas\Modem Speed\NtwSpeed.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

--a------ 2008-07-30 16:00 909904 c:\arquivos de programas\Trojan Remover\Trjscan.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\macabrouz\\counter-strike\\hl.exe"=

"c:\\Documents and Settings\\Gustavo\\Meus documentos\\Meus arquivos recebidos\\Nova pasta (2)\\Servfull8.22\\The Forgotten Server.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R2 drhard;drhard;c:\windows\system32\drivers\drhard.sys [2005-12-01 23600]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328]

R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328]

R2 OBBPLUS;Office Banking Bradesco Plus;c:\obbplus\aplicacao\infra\tomcat\bin\obbplus.exe [2008-03-20 120184]

R3 cm102u32;C-Media CM6501 Like Sound Interface;c:\windows\system32\drivers\c6501.sys [2006-09-05 1419968]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2005-04-06 26752]

R3 usbprint;Microsoft USB PRINTER Class;c:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 ATE_PROCMON;ATE_PROCMON;c:\arquivos de programas\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [2008-09-16 46464]

S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [ ]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2005-08-09 28800]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 21:11:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\arquivos de programas\cFosSpeed\spd.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-10 21:13:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-10 23:13:45

ComboFix2.txt 2008-11-07 21:37:21

 

Pré-execução: 30 pasta(s) 66.815.426.560 bytes disponíveis

Pós execução: 30 pasta(s) 66,817,171,456 bytes disponíveis

 

273 --- E O F --- 2008-10-24 10:53:56

 

 

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:15, on 10/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TBSB02209 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: &Download All by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Arquivos de programas\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O17 - HKLM\System\CS8\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O17 - HKLM\System\CS9\Services\Tcpip\..\{29EA04C2-99F4-4119-B1B1-C7B669DC342D}: NameServer = 201.10.120.2,201.10.128.3

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Arquivos de programas\cFosSpeed\spd.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Banking Bradesco Plus (OBBPLUS) - Banco Bradesco S.A. - C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplus.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe

 

--

End of file - 7705 bytes

[PedroN 1]

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Atualize o Java.

Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.

• • Faça download da última versão do

Java Runtime Environment (JRE) 6u7.
• Procure onde está escrito "Java Runtime Environment (JRE) 6update7".
• Clique no botão Download.
• Marque a opção que diz Accept License Agreement.
• A página será atualizada.
• Clique no link para download Windows Offline Installation e salve no seu desktop. (O arquivo tem em torno de 70 Mb)
• Feche qualquer programa que esteja executando, especialmente navegadores.
• Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
Exemplos de versões antigas
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
• Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
• Clique no botão Remover ou Alterar/Remover.
• Repita quantas vezes for necessária para remover cada versão do Java.
• Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
• Agora vá no seu desktop, clique duas vezes em jre-6u7-windows-i586-p.exe para instalar a mais nova versão.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

[Visitante]

Ok.

Agora eu posso instalar o FlashGet novamente ?

[PedroN 1]

Ok.

Agora eu posso instalar o FlashGet novamente ?

 

Sim :thumbsup:

[Visitante]

Ok.

Muito obrigado ! :]

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.