[Arquivado] Pc infectado

[Armando Leitão 0]

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2009/01/23 05:50:27

 

Norman Scanner Engine Version: 5.93.01

Nvcbin.def Version: 5.93.00, Date: 2009/01/23 05:50:27, Variants: 2614638

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: CASA-4B2D312D8D\Administrador

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe," -> "C:\WINDOWS\System32\userinit.exe,"

Removed hosts entry: 0.0.0.0 gtcc1.acecounter.com

Removed hosts entry: 0.0.0.0 gtp1.acecounter.com

Removed hosts entry: 0.0.0.0 acestats.com

Removed hosts entry: 0.0.0.0 www.acestats.com

Removed hosts entry: 0.0.0.0 www.activesearch.com

Removed hosts entry: 0.0.0.0 actualnames.com

Removed hosts entry: 0.0.0.0 www.actualnames.com

Removed hosts entry: 0.0.0.0 ad-up.com

Removed hosts entry: 0.0.0.0 www.ad-up.com

Removed hosts entry: 0.0.0.0 adatom.com

Removed hosts entry: 0.0.0.0 aesp.adatom.com

Removed hosts entry: 0.0.0.0 adbest.com

Removed hosts entry: 0.0.0.0 www.adcipta.net

Removed hosts entry: 0.0.0.0 adserv.adbonus.com

Removed hosts entry: 0.0.0.0 www.adbonus.com

Removed hosts entry: 0.0.0.0 media.adcentriconline.com

Removed hosts entry: 0.0.0.0 ad2.adcept.net

Removed hosts entry: 0.0.0.0 ad3.adcept.net

Removed hosts entry: 0.0.0.0 www.adcept.net

Removed hosts entry: 0.0.0.0 adcomplete.com

Removed hosts entry: 0.0.0.0 www.adcomplete.com

Removed hosts entry: 0.0.0.0 ads.adcorps.com

Removed hosts entry: 0.0.0.0 ads2.adcorps.com

Removed hosts entry: 0.0.0.0 ads.addynamix.com

Removed hosts entry: 0.0.0.0 pt.server1.adexit.com

Removed hosts entry: 0.0.0.0 www.adexit.com

Removed hosts entry: 0.0.0.0 www.ad4ever.com

Removed hosts entry: 0.0.0.0 ssl3.adhost.com

Removed hosts entry: 0.0.0.0 www2.adhost.com

Removed hosts entry: 0.0.0.0 www.addme.com

Removed hosts entry: 0.0.0.0 adsvr.adknowledge.com

Removed hosts entry: 0.0.0.0 web.adknowledge.com

Removed hosts entry: 0.0.0.0 te.adlandpro.com

Removed hosts entry: 0.0.0.0 ad.adlegend.com

Removed hosts entry: 0.0.0.0 media.adlegend.com

Removed hosts entry: 0.0.0.0 www.adminder.com

Removed hosts entry: 0.0.0.0 adsfac.net

Removed hosts entry: 0.0.0.0 www.adonweb.com

Removed hosts entry: 0.0.0.0 adreactor.com

Removed hosts entry: 0.0.0.0 adserver.adreactor.com

Removed hosts entry: 0.0.0.0 www.adrelevance.com

Removed hosts entry: 0.0.0.0 media.adrevolver.com

Removed hosts entry: 0.0.0.0 track.adrevolver.com

Removed hosts entry: 0.0.0.0 serv.ad-rotator.com

Removed hosts entry: 0.0.0.0 serv2.ad-rotator.com

Removed hosts entry: 0.0.0.0 livelines.ads365.com

Removed hosts entry: 0.0.0.0 www.ads365.com

Removed hosts entry: 0.0.0.0 ads.adsag.com

Removed hosts entry: 0.0.0.0 di.adsag.com

Removed hosts entry: 0.0.0.0 img.adsag.com

Removed hosts entry: 0.0.0.0 adserv.com

Removed hosts entry: 0.0.0.0 www.adserv.com

Removed hosts entry: 0.0.0.0 adsincontext.com

Removed hosts entry: 0.0.0.0 adserver.adsincontext.com

Removed hosts entry: 0.0.0.0 www.adsincontext.com

Removed hosts entry: 0.0.0.0 37.adsonar.com

Removed hosts entry: 0.0.0.0 ads.adsonar.com

Removed hosts entry: 0.0.0.0 js.adsonar.com

Removed hosts entry: 0.0.0.0 downldcl.adtoolsinc.com

Removed hosts entry: 0.0.0.0 www.adtoolsinc.com

Removed hosts entry: 0.0.0.0 www.adtrader.com

Removed hosts entry: 0.0.0.0 survey.advantageresearch.com

Removed hosts entry: 0.0.0.0 ads.advertise.net

Removed hosts entry: 0.0.0.0 advertisingvision.com

Removed hosts entry: 0.0.0.0 www.advertisingvision.com

Removed hosts entry: 0.0.0.0 adpowerzone.advertserve.com

Removed hosts entry: 0.0.0.0 adviva.com

Removed hosts entry: 0.0.0.0 www.adviva.com

Removed hosts entry: 0.0.0.0 ads.adviva.net

Removed hosts entry: 0.0.0.0 adstats.adviva.net

Removed hosts entry: 0.0.0.0 tracker.affistats.com

Removed hosts entry: 0.0.0.0 banners.affiliatefuel.com

Removed hosts entry: 0.0.0.0 www.affiliatefuel.com

Removed hosts entry: 0.0.0.0 affiliatetarget.com

Removed hosts entry: 0.0.0.0 www.affiliatetarget.com

Removed hosts entry: 0.0.0.0 fcds.affiliatetracking.net

Removed hosts entry: 0.0.0.0 our.affiliatetracking.net

Removed hosts entry: 0.0.0.0 www.affiliatetracking.net

Removed hosts entry: 0.0.0.0 www.affiliatetracking.com

Removed hosts entry: 0.0.0.0 aams1.aim4media.com

Removed hosts entry: 0.0.0.0 adcodes.aim4media.com

Removed hosts entry: 0.0.0.0 adserver.aim4media.com

Removed hosts entry: 0.0.0.0 adtest.aim4media.com

Removed hosts entry: 0.0.0.0 artwork.aim4media.com

Removed hosts entry: 0.0.0.0 pops.aim4media.com

Removed hosts entry: 0.0.0.0 www.aim4media.com

Removed hosts entry: 0.0.0.0 download.alexa.com

Removed hosts entry: 0.0.0.0 www.allthatsearch.com

Removed hosts entry: 0.0.0.0 v8.alwaysupdatednews.com

Removed hosts entry: 0.0.0.0 www.alwaysupdatednews.com

Removed hosts entry: 0.0.0.0 ads.as4x.tmcs.akadns.net

Removed hosts entry: 0.0.0.0 bantam.ai.net

Removed hosts entry: 0.0.0.0 fiona.ai.net

Removed hosts entry: 0.0.0.0 www.amazingcounters.com

Removed hosts entry: 0.0.0.0 ads.amazingmedia.com

Removed hosts entry: 0.0.0.0 adserver04.ancestry.com

Removed hosts entry: 0.0.0.0 search.antarasystems.com

Removed hosts entry: 0.0.0.0 www.antarasystems.com

Removed hosts entry: 0.0.0.0 ads.antionline.com

Removed hosts entry: 0.0.0.0 junior.apk.net

Removed hosts entry: 0.0.0.0 banner.arttoday.com

Removed hosts entry: 0.0.0.0 asimpleinternet.com

Removed hosts entry: 0.0.0.0 www.asimpleinternet.com

Removed hosts entry: 0.0.0.0 ads.aspalliance.com

Removed hosts entry: 0.0.0.0 dist.atlas-ia.com

Removed hosts entry: 0.0.0.0 www.atlas-ia.com

Removed hosts entry: 0.0.0.0 te.audiencematch.net

Removed hosts entry: 0.0.0.0 audiogalaxy.com

Removed hosts entry: 0.0.0.0 www.audiogalaxy.com

Removed hosts entry: 0.0.0.0 adserving.autotrader.com

Removed hosts entry: 0.0.0.0 cploving.awmhost.net

Removed hosts entry: 0.0.0.0 bar.baidu.com

Removed hosts entry: 0.0.0.0 www.banner-mania.com

Removed hosts entry: 0.0.0.0 www.bannerspace.com

Removed hosts entry: 0.0.0.0 www2.bannerspace.com

Removed hosts entry: 0.0.0.0 www3.bannerspace.com

Removed hosts entry: 0.0.0.0 www5.bannerspace.com

Removed hosts entry: 0.0.0.0 www6.bannerspace.com

Removed hosts entry: 0.0.0.0 www7.bannerspace.com

Removed hosts entry: 0.0.0.0 bannerswap.com

Removed hosts entry: 0.0.0.0 www.bannerswap.com

Removed hosts entry: 0.0.0.0 media.baventures.com

Removed hosts entry: 0.0.0.0 ads.betanews.com

Removed hosts entry: 0.0.0.0 ads.bidclix.com

Removed hosts entry: 0.0.0.0 www.bidclix.com

Removed hosts entry: 0.0.0.0 bidclix.net

Removed hosts entry: 0.0.0.0 www.bidclix.net

Removed hosts entry: 0.0.0.0 bigtracker.com

Removed hosts entry: 0.0.0.0 bighits.net

Removed hosts entry: 0.0.0.0 bigticker.bighits.net

Removed hosts entry: 0.0.0.0 bounty.bighits.net

Removed hosts entry: 0.0.0.0 www.bighits.net

Removed hosts entry: 0.0.0.0 download.bigwebportal.com

Removed hosts entry: 0.0.0.0 www.bigwebportal.com

Removed hosts entry: 0.0.0.0 counter.bizland.com

Removed hosts entry: 0.0.0.0 webads.bizservers.com

Removed hosts entry: 0.0.0.0 www.blacklogic.net

Removed hosts entry: 0.0.0.0 www.blazehits.net

Removed hosts entry: 0.0.0.0 cluster.blingblingcontent.com

Removed hosts entry: 0.0.0.0 gb.blingblingcontent.com

Removed hosts entry: 0.0.0.0 s7.blingblingcontent.com

Removed hosts entry: 0.0.0.0 weblog.blogads.com

Removed hosts entry: 0.0.0.0 images.blogads.com

Removed hosts entry: 0.0.0.0 images2.blogads.com

Removed hosts entry: 0.0.0.0 proxy.blogads.com

Removed hosts entry: 0.0.0.0 www.blogads.com

Removed hosts entry: 0.0.0.0 bookedspace.com

Removed hosts entry: 0.0.0.0 www.bookedspace.com

Removed hosts entry: 0.0.0.0 citi.bridgetrack.com

Removed hosts entry: 0.0.0.0 rccl.bridgetrack.com

Removed hosts entry: 0.0.0.0 www.browserplugin.com

Removed hosts entry: 0.0.0.0 install.browsertoolbar.com

Removed hosts entry: 0.0.0.0 www2.browsertoolbar.com

Removed hosts entry: 0.0.0.0 www.browsertoolbar.com

Removed hosts entry: 0.0.0.0 redemption.bullseye-media.net

Removed hosts entry: 0.0.0.0 users.bullseye-media.net

Removed hosts entry: 0.0.0.0 www.bullseye-media.net

Removed hosts entry: 0.0.0.0 www.buildtraffic.com

Removed hosts entry: 0.0.0.0 buy-traffic.net

Removed hosts entry: 0.0.0.0 www.cashventure.com

Removed hosts entry: 0.0.0.0 casino-on-net.com

Removed hosts entry: 0.0.0.0 java2.casino-on-net.com

Removed hosts entry: 0.0.0.0 www.casino-on-net.com

Removed hosts entry: 0.0.0.0 deliver.castads.com

Removed hosts entry: 0.0.0.0 images.castads.com

Removed hosts entry: 0.0.0.0 serve.castads.com

Removed hosts entry: 0.0.0.0 www.care2.com

Removed hosts entry: 0.0.0.0 ads.cars.com

Removed hosts entry: 0.0.0.0 ads.cdfreaks.com

Removed hosts entry: 0.0.0.0 cellaphone.net

Removed hosts entry: 0.0.0.0 www.celebritaspoglie.net

Removed hosts entry: 0.0.0.0 mds.centrport.net

Removed hosts entry: 0.0.0.0 www.cerials.net

Removed hosts entry: 0.0.0.0 abc.checkm8.com

Removed hosts entry: 0.0.0.0 web.checkm8.com

Removed hosts entry: 0.0.0.0 ad.cibleclick.com

Removed hosts entry: 0.0.0.0 www.cibleclick.com

Removed hosts entry: 0.0.0.0 classifieds1000.com

Removed hosts entry: 0.0.0.0 www.classifieds1000.com

Removed hosts entry: 0.0.0.0 clearfind.com

Removed hosts entry: 0.0.0.0 www.clearfind.com

Removed hosts entry: 0.0.0.0 ads.clickad.com

Removed hosts entry: 0.0.0.0 clickbank.net

Removed hosts entry: 0.0.0.0 hop.clickbank.net

Removed hosts entry: 0.0.0.0 zzz.clickbank.net

Removed hosts entry: 0.0.0.0 clickedyclick.com

Removed hosts entry: 0.0.0.0 click2boost.com

Removed hosts entry: 0.0.0.0 secure.click2boost.com

Removed hosts entry: 0.0.0.0 service.click2boost.com

Removed hosts entry: 0.0.0.0 www.click2boost.com

Removed hosts entry: 0.0.0.0 www.clicks2you.com

Removed hosts entry: 0.0.0.0 clicktracks.com

Removed hosts entry: 0.0.0.0 stats.clicktracks.com

Removed hosts entry: 0.0.0.0 stats1.clicktracks.com

Removed hosts entry: 0.0.0.0 www.clicktracks.com

Removed hosts entry: 0.0.0.0 www.is1.clixgalore.com

Removed hosts entry: 0.0.0.0 www.clixgalore.com

Removed hosts entry: 0.0.0.0 www2.click-fr.com

Removed hosts entry: 0.0.0.0 www3.click-fr.com

Removed hosts entry: 0.0.0.0 www4.click-fr.com

Removed hosts entry: 0.0.0.0 www.clickhouse.com

Removed hosts entry: 0.0.0.0 www.clicks4u.com

Removed hosts entry: 0.0.0.0 ad1.clickhype.com

Removed hosts entry: 0.0.0.0 cfg.clipgenie.com

Removed hosts entry: 0.0.0.0 download.clipgenie.com

Removed hosts entry: 0.0.0.0 dldw.clipgenie.com

Removed hosts entry: 0.0.0.0 ss.clipgenie.com

Removed hosts entry: 0.0.0.0 www.clipgenie.com

Removed hosts entry: 0.0.0.0 banner.clubdicecasino.com

Removed hosts entry: 0.0.0.0 www.cnstats.com

Removed hosts entry: 0.0.0.0 ads.cobrad.com

Removed hosts entry: 0.0.0.0 comclick.com

Removed hosts entry: 0.0.0.0 ct2.comclick.com

Removed hosts entry: 0.0.0.0 fl01.ct2.comclick.com

Removed hosts entry: 0.0.0.0 ihm01.ct2.comclick.com

Removed hosts entry: 0.0.0.0 www.comclick.com

Removed hosts entry: 0.0.0.0 aa.connextra.com

Removed hosts entry: 0.0.0.0 bb.connextra.com

Removed hosts entry: 0.0.0.0 cc.connextra.com

Removed hosts entry: 0.0.0.0 dd.connextra.com

Removed hosts entry: 0.0.0.0 ee.connextra.com

Removed hosts entry: 0.0.0.0 ff.connextra.com

Removed hosts entry: 0.0.0.0 data.connextra.com

Removed hosts entry: 0.0.0.0 consumeralertsystem.com

Removed hosts entry: 0.0.0.0 www.thecoolbar.com

Removed hosts entry: 0.0.0.0 ads.console.net

Removed hosts entry: 0.0.0.0 www.contextuads.com

Removed hosts entry: 0.0.0.0 tag.contextweb.com

Removed hosts entry: 0.0.0.0 www1.contextweb.com

Removed hosts entry: 0.0.0.0 www2.contextweb.com

Removed hosts entry: 0.0.0.0 www3.contextweb.com

Removed hosts entry: 0.0.0.0 www4.contextweb.com

Removed hosts entry: 0.0.0.0 www5.contextweb.com

Removed hosts entry: 0.0.0.0 www6.contextweb.com

Removed hosts entry: 0.0.0.0 www7.contextweb.com

Removed hosts entry: 0.0.0.0 www8.contextweb.com

Removed hosts entry: 0.0.0.0 coolshader.com

Removed hosts entry: 0.0.0.0 c.coolshader.com

Removed hosts entry: 0.0.0.0 www.coolshader.com

Removed hosts entry: 0.0.0.0 counted.com

Removed hosts entry: 0.0.0.0 bilbo.counted.com

Removed hosts entry: 0.0.0.0 www.counted.com

Removed hosts entry: 0.0.0.0 www.counter-gratis.com

Removed hosts entry: 0.0.0.0 www.counterguide.com

Removed hosts entry: 0.0.0.0 www.counting4free.com

Removed hosts entry: 0.0.0.0 connectionzone.com

Removed hosts entry: 0.0.0.0 count.casino-trade.com

Removed hosts entry: 0.0.0.0 www.couponsandoffers.com

Removed hosts entry: 0.0.0.0 data.coremetrics.com

Removed hosts entry: 0.0.0.0 test.coremetrics.com

Removed hosts entry: 0.0.0.0 twci.coremetrics.com

Removed hosts entry: 0.0.0.0 www.crispads.com

Removed hosts entry: 0.0.0.0 ads.crosswinds.net

Removed hosts entry: 0.0.0.0 megabyte.crosswinds.net

Removed hosts entry: 0.0.0.0 cyberbounty.com

Removed hosts entry: 0.0.0.0 js.cybermonitor.com

Removed hosts entry: 0.0.0.0 stat3.cybermonitor.com

Removed hosts entry: 0.0.0.0 cytron.com

Removed hosts entry: 0.0.0.0 www.cytron.com

Removed hosts entry: 0.0.0.0 ads.date.com

Removed hosts entry: 0.0.0.0 banner.date.com

Removed hosts entry: 0.0.0.0 au.track.decideinteractive.com

Removed hosts entry: 0.0.0.0 au.link.decideinteractive.com

Removed hosts entry: 0.0.0.0 eu.link.decideinteractive.com

Removed hosts entry: 0.0.0.0 link.decideinteractive.com

Removed hosts entry: 0.0.0.0 www.decideinteractive.com

Removed hosts entry: 0.0.0.0 www.deepcom.com

Removed hosts entry: 0.0.0.0 collector.deepmetrix.com

Removed hosts entry: 0.0.0.0 geo.deepmetrix.com

Removed hosts entry: 0.0.0.0 www.deepmetrix.com

Removed hosts entry: 0.0.0.0 delta2378493.com

Removed hosts entry: 0.0.0.0 track.did-it.com

Removed hosts entry: 0.0.0.0 didtheyreadit.com

Removed hosts entry: 0.0.0.0 www.didtheyreadit.com

Removed hosts entry: 0.0.0.0 diji-realm.net

Removed hosts entry: 0.0.0.0 comm1.digits.com

Removed hosts entry: 0.0.0.0 counter.digits.com

Removed hosts entry: 0.0.0.0 direct-ip.com

Removed hosts entry: 0.0.0.0 www.direct-ip.com

Removed hosts entry: 0.0.0.0 stats.directnic.com

Removed hosts entry: 0.0.0.0 www.divago.com

Removed hosts entry: 0.0.0.0 ad.dmpi.net

Removed hosts entry: 0.0.0.0 ad2.dmpi.net

Removed hosts entry: 0.0.0.0 ad3.dmpi.net

Removed hosts entry: 0.0.0.0 ad4.dmpi.net

Removed hosts entry: 0.0.0.0 ubnm.dmpi.net

Removed hosts entry: 0.0.0.0 www.dnscaching.net

Removed hosts entry: 0.0.0.0 www.donttrip.org

Removed hosts entry: 0.0.0.0 downloadalot.com

Removed hosts entry: 0.0.0.0 get.downloadalot.com

Removed hosts entry: 0.0.0.0 www.downloadalot.com

Removed hosts entry: 0.0.0.0 www.downseek.com

Removed hosts entry: 0.0.0.0 dqmedia.net

Removed hosts entry: 0.0.0.0 drmx01.net

Removed hosts entry: 0.0.0.0 ads.drugs.com

Removed hosts entry: 0.0.0.0 www.duenow.com

Removed hosts entry: 0.0.0.0 dumpserv.com

Removed hosts entry: 0.0.0.0 gfx.dvlabs.com

Removed hosts entry: 0.0.0.0 klipads.dvlabs.com

Removed hosts entry: 0.0.0.0 e2give.com

Removed hosts entry: 0.0.0.0 www.e2give.com

Removed hosts entry: 0.0.0.0 eaglehousing.com

Removed hosts entry: 0.0.0.0 www.eaglehousing.com

Removed hosts entry: 0.0.0.0 www.eastworldnetwork.com

Removed hosts entry: 0.0.0.0 www.easywebsearch.nl

Removed hosts entry: 0.0.0.0 www.e-bannerx.com

Removed hosts entry: 0.0.0.0 easyboxhosting.com

Removed hosts entry: 0.0.0.0 www.easycounter.com

Removed hosts entry: 0.0.0.0 banners.easydns.com

Removed hosts entry: 0.0.0.0 banner.easyspace.com

Removed hosts entry: 0.0.0.0 adserv1.ebates.com

Removed hosts entry: 0.0.0.0 www.ebates.com

Removed hosts entry: 0.0.0.0 www.ek21.com

Removed hosts entry: 0.0.0.0 epeople.com

Removed hosts entry: 0.0.0.0 errorpage404.com

Removed hosts entry: 0.0.0.0 www.errorpage404.com

Removed hosts entry: 0.0.0.0 vipuk.escritorioactivo.com

Removed hosts entry: 0.0.0.0 www.escorcher.com

Removed hosts entry: 0.0.0.0 www.eshopads2.com

Removed hosts entry: 0.0.0.0 estat.com

Removed hosts entry: 0.0.0.0 perso.estat.com

Removed hosts entry: 0.0.0.0 prof.estat.com

Removed hosts entry: 0.0.0.0 www.estat.com

Removed hosts entry: 0.0.0.0 eu-adcenter.net

Removed hosts entry: 0.0.0.0 thinknyc.eu-adcenter.net

Removed hosts entry: 0.0.0.0 ugo.eu-adcenter.net

Removed hosts entry: 0.0.0.0 euro-randomizer.com

Removed hosts entry: 0.0.0.0 engage.everyone.net

Removed hosts entry: 0.0.0.0 static.everyone.net

Removed hosts entry: 0.0.0.0 www.exchangead.com

Removed hosts entry: 0.0.0.0 exitexchange.com

Removed hosts entry: 0.0.0.0 count.exitexchange.com

Removed hosts entry: 0.0.0.0 images.exitexchange.com

Removed hosts entry: 0.0.0.0 www.exitexchange.com

Removed hosts entry: 0.0.0.0 www.exchangeexit.com

Removed hosts entry: 0.0.0.0 www.exittraffic.net

Removed hosts entry: 0.0.0.0 cdn.eyewonder.com

Removed hosts entry: 0.0.0.0 www.evidence-eliminator.com

Removed hosts entry: 0.0.0.0 www.eyeget.com

Removed hosts entry: 0.0.0.0 ezcybersearch.com

Removed hosts entry: 0.0.0.0 ads.ezcybersearch.com

Removed hosts entry: 0.0.0.0 ezcybersearch.mail.everyone.net

Removed hosts entry: 0.0.0.0 www.ezcybersearch.com

Removed hosts entry: 0.0.0.0 eziin.com

Removed hosts entry: 0.0.0.0 www.eziin.com

Removed hosts entry: 0.0.0.0 fast-web-search.com

Removed hosts entry: 0.0.0.0 www.fast-web-search.com

Removed hosts entry: 0.0.0.0 www.fast2net.com

Removed hosts entry: 0.0.0.0 www.fastfind.org

Removed hosts entry: 0.0.0.0 www.fceboard.com

Removed hosts entry: 0.0.0.0 www.fightpopups.net

Removed hosts entry: 0.0.0.0 filesharingaccess.com

Removed hosts entry: 0.0.0.0 adserver.filefront.com

Removed hosts entry: 0.0.0.0 www.filemix.net

Removed hosts entry: 0.0.0.0 www.fineclicks.com

Removed hosts entry: 0.0.0.0 firstname.com

Removed hosts entry: 0.0.0.0 clicks.firstname.com

Removed hosts entry: 0.0.0.0 www.fizzlewizzle.com

Removed hosts entry: 0.0.0.0 www.flyeagles.com

Removed hosts entry: 0.0.0.0 flyinads.com

Removed hosts entry: 0.0.0.0 www.flyinads.com

Removed hosts entry: 0.0.0.0 klipmart.forbes.com

Removed hosts entry: 0.0.0.0 www.ampira.com

Removed hosts entry: 0.0.0.0 ads.fortunecity.com

Removed hosts entry: 0.0.0.0 ads.v3.com

Removed hosts entry: 0.0.0.0 www2.fortunecity.com

Removed hosts entry: 0.0.0.0 www.freedom850.com

Removed hosts entry: 0.0.0.0 ad.freefind.com

Removed hosts entry: 0.0.0.0 www.freehistorycleaner.com

Removed hosts entry: 0.0.0.0 free-stats.com

Removed hosts entry: 0.0.0.0 counters.freewebs.com

Removed hosts entry: 0.0.0.0 www.freewebsites.com

Removed hosts entry: 0.0.0.0 www.free-windows-games.com

Removed hosts entry: 0.0.0.0 ads.gamespy.com

Removed hosts entry: 0.0.0.0 adcontent.gamespy.com

Removed hosts entry: 0.0.0.0 ads.gamespyid.com

Removed hosts entry: 0.0.0.0 ad1.gamezone.com

Removed hosts entry: 0.0.0.0 server.gamyun.net

Removed hosts entry: 0.0.0.0 www.gamyun.net

Removed hosts entry: 0.0.0.0 gd.geobytes.com

Removed hosts entry: 0.0.0.0 www.geowhere.net

Removed hosts entry: 0.0.0.0 www.getsmart.com

Removed hosts entry: 0.0.0.0 bp2.getredirect.com

Removed hosts entry: 0.0.0.0 4.getredirect.com

Removed hosts entry: 0.0.0.0 www.getredirect.com

Removed hosts entry: 0.0.0.0 getupdate.com

Removed hosts entry: 0.0.0.0 dlx.getupdate.com

Removed hosts entry: 0.0.0.0 www.getupdate.com

Removed hosts entry: 0.0.0.0 gigex.com

Removed hosts entry: 0.0.0.0 media.gigex.com

Removed hosts entry: 0.0.0.0 oascentral.gigex.com

Removed hosts entry: 0.0.0.0 www.gigex.com

Removed hosts entry: 0.0.0.0 globesearch.com

Removed hosts entry: 0.0.0.0 www.globesearch.com

Removed hosts entry: 0.0.0.0 banner.goldenpalace.com

Removed hosts entry: 0.0.0.0 goldstats.net

Removed hosts entry: 0.0.0.0 www.goldstats.net

Removed hosts entry: 0.0.0.0 www.goggle.com

Removed hosts entry: 0.0.0.0 goodcounter.com

Removed hosts entry: 0.0.0.0 www.goodcounter.com

Removed hosts entry: 0.0.0.0 adincl.gopher.com

Removed hosts entry: 0.0.0.0 ads.gorillanation.com

Removed hosts entry: 0.0.0.0 adserver.gorillanation.com

Removed hosts entry: 0.0.0.0 gostats.com

Removed hosts entry: 0.0.0.0 as.gostats.com

Removed hosts entry: 0.0.0.0 c1.gostats.com

Removed hosts entry: 0.0.0.0 c2.gostats.com

Removed hosts entry: 0.0.0.0 c3.gostats.com

Removed hosts entry: 0.0.0.0 greatstartpage.com

Removed hosts entry: 0.0.0.0 www.greatstartpage.com

Removed hosts entry: 0.0.0.0 grokster.com

Removed hosts entry: 0.0.0.0 dl.grokster.com

Removed hosts entry: 0.0.0.0 www.grokster.com

Removed hosts entry: 0.0.0.0 www.g-wizzads.net

Removed hosts entry: 0.0.0.0 hao3344.com

Removed hosts entry: 0.0.0.0 www.hao3344.com

Removed hosts entry: 0.0.0.0 ad0.haynet.com

Removed hosts entry: 0.0.0.0 ads.hitcents.com

Removed hosts entry: 0.0.0.0 hits-counter.com

Removed hosts entry: 0.0.0.0 hithopper.com

Removed hosts entry: 0.0.0.0 www.hithopper.com

Removed hosts entry: 0.0.0.0 www.hitlogger.com

Removed hosts entry: 0.0.0.0 hitmodel.net

Removed hosts entry: 0.0.0.0 hit-now.com

Removed hosts entry: 0.0.0.0 hit-parade.com

Removed hosts entry: 0.0.0.0 loga.hit-parade.com

Removed hosts entry: 0.0.0.0 hitstats.net

Removed hosts entry: 0.0.0.0 www.hiwire.com

Removed hosts entry: 0.0.0.0 ads.home.net

Removed hosts entry: 0.0.0.0 anna.homeftp.net

Removed hosts entry: 0.0.0.0 counters.honesty.com

Removed hosts entry: 0.0.0.0 horse-active.net

Removed hosts entry: 0.0.0.0 www.horse-active.net

Removed hosts entry: 0.0.0.0 horse-dns.net

Removed hosts entry: 0.0.0.0 horse-search.net

Removed hosts entry: 0.0.0.0 ad2.hotels.com

Removed hosts entry: 0.0.0.0 banners.hotlinks.net

Removed hosts entry: 0.0.0.0 horseserver.net

Removed hosts entry: 0.0.0.0 www.horseserver.net

Removed hosts entry: 0.0.0.0 hotsearch.com

Removed hosts entry: 0.0.0.0 www.hotsearch.com

Removed hosts entry: 0.0.0.0 vip.huigezi.com

Removed hosts entry: 0.0.0.0 hc2.humanclick.com

Removed hosts entry: 0.0.0.0 www.humanclick.com

Removed hosts entry: 0.0.0.0 custom1.hurricanedigitalmedia.com

Removed hosts entry: 0.0.0.0 custom3.hurricanedigitalmedia.com

Removed hosts entry: 0.0.0.0 www.hypertracker.com

Removed hosts entry: 0.0.0.0 ads.iafrica.com

Removed hosts entry: 0.0.0.0 ads.iboost.com

Removed hosts entry: 0.0.0.0 www.i-clicks.net

Removed hosts entry: 0.0.0.0 hits.icdirect.com

Removed hosts entry: 0.0.0.0 hitctr01.icdirect.com

Removed hosts entry: 0.0.0.0 idolch.net

Removed hosts entry: 0.0.0.0 image-catcher.com

Removed hosts entry: 0.0.0.0 bar.iebar8.com

Removed hosts entry: 0.0.0.0 stats.surfaid.ihost.com

Removed hosts entry: 0.0.0.0 www.impregnable.net

Removed hosts entry: 0.0.0.0 stats.indextools.com

Removed hosts entry: 0.0.0.0 adserver.indieclick.com

Removed hosts entry: 0.0.0.0 campaign.indieclick.com

Removed hosts entry: 0.0.0.0 adcenter.in2.com

Removed hosts entry: 0.0.0.0 ads.inet1.com

Removed hosts entry: 0.0.0.0 ads7.inet1.com

Removed hosts entry: 0.0.0.0 juggler.inetinteractive.com

Removed hosts entry: 0.0.0.0 rotator.juggler.inetinteractive.com

Removed hosts entry: 0.0.0.0 banners.inetfast.com

Removed hosts entry: 0.0.0.0 ads.infospace.com

Removed hosts entry: 0.0.0.0 bvads.infospace.com

Removed hosts entry: 0.0.0.0 xads.infospace.com

Removed hosts entry: 0.0.0.0 ads.injersey.com

Removed hosts entry: 0.0.0.0 ads.intellicast.com

Removed hosts entry: 0.0.0.0 ads.intelihealth.com

Removed hosts entry: 0.0.0.0 ads.intermezzia.com

Removed hosts entry: 0.0.0.0 indiads.com

Removed hosts entry: 0.0.0.0 images.indiads.com

Removed hosts entry: 0.0.0.0 infostart.com

Removed hosts entry: 0.0.0.0 popups.infostart.com

Removed hosts entry: 0.0.0.0 oc.inspectorclick.com

Removed hosts entry: 0.0.0.0 trax.inspectorclick.com

Removed hosts entry: 0.0.0.0 v2.inspectorclick.com

Removed hosts entry: 0.0.0.0 v3.inspectorclick.com

Removed hosts entry: 0.0.0.0 instadia.net

Removed hosts entry: 0.0.0.0 www.instadia.net

Removed hosts entry: 0.0.0.0 instantsearch.cc

Removed hosts entry: 0.0.0.0 www.instantsearch.cc

Removed hosts entry: 0.0.0.0 www.intelli-tracker.com

Removed hosts entry: 0.0.0.0 inqwire.com

Removed hosts entry: 0.0.0.0 ww2.inqwire.com

Removed hosts entry: 0.0.0.0 www.inqwire.com

Removed hosts entry: 0.0.0.0 ads.ipowerweb.com

Removed hosts entry: 0.0.0.0 www.ipstat.com

Removed hosts entry: 0.0.0.0 adzones.ircspy.com

Removed hosts entry: 0.0.0.0 adserver1.isohunt.com

Removed hosts entry: 0.0.0.0 ads.isoftmarketing.com

Removed hosts entry: 0.0.0.0 adcycle.isoftmarketing.com

Removed hosts entry: 0.0.0.0 www.itrafficstar.com

Removed hosts entry: 0.0.0.0 www.j4sb.com

Removed hosts entry: 0.0.0.0 www.jcount.com

Removed hosts entry: 0.0.0.0 www.jellycounter.com

Removed hosts entry: 0.0.0.0 jpedownload.joltid.com

Removed hosts entry: 0.0.0.0 www.joltid.com

Removed hosts entry: 0.0.0.0 www.joyiex.com

Removed hosts entry: 0.0.0.0 kt3.kliptracker.com

Removed hosts entry: 0.0.0.0 kt4.kliptracker.com

Removed hosts entry: 0.0.0.0 www.kliptracker.com

Removed hosts entry: 0.0.0.0 ads.kmpads.com

Removed hosts entry: 0.0.0.0 koolbar.net

Removed hosts entry: 0.0.0.0 www.koolbar.net

Removed hosts entry: 0.0.0.0 kutsap.com

Removed hosts entry: 0.0.0.0 ts1.lexmark.com

Removed hosts entry: 0.0.0.0 www.lineage0.com

Removed hosts entry: 0.0.0.0 linkbuddies.com

Removed hosts entry: 0.0.0.0 banners.linkbuddies.com

Removed hosts entry: 0.0.0.0 www.linkbuddies.com

Removed hosts entry: 0.0.0.0 www.linkcounter.com

Removed hosts entry: 0.0.0.0 link4link.com

Removed hosts entry: 0.0.0.0 plus.link4link.com

Removed hosts entry: 0.0.0.0 www.links4trade.com

Removed hosts entry: 0.0.0.0 escati.linkopp.net

Removed hosts entry: 0.0.0.0 www.linkopp.net

Removed hosts entry: 0.0.0.0 linkshelper.com

Removed hosts entry: 0.0.0.0 js.livehelper.com

Removed hosts entry: 0.0.0.0 newbrowse.livehelper.com

Removed hosts entry: 0.0.0.0 www.liveperson.com

Removed hosts entry: 0.0.0.0 liveperson.net

Removed hosts entry: 0.0.0.0 sales.liveperson.net

Removed hosts entry: 0.0.0.0 server.iad.liveperson.net

Removed hosts entry: 0.0.0.0 locators.com

Removed hosts entry: 0.0.0.0 toolbar.locators.com

Removed hosts entry: 0.0.0.0 www.locators.com

Removed hosts entry: 0.0.0.0 www.lookde5.com

Removed hosts entry: 0.0.0.0 jama.lovinghost.com

Removed hosts entry: 0.0.0.0 luckyhomepage.com

Removed hosts entry: 0.0.0.0 www.luckyhomepage.com

Removed hosts entry: 0.0.0.0 www.lvip.net

Removed hosts entry: 0.0.0.0 www.lyricspy.com

Removed hosts entry: 0.0.0.0 www.madoogali.com

Removed hosts entry: 0.0.0.0 go.mailbits.com

Removed hosts entry: 0.0.0.0 mair.net

Removed hosts entry: 0.0.0.0 we.malresearch.org

Removed hosts entry: 0.0.0.0 erotic.masterstats.com

Removed hosts entry: 0.0.0.0 image.masterstats.com

Removed hosts entry: 0.0.0.0 link.masterstats.com

Removed hosts entry: 0.0.0.0 vw.masterstats.com

Removed hosts entry: 0.0.0.0 ads.affiliates.match.com

Removed hosts entry: 0.0.0.0 associmage.match.com

Removed hosts entry: 0.0.0.0 adserver.matchcraft.com

Removed hosts entry: 0.0.0.0 ads.mcafee.com

Removed hosts entry: 0.0.0.0 directads.mcafee.com

Removed hosts entry: 0.0.0.0 ads.mdchoice.com

Removed hosts entry: 0.0.0.0 ads.mediaodyssey.com

Removed hosts entry: 0.0.0.0 acvs.mediaonenetwork.net

Removed hosts entry: 0.0.0.0 acvsrv.mediaonenetwork.net

Removed hosts entry: 0.0.0.0 ads.mediaturf.net

Removed hosts entry: 0.0.0.0 exit.megago.com

Removed hosts entry: 0.0.0.0 www.megago.com

Removed hosts entry: 0.0.0.0 www.megaseek.net

Removed hosts entry: 0.0.0.0 megatds.com

Removed hosts entry: 0.0.0.0 admintds.megatds.com

Removed hosts entry: 0.0.0.0 tds.megatds.com

Removed hosts entry: 0.0.0.0 www.megatds.com

Removed hosts entry: 0.0.0.0 pubs.mgn.net

Removed hosts entry: 0.0.0.0 ads.mgnetwork.com

Removed hosts entry: 0.0.0.0 media.mgnetwork.com

Removed hosts entry: 0.0.0.0 www.mgshareware.com

Removed hosts entry: 0.0.0.0 www.mini-player.com

Removed hosts entry: 0.0.0.0 banner.missingkids.com

Removed hosts entry: 0.0.0.0 ads.mixtraffic.com

Removed hosts entry: 0.0.0.0 smile.modchipstore.com

Removed hosts entry: 0.0.0.0 ads.monster.com

Removed hosts entry: 0.0.0.0 adserver.monster.com

Removed hosts entry: 0.0.0.0 adserver.a.in.monster.com

Removed hosts entry: 0.0.0.0 ads.monstermoving.com

Removed hosts entry: 0.0.0.0 cookie.monster.com

Removed hosts entry: 0.0.0.0 mp3today.net

Removed hosts entry: 0.0.0.0 www.mp3yes.com

Removed hosts entry: 0.0.0.0 mpamexit.com

Removed hosts entry: 0.0.0.0 www.messagetag.com

Removed hosts entry: 0.0.0.0 msgtag.com

Removed hosts entry: 0.0.0.0 img.msgtag.com

Removed hosts entry: 0.0.0.0 www.msgtag.com

Removed hosts entry: 0.0.0.0 msxpsupport.com

Removed hosts entry: 0.0.0.0 www.msxpsupport.com

Removed hosts entry: 0.0.0.0 www.musicmass.com

Removed hosts entry: 0.0.0.0 www.musicsonglyrics.com

Removed hosts entry: 0.0.0.0 mvtracker.com

Removed hosts entry: 0.0.0.0 www.mvtracker.com

Removed hosts entry: 0.0.0.0 mvr3d.net

Removed hosts entry: 0.0.0.0 www.myadtrack.com

Removed hosts entry: 0.0.0.0 www.myaffiliateprogram.com

Removed hosts entry: 0.0.0.0 www.myarmory.com

Removed hosts entry: 0.0.0.0 www.myemessenger.com

Removed hosts entry: 0.0.0.0 noe.myftp.biz

Removed hosts entry: 0.0.0.0 www.mylinker.net

Removed hosts entry: 0.0.0.0 rm.myoc.com

Removed hosts entry: 0.0.0.0 myhitlogger.com

Removed hosts entry: 0.0.0.0 liveupdate.myim.cn

Removed hosts entry: 0.0.0.0 mypagefinder.com

Removed hosts entry: 0.0.0.0 auxput.myvnc.com

Removed hosts entry: 0.0.0.0 hit.namimedia.com

Removed hosts entry: 0.0.0.0 ads.nandomedia.com

Removed hosts entry: 0.0.0.0 naupoint.com

Removed hosts entry: 0.0.0.0 feed.naupoint.com

Removed hosts entry: 0.0.0.0 hp.naupoint.com

Removed hosts entry: 0.0.0.0 www.naupoint.com

Removed hosts entry: 0.0.0.0 ads.neowin.net

Removed hosts entry: 0.0.0.0 code.netbreak.com.au

Removed hosts entry: 0.0.0.0 banners.netcraft.com

Removed hosts entry: 0.0.0.0 www.netflip.com

Removed hosts entry: 0.0.0.0 money2.netfirms.com

Removed hosts entry: 0.0.0.0 partner.netmechanic.com

Removed hosts entry: 0.0.0.0 tracker.netmechanic.com

Removed hosts entry: 0.0.0.0 counter.netmore.net

Removed hosts entry: 0.0.0.0 www.netpumper.com

Removed hosts entry: 0.0.0.0 servedby.netshelter.net

Removed hosts entry: 0.0.0.0 www.network-tool.net

Removed hosts entry: 0.0.0.0 www.newsh.com

Removed hosts entry: 0.0.0.0 adq.nextag.com

Removed hosts entry: 0.0.0.0 nowbox.com

Removed hosts entry: 0.0.0.0 www.nowbox.com

Removed hosts entry: 0.0.0.0 ns2.iad1.nssrv.com

Removed hosts entry: 0.0.0.0 nugget-sales.com

Removed hosts entry: 0.0.0.0 file.obalduyam.net

Removed hosts entry: 0.0.0.0 node2.ocslab.com

Removed hosts entry: 0.0.0.0 okcounter.com

Removed hosts entry: 0.0.0.0 www.okww.net

Removed hosts entry: 0.0.0.0 stat.onestat.com

Removed hosts entry: 0.0.0.0 www.onestat.com

Removed hosts entry: 0.0.0.0 www.oneandonlynetwork.com

Removed hosts entry: 0.0.0.0 www.onseo.com

Removed hosts entry: 0.0.0.0 server1.opentracker.net

Removed hosts entry: 0.0.0.0 ccc00.opinionlab.com

Removed hosts entry: 0.0.0.0 ccc01.opinionlab.com

Removed hosts entry: 0.0.0.0 rate.opinionlab.com

Removed hosts entry: 0.0.0.0 www.opinionlab.com

Removed hosts entry: 0.0.0.0 by.optimost.com

Removed hosts entry: 0.0.0.0 banner.orb.net

Removed hosts entry: 0.0.0.0 tg-images.osdn.com

Removed hosts entry: 0.0.0.0 otx5.otxresearch.com

Removed hosts entry: 0.0.0.0 otx.ifilm.com

Removed hosts entry: 0.0.0.0 survey.otxresearch.com

Removed hosts entry: 0.0.0.0 www.otxresearch.com

Removed hosts entry: 0.0.0.0 adpopper.outblaze.com

Removed hosts entry: 0.0.0.0 adp4.us4.outblaze.com

Removed hosts entry: 0.0.0.0 adserver.hk.outblaze.com

Removed hosts entry: 0.0.0.0 adserver.us.outblaze.com

Removed hosts entry: 0.0.0.0 download2.us4.outblaze.com

Removed hosts entry: 0.0.0.0 img1.us4.outblaze.com

Removed hosts entry: 0.0.0.0 www.overpeer.com

Removed hosts entry: 0.0.0.0 www.p3marketing.com

Removed hosts entry: 0.0.0.0 click.payserve.com

Removed hosts entry: 0.0.0.0 www.pc-test.net

Removed hosts entry: 0.0.0.0 ad1.peel.com

Removed hosts entry: 0.0.0.0 ad3.peel.com

Removed hosts entry: 0.0.0.0 ads.peel.com

Removed hosts entry: 0.0.0.0 ad4.peel.com

Removed hosts entry: 0.0.0.0 ads5.peel.com

Removed hosts entry: 0.0.0.0 freeps3.peel.com

Removed hosts entry: 0.0.0.0 www.peel.com

Removed hosts entry: 0.0.0.0 www.peel.net

Removed hosts entry: 0.0.0.0 ads.pennyweb.com

Removed hosts entry: 0.0.0.0 banners.pennyweb.com

Removed hosts entry: 0.0.0.0 www.peruvianmarket.com

Removed hosts entry: 0.0.0.0 phpadsnew.com

Removed hosts entry: 0.0.0.0 www.phpadsnew.com

Removed hosts entry: 0.0.0.0 ads2.playnet.com

Removed hosts entry: 0.0.0.0 adserver.pollstar.com

Removed hosts entry: 0.0.0.0 popfind.net

Removed hosts entry: 0.0.0.0 www.pops-stop.com

Removed hosts entry: 0.0.0.0 www.popupads.com

Removed hosts entry: 0.0.0.0 www.popupad.net

Removed hosts entry: 0.0.0.0 popupblockade.com

Removed hosts entry: 0.0.0.0 www.popupblockade.com

Removed hosts entry: 0.0.0.0 popupmoney.com

Removed hosts entry: 0.0.0.0 server01.popupmoney.com

Removed hosts entry: 0.0.0.0 www.popupmoney.com

Removed hosts entry: 0.0.0.0 popadstop.com

Removed hosts entry: 0.0.0.0 www.popadstop.com

Removed hosts entry: 0.0.0.0 www2.portdetective.com

Removed hosts entry: 0.0.0.0 www.ppctracking.net

Removed hosts entry: 0.0.0.0 www.praize.com

Removed hosts entry: 0.0.0.0 www.promarketingclub.com

Removed hosts entry: 0.0.0.0 www.prtracker.com

Removed hosts entry: 0.0.0.0 www.profitzone.com

Removed hosts entry: 0.0.0.0 ads.pro-market.net

Removed hosts entry: 0.0.0.0 www.prutect.com

Removed hosts entry: 0.0.0.0 www.protectedmedia.com

Removed hosts entry: 0.0.0.0 ad.sma.punto.net

Removed hosts entry: 0.0.0.0 sma.punto.net

Removed hosts entry: 0.0.0.0 www.pureseeker.com

Removed hosts entry: 0.0.0.0 www.pwallet.com

Removed hosts entry: 0.0.0.0 questionmarket.com

Removed hosts entry: 0.0.0.0 amch.questionmarket.com

Removed hosts entry: 0.0.0.0 ch.questionmarket.com

Removed hosts entry: 0.0.0.0 survey.questionmarket.com

Removed hosts entry: 0.0.0.0 www.questionmarket.com

Removed hosts entry: 0.0.0.0 download.quickflicks.com

Removed hosts entry: 0.0.0.0 quickmetasearch.com

Removed hosts entry: 0.0.0.0 www.qq886.com

Removed hosts entry: 0.0.0.0 counter.rapidcounter.com

Removed hosts entry: 0.0.0.0 www.rapidcounter.com

Removed hosts entry: 0.0.0.0 www.autoraskrutka.ru

Removed hosts entry: 0.0.0.0 www.realclicks.com

Removed hosts entry: 0.0.0.0 ads.rediff.com

Removed hosts entry: 0.0.0.0 visit.referralware.com

Removed hosts entry: 0.0.0.0 ads.register.com

Removed hosts entry: 0.0.0.0 www.registrarads.com

Removed hosts entry: 0.0.0.0 www.relmaxtop.com

Removed hosts entry: 0.0.0.0 adservice.recon-networks.com

Removed hosts entry: 0.0.0.0 dae.responsetarget.com

Removed hosts entry: 0.0.0.0 ads.revsci.net

Removed hosts entry: 0.0.0.0 js.revsci.net

Removed hosts entry: 0.0.0.0 pix01.revsci.net

Removed hosts entry: 0.0.0.0 rightstats.com

Removed hosts entry: 0.0.0.0 www.rightstats.com

Removed hosts entry: 0.0.0.0 m.rmbclick.com

Removed hosts entry: 0.0.0.0 hits.roitracker.com

Removed hosts entry: 0.0.0.0 ad.ro2cn.com

Removed hosts entry: 0.0.0.0 judo.salon.com

Removed hosts entry: 0.0.0.0 oas.salon.com

Removed hosts entry: 0.0.0.0 www.savehits.com

Removed hosts entry: 0.0.0.0 matchnet.st.sageanalyst.net

Removed hosts entry: 0.0.0.0 st.sageanalyst.net

Removed hosts entry: 0.0.0.0 pigmailer.scarryserv.biz

Removed hosts entry: 0.0.0.0 scorpionsearch.com

Removed hosts entry: 0.0.0.0 www.scorpionsearch.com

Removed hosts entry: 0.0.0.0 www.scratchindian.com

Removed hosts entry: 0.0.0.0 adsremote.scripps.com

Removed hosts entry: 0.0.0.0 te.scripps.com

Removed hosts entry: 0.0.0.0 counter.search.bg

Removed hosts entry: 0.0.0.0 searchalot.com

Removed hosts entry: 0.0.0.0 cards.searchalot.com

Removed hosts entry: 0.0.0.0 mail.searchalot.com

Removed hosts entry: 0.0.0.0 search.searchalot.com

Removed hosts entry: 0.0.0.0 web.searchalot.com

Removed hosts entry: 0.0.0.0 www.searchalot.com

Removed hosts entry: 0.0.0.0 searchandclick.com

Removed hosts entry: 0.0.0.0 search.searchandclick.com

Removed hosts entry: 0.0.0.0 www.searchandclick.com

Removed hosts entry: 0.0.0.0 www.searchgauge.com

Removed hosts entry: 0.0.0.0 searchitquick.com

Removed hosts entry: 0.0.0.0 tb.searchitquick.com

Removed hosts entry: 0.0.0.0 www.searchitquick.com

Removed hosts entry: 0.0.0.0 www.searchmachine.com

Removed hosts entry: 0.0.0.0 searchmaid.com

Removed hosts entry: 0.0.0.0 www.searchmaid.com

Removed hosts entry: 0.0.0.0 www.searchmagnifier.com

Removed hosts entry: 0.0.0.0 searchproject.net

Removed hosts entry: 0.0.0.0 www.searchrelevancy.com

Removed hosts entry: 0.0.0.0 www.searchresult.net

Removed hosts entry: 0.0.0.0 www.search-toolbar.com

Removed hosts entry: 0.0.0.0 home.searchwords.com

Removed hosts entry: 0.0.0.0 www.searchwords.com

Removed hosts entry: 0.0.0.0 browser.secondpower.com

Removed hosts entry: 0.0.0.0 download.secondpower.com

Removed hosts entry: 0.0.0.0 www1.secondpower.com

Removed hosts entry: 0.0.0.0 www3.secondpower.com

Removed hosts entry: 0.0.0.0 www.secondpower.com

Removed hosts entry: 0.0.0.0 adserver.securityfocus.com

Removed hosts entry: 0.0.0.0 www.selfsurveys.com

Removed hosts entry: 0.0.0.0 www.seehits.com

Removed hosts entry: 0.0.0.0 www.seekmp3.com

Removed hosts entry: 0.0.0.0 www.send-safe.com

Removed hosts entry: 0.0.0.0 track.sendtraffic.com

Removed hosts entry: 0.0.0.0 www.sendtraffic.com

Removed hosts entry: 0.0.0.0 sesso.com

Removed hosts entry: 0.0.0.0 www.sesso.com

Removed hosts entry: 0.0.0.0 simplenter.com

Removed hosts entry: 0.0.0.0 www.simplenter.com

Removed hosts entry: 0.0.0.0 www.simpletoolbar.com

Removed hosts entry: 0.0.0.0 sincooweb.com

Removed hosts entry: 0.0.0.0 quasar.sitegauge.com

Removed hosts entry: 0.0.0.0 tracker.sitescout.com

Removed hosts entry: 0.0.0.0 advertpro.sitepoint.com

Removed hosts entry: 0.0.0.0 www.sitestatslive.com

Removed hosts entry: 0.0.0.0 adserver.sharewareonline.com

Removed hosts entry: 0.0.0.0 www.shockcounter.com

Removed hosts entry: 0.0.0.0 skeech.com

Removed hosts entry: 0.0.0.0 www.skeech.com

Removed hosts entry: 0.0.0.0 smart-browser.com

Removed hosts entry: 0.0.0.0 update.smart-browser.com

Removed hosts entry: 0.0.0.0 www.smart-browser.com

Removed hosts entry: 0.0.0.0 smartclicks.net

Removed hosts entry: 0.0.0.0 www.smartclicks.net

Removed hosts entry: 0.0.0.0 smarter.com

Removed hosts entry: 0.0.0.0 sidebar.smarter.com

Removed hosts entry: 0.0.0.0 www.smarter.com

Removed hosts entry: 0.0.0.0 ads.smni.com

Removed hosts entry: 0.0.0.0 static.smni.com

Removed hosts entry: 0.0.0.0 adserver.softwareonline.com

Removed hosts entry: 0.0.0.0 www1.spaex.com

Removed hosts entry: 0.0.0.0 www.spedia.net

Removed hosts entry: 0.0.0.0 www.spyarsenal.com

Removed hosts entry: 0.0.0.0 www.spysniper.net

Removed hosts entry: 0.0.0.0 www.spymoon.com

Removed hosts entry: 0.0.0.0 spyware.com

Removed hosts entry: 0.0.0.0 ss999ss.com

Removed hosts entry: 0.0.0.0 www.ssppyy.com

Removed hosts entry: 0.0.0.0 www.s-tracking.com

Removed hosts entry: 0.0.0.0 ads.starpulse.com

Removed hosts entry: 0.0.0.0 adsintl.starwave.com

Removed hosts entry: 0.0.0.0 c1.statcounter.com

Removed hosts entry: 0.0.0.0 c2.statcounter.com

Removed hosts entry: 0.0.0.0 c3.statcounter.com

Removed hosts entry: 0.0.0.0 c4.statcounter.com

Removed hosts entry: 0.0.0.0 c5.statcounter.com

Removed hosts entry: 0.0.0.0 c6.statcounter.com

Removed hosts entry: 0.0.0.0 c7.statcounter.com

Removed hosts entry: 0.0.0.0 c8.statcounter.com

Removed hosts entry: 0.0.0.0 s2.statcounter.com

Removed hosts entry: 0.0.0.0 www.statcounter.com

Removed hosts entry: 0.0.0.0 www.statomatic.com

Removed hosts entry: 0.0.0.0 statistik-gallup.net

Removed hosts entry: 0.0.0.0 stats4you.com

Removed hosts entry: 0.0.0.0 reg.stats4all.com

Removed hosts entry: 0.0.0.0 www.stats4you.com

Removed hosts entry: 0.0.0.0 statswhere.com

Removed hosts entry: 0.0.0.0 www.stickypops.com

Removed hosts entry: 0.0.0.0 www.stone122.com

Removed hosts entry: 0.0.0.0 www2.stone122.com

Removed hosts entry: 0.0.0.0 www.stone199.com

Removed hosts entry: 0.0.0.0 www.superlogy.com

Removed hosts entry: 0.0.0.0 sqwire.com

Removed hosts entry: 0.0.0.0 www.sqwire.com

Removed hosts entry: 0.0.0.0 rd1.surfernetwork.com

Removed hosts entry: 0.0.0.0 www.surfernetwork.com

Removed hosts entry: 0.0.0.0 www2.surveyfocus.com

Removed hosts entry: 0.0.0.0 www.surveynetworks.com

Removed hosts entry: 0.0.0.0 www.surveysite.com

Removed hosts entry: 0.0.0.0 www2.survey-poll.com

Removed hosts entry: 0.0.0.0 www1.sweetbar.com

Removed hosts entry: 0.0.0.0 www.sweetbar.com

Removed hosts entry: 0.0.0.0 www.symantic.com

Removed hosts entry: 0.0.0.0 adpick.switchboard.com

Removed hosts entry: 0.0.0.0 www.szadk.com

Removed hosts entry: 0.0.0.0 an.tacoda.net

Removed hosts entry: 0.0.0.0 anad.tacoda.net

Removed hosts entry: 0.0.0.0 te.tacoda.net

Removed hosts entry: 0.0.0.0 ads.tagword.com

Removed hosts entry: 0.0.0.0 ad.uk.tangozebra.com

Removed hosts entry: 0.0.0.0 srs.targetpoint.com

Removed hosts entry: 0.0.0.0 www.tenmonkey.com

Removed hosts entry: 0.0.0.0 www.textads.biz

Removed hosts entry: 0.0.0.0 theaffiliateprogram.com

Removed hosts entry: 0.0.0.0 adbot.theonion.com

Removed hosts entry: 0.0.0.0 oascentral.theonionavclub.com

Removed hosts entry: 0.0.0.0 www.thepokerclub.com

Removed hosts entry: 0.0.0.0 tnc4u.com

Removed hosts entry: 0.0.0.0 new.tnc4u.com

Removed hosts entry: 0.0.0.0 www.tnc4u.com

Removed hosts entry: 0.0.0.0 www.toilet.com

Removed hosts entry: 0.0.0.0 ad.tomshardware.com

Removed hosts entry: 0.0.0.0 tool4ame.com

Removed hosts entry: 0.0.0.0 www.toolshack.com

Removed hosts entry: 0.0.0.0 www.top-search.com

Removed hosts entry: 0.0.0.0 ad.topstat.com

Removed hosts entry: 0.0.0.0 nl.topstat.com

Removed hosts entry: 0.0.0.0 s26.topstat.com

Removed hosts entry: 0.0.0.0 xl.topstat.com

Removed hosts entry: 0.0.0.0 banners.toteme.com

Removed hosts entry: 0.0.0.0 cachebanners.toteme.com

Removed hosts entry: 0.0.0.0 ads.track-star.com

Removed hosts entry: 0.0.0.0 adserver.track-star.com

Removed hosts entry: 0.0.0.0 geo2.track-star.com

Removed hosts entry: 0.0.0.0 www.track-star.com

Removed hosts entry: 0.0.0.0 www.traffic-stock.com

Removed hosts entry: 0.0.0.0 tradeexit.com

Removed hosts entry: 0.0.0.0 www.tradeexit.com

Removed hosts entry: 0.0.0.0 ads.traderonline.com

Removed hosts entry: 0.0.0.0 trafficg.com

Removed hosts entry: 0.0.0.0 www.trafficg.com

Removed hosts entry: 0.0.0.0 www.trafficflame.com

Removed hosts entry: 0.0.0.0 trafficfile.com

Removed hosts entry: 0.0.0.0 www.trafficfile.com

Removed hosts entry: 0.0.0.0 trackyourstats.com

Removed hosts entry: 0.0.0.0 hit.traxdb.net

Removed hosts entry: 0.0.0.0 media.travelzoo.com

Removed hosts entry: 0.0.0.0 media2.travelzoo.com

Removed hosts entry: 0.0.0.0 troyanov.net

Removed hosts entry: 0.0.0.0 www.troyanov.net

Removed hosts entry: 0.0.0.0 tribalfusion.com

Removed hosts entry: 0.0.0.0 a.tribalfusion.com

Removed hosts entry: 0.0.0.0 cdn1.tribalfusion.com

Removed hosts entry: 0.0.0.0 cdn3.tribalfusion.com

Removed hosts entry: 0.0.0.0 cdn4.tribalfusion.com

Removed hosts entry: 0.0.0.0 cdn5.tribalfusion.com

Removed hosts entry: 0.0.0.0 m.tribalfusion.com

Removed hosts entry: 0.0.0.0 www.tribalfusion.com

Removed hosts entry: 0.0.0.0 www.trusttoolbar.com

Removed hosts entry: 0.0.0.0 counts.tucows.com

Removed hosts entry: 0.0.0.0 google.tucows.com

Removed hosts entry: 0.0.0.0 www.turbomemorycharger.com

Removed hosts entry: 0.0.0.0 ads.ucomics.com

Removed hosts entry: 0.0.0.0 image.ugo.com

Removed hosts entry: 0.0.0.0 mediamgr.ugo.com

Removed hosts entry: 0.0.0.0 www.ukbanners.com

Removed hosts entry: 0.0.0.0 ukstories.net

Removed hosts entry: 0.0.0.0 ultimatecounter.com

Removed hosts entry: 0.0.0.0 www.ultimatecounter.com

Removed hosts entry: 0.0.0.0 adcontroller.unicast.com

Removed hosts entry: 0.0.0.0 ads.unlimitedbanners.com

Removed hosts entry: 0.0.0.0 ads1.updated.com

Removed hosts entry: 0.0.0.0 www.updatenow.org

Removed hosts entry: 0.0.0.0 www.upgradenow.org

Removed hosts entry: 0.0.0.0 www.up-the-creek.com

Removed hosts entry: 0.0.0.0 www.upspiral.com

Removed hosts entry: 0.0.0.0 usachoice.net

Removed hosts entry: 0.0.0.0 ushuistov.net

Removed hosts entry: 0.0.0.0 beacon.valeoip.com

Removed hosts entry: 0.0.0.0 counters.vendio.com

Removed hosts entry: 0.0.0.0 www.verticlick.com

Removed hosts entry: 0.0.0.0 image.versiontracker.com

Removed hosts entry: 0.0.0.0 spinbox.versiontracker.com

Removed hosts entry: 0.0.0.0 ads.vesperexchange.com

Removed hosts entry: 0.0.0.0 www.vesperexchange.com

Removed hosts entry: 0.0.0.0 cinnam.vibrahost.com

Removed hosts entry: 0.0.0.0 vivi.vibrahost.com

Removed hosts entry: 0.0.0.0 oas.villagevoice.com

Removed hosts entry: 0.0.0.0 stat1.vipstat.com

Removed hosts entry: 0.0.0.0 banners.vipprofits.com

Removed hosts entry: 0.0.0.0 visit-link.com

Removed hosts entry: 0.0.0.0 vnp7s.net

Removed hosts entry: 0.0.0.0 www.voonda.com

Removed hosts entry: 0.0.0.0 www.vstats.net

Removed hosts entry: 0.0.0.0 ads.vnuemedia.com

Removed hosts entry: 0.0.0.0 vxiframe.biz

Removed hosts entry: 0.0.0.0 www.vxiframe.biz

Removed hosts entry: 0.0.0.0 sevenc.vze.com

Removed hosts entry: 0.0.0.0 www.w3exit.com

Removed hosts entry: 0.0.0.0 www.warezdownload.ws

Removed hosts entry: 0.0.0.0 ng3.ads.warnerbros.com

Removed hosts entry: 0.0.0.0 way4find.com

Removed hosts entry: 0.0.0.0 www.way4find.com

Removed hosts entry: 0.0.0.0 wcft.net

Removed hosts entry: 0.0.0.0 www.wcft.net

Removed hosts entry: 0.0.0.0 ads.weather.com

Removed hosts entry: 0.0.0.0 ads.webattack.com

Removed hosts entry: 0.0.0.0 webcounter.com

Removed hosts entry: 0.0.0.0 www.webcounter.com

Removed hosts entry: 0.0.0.0 banners.webmasterplan.com

Removed hosts entry: 0.0.0.0 adv.webmd.com

Removed hosts entry: 0.0.0.0 bannervip.web1000.com

Removed hosts entry: 0.0.0.0 ads.webads360.com

Removed hosts entry: 0.0.0.0 clickcash.webpower.com

Removed hosts entry: 0.0.0.0 orders.webpower.com

Removed hosts entry: 0.0.0.0 img.webring.com

Removed hosts entry: 0.0.0.0 img1.webring.com

Removed hosts entry: 0.0.0.0 web-save.net

Removed hosts entry: 0.0.0.0 ads.webshots.com

Removed hosts entry: 0.0.0.0 www.webstars2000.com

Removed hosts entry: 0.0.0.0 www.webstat.net

Removed hosts entry: 0.0.0.0 weirdontheweb.net

Removed hosts entry: 0.0.0.0 www.weirdontheweb.net

Removed hosts entry: 0.0.0.0 www.wenksdisdkjeilsow.com

Removed hosts entry: 0.0.0.0 www.wgutv.com

Removed hosts entry: 0.0.0.0 partner1.whatsfind.com

Removed hosts entry: 0.0.0.0 www.whatsfind.com

Removed hosts entry: 0.0.0.0 y0.windows-center.com

Removed hosts entry: 0.0.0.0 www.win-update.net

Removed hosts entry: 0.0.0.0 window1.com

Removed hosts entry: 0.0.0.0 ads.winhelp2002.com

Removed hosts entry: 0.0.0.0 ads.winsite.com

Removed hosts entry: 0.0.0.0 winstream.com

Removed hosts entry: 0.0.0.0 www.winstream.com

Removed hosts entry: 0.0.0.0 clicktrack.wnu.com

Removed hosts entry: 0.0.0.0 www.wowweb.net

Removed hosts entry: 0.0.0.0 www.wslm.net

Removed hosts entry: 0.0.0.0 x0x.biz

Removed hosts entry: 0.0.0.0 www.x0x.biz

Removed hosts entry: 0.0.0.0 xcounters.com

Removed hosts entry: 0.0.0.0 a.xcounters.com

Removed hosts entry: 0.0.0.0 count.xhit.com

Removed hosts entry: 0.0.0.0 xlonhcld.xlontech.net

Removed hosts entry: 0.0.0.0 hit1.xstats.com

Removed hosts entry: 0.0.0.0 view1.xstats.com

Removed hosts entry: 0.0.0.0 freegames.yaboo.dk

Removed hosts entry: 0.0.0.0 crsky2004.yeah.net

Removed hosts entry: 0.0.0.0 ysearchus.com

Removed hosts entry: 0.0.0.0 www.ysearchus.com

Removed hosts entry: 0.0.0.0 www.yuups.com

Removed hosts entry: 0.0.0.0 www.yyue.com

Removed hosts entry: 0.0.0.0 ad.zanox.com

Removed hosts entry: 0.0.0.0 www.zenotecnico.com

Removed hosts entry: 0.0.0.0 mp3.zonebg.com

Removed hosts entry: 0.0.0.0 ads.zone-media.com

Removed hosts entry: 0.0.0.0 ayb.zone-media.com

Removed hosts entry: 0.0.0.0 www.zone-media.com

Removed hosts entry: 0.0.0.0 bannerads.zwire.com

Removed hosts entry: 0.0.0.0 zxserv0.com

Removed hosts entry: 0.0.0.0 0cat.com

Removed hosts entry: 0.0.0.0 www.0cat.com

Removed hosts entry: 0.0.0.0 www.0stats.com

Removed hosts entry: 0.0.0.0 cc.1asphost.com

Removed hosts entry: 0.0.0.0 123mania.com

Removed hosts entry: 0.0.0.0 www.123mania.com

Removed hosts entry: 0.0.0.0 123stat.com

Removed hosts entry: 0.0.0.0 ad2.163.com

Removed hosts entry: 0.0.0.0 adclient.163.com

Removed hosts entry: 0.0.0.0 images.163.com

Removed hosts entry: 0.0.0.0 popme.163.com

Removed hosts entry: 0.0.0.0 smtp.163.com

Removed hosts entry: 0.0.0.0 1234.2bro.com

Removed hosts entry: 0.0.0.0 www.241hits.com

Removed hosts entry: 0.0.0.0 up.isp.2ch.net

Removed hosts entry: 0.0.0.0 pop1.2z0o.net

Removed hosts entry: 0.0.0.0 www.3d-icons.com

Removed hosts entry: 0.0.0.0 www.3241.com

Removed hosts entry: 0.0.0.0 guannan.3322.net

Removed hosts entry: 0.0.0.0 download.35mb.com

Removed hosts entry: 0.0.0.0 static.35mb.com

Removed hosts entry: 0.0.0.0 www.35mb.com

Removed hosts entry: 0.0.0.0 ct.360i.com

Removed hosts entry: 0.0.0.0 ad.37.com

Removed hosts entry: 0.0.0.0 www.40best.com

Removed hosts entry: 0.0.0.0 41m.com

Removed hosts entry: 0.0.0.0 cshacks.41m.com

Removed hosts entry: 0.0.0.0 msncheck.41m.com

Removed hosts entry: 0.0.0.0 www.41m.com

Removed hosts entry: 0.0.0.0 5sec.biz

Removed hosts entry: 0.0.0.0 5sec.org

Removed hosts entry: 0.0.0.0 10000hits.net

Removed hosts entry: 0.0.0.0 7am.com

Removed hosts entry: 0.0.0.0 www.777search.com

Removed hosts entry: 0.0.0.0 www.7000n.com

Removed hosts entry: 0.0.0.0 ajim.delphibbs.com

Removed hosts entry: 0.0.0.0 banners.4d5.net

Removed hosts entry: 0.0.0.0 banner.50megs.com

Removed hosts entry: 0.0.0.0 www.53best.com

Removed hosts entry: 0.0.0.0 www.9ringtone.com

Removed hosts entry: 0.0.0.0 www.123banners.com

Removed hosts entry: 0.0.0.0 ftp.123banners.com

Removed hosts entry: 0.0.0.0 123go.com

Removed hosts entry: 0.0.0.0 ns1.123go.net

Removed hosts entry: 0.0.0.0 n-case.com

Removed hosts entry: 0.0.0.0 www.n-case.com

Removed hosts entry: 0.0.0.0 ads.180solutions.com

Removed hosts entry: 0.0.0.0 ax.180solutions.com

Removed hosts entry: 0.0.0.0 bis.180solutions.com

Removed hosts entry: 0.0.0.0 bisads.180solutions.com

Removed hosts entry: 0.0.0.0 config.180solutions.com

Removed hosts entry: 0.0.0.0 cts.180solutions.com

Removed hosts entry: 0.0.0.0 downloads.180solutions.com

Removed hosts entry: 0.0.0.0 installs.180solutions.com

Removed hosts entry: 0.0.0.0 ping.180solutions.com

Removed hosts entry: 0.0.0.0 test-downloads.180solutions.com

Removed hosts entry: 0.0.0.0 tv.180solutions.com

Removed hosts entry: 0.0.0.0 www.180solutions.com

Removed hosts entry: 0.0.0.0 infinity.180searchassistant.com

Removed hosts entry: 0.0.0.0 www.180searchassistant.com

Removed hosts entry: 0.0.0.0 www.metricsdirect.com

Removed hosts entry: 0.0.0.0 downloads.zango.com

Removed hosts entry: 0.0.0.0 games.zango.com

Removed hosts entry: 0.0.0.0 infinity.zango.com

Removed hosts entry: 0.0.0.0 lp.zango.com

Removed hosts entry: 0.0.0.0 messenger.zango.com

Removed hosts entry: 0.0.0.0 showtimes.zango.com

Removed hosts entry: 0.0.0.0 www.zango.com

Removed hosts entry: 0.0.0.0 www.zangomessenger.com

Removed hosts entry: 0.0.0.0 www.zangoshowtimes.com

Removed hosts entry: 0.0.0.0 address.3721.com

Removed hosts entry: 0.0.0.0 agent.3721.com

Removed hosts entry: 0.0.0.0 assistant.3721.com

Removed hosts entry: 0.0.0.0 cns.3721.com

Removed hosts entry: 0.0.0.0 cnsmin.3721.com

Removed hosts entry: 0.0.0.0 corp.3721.com

Removed hosts entry: 0.0.0.0 dir.3721.com

Removed hosts entry: 0.0.0.0 download.3721.com

Removed hosts entry: 0.0.0.0 express.3721.com

Removed hosts entry: 0.0.0.0 img.3721.com

Removed hosts entry: 0.0.0.0 magic.3721.com

Removed hosts entry: 0.0.0.0 mark.3721.com

Removed hosts entry: 0.0.0.0 meta.3721.com

Removed hosts entry: 0.0.0.0 msearch.3721.com

Removed hosts entry: 0.0.0.0 sbox.3721.com

Removed hosts entry: 0.0.0.0 shanghai.3721.com

Removed hosts entry: 0.0.0.0 sina.3721.com

Removed hosts entry: 0.0.0.0 user.3721.com

Removed hosts entry: 0.0.0.0 wap.3721.com

Removed hosts entry: 0.0.0.0 www.3721.com

Removed hosts entry: 0.0.0.0 yahoo.3721.com

Removed hosts entry: 0.0.0.0 3721.com

Removed hosts entry: 0.0.0.0 download.feiyang.com

Removed hosts entry: 0.0.0.0 adtracker.411web.com

Removed hosts entry: 0.0.0.0 hits.411web.com

Removed hosts entry: 0.0.0.0 overture.411web.com

Removed hosts entry: 0.0.0.0 static.411web.com

Removed hosts entry: 0.0.0.0 xml.411web.com

Removed hosts entry: 0.0.0.0 search.letssearch.com

Removed hosts entry: 0.0.0.0 search2.letssearch.com

Removed hosts entry: 0.0.0.0 www.letssearch.com

Removed hosts entry: 0.0.0.0 sidebysidesearch.com

Removed hosts entry: 0.0.0.0 go.sidebysidesearch.com

Removed hosts entry: 0.0.0.0 www.sidebysidesearch.com

Removed hosts entry: 0.0.0.0 7search.com

Removed hosts entry: 0.0.0.0 fstrack.7search.com

Removed hosts entry: 0.0.0.0 ia1.7search.com

Removed hosts entry: 0.0.0.0 mainws2.7search.com

Removed hosts entry: 0.0.0.0 meta.7search.com

Removed hosts entry: 0.0.0.0 impression.7search.com

Removed hosts entry: 0.0.0.0 www.7search.com

Removed hosts entry: 0.0.0.0 img.7meta.com

Removed hosts entry: 0.0.0.0 www.7metasearch.com

Removed hosts entry: 0.0.0.0 www.a1fax.com

Removed hosts entry: 0.0.0.0 adtactics.com

Removed hosts entry: 0.0.0.0 bannerx.adtactics.com

Removed hosts entry: 0.0.0.0 www.adtactics.com

Removed hosts entry: 0.0.0.0 advertisingagent.com

Removed hosts entry: 0.0.0.0 ajokeaday.com

Removed hosts entry: 0.0.0.0 bestsearch.com

Removed hosts entry: 0.0.0.0 scripts.bestsearch.com

Removed hosts entry: 0.0.0.0 www.bestsearch.com

Removed hosts entry: 0.0.0.0 browseraccelerator.com

Removed hosts entry: 0.0.0.0 data.browseraccelerator.com

Removed hosts entry: 0.0.0.0 download.browseraccelerator.com

Removed hosts entry: 0.0.0.0 client.browseraccelerator.com

Removed hosts entry: 0.0.0.0 www.browseraccelerator.com

Removed hosts entry: 0.0.0.0 www.buscamundo.com

Removed hosts entry: 0.0.0.0 bannersxchange.com

Removed hosts entry: 0.0.0.0 img.bannersxchange.com

Removed hosts entry: 0.0.0.0 www.bannersxchange.com

Removed hosts entry: 0.0.0.0 internetsecurity.com

Removed hosts entry: 0.0.0.0 www.internetsecurity.com

Removed hosts entry: 0.0.0.0 www.linkstoyou.com

Removed hosts entry: 0.0.0.0 www.payperranking.com

Removed hosts entry: 0.0.0.0 www.pay-per-search.com

Removed hosts entry: 0.0.0.0 paypertext.com

Removed hosts entry: 0.0.0.0 predictivesearch.com

Removed hosts entry: 0.0.0.0 seal.ranking.com

Removed hosts entry: 0.0.0.0 www.ranking.com

Removed hosts entry: 0.0.0.0 tracking.roispy.com

Removed hosts entry: 0.0.0.0 www.roispy.com

Removed hosts entry: 0.0.0.0 ftp.sevenmetasearch.com

Removed hosts entry: 0.0.0.0 www.sevenmetasearch.com

Removed hosts entry: 0.0.0.0 tracking.spiderbait.com

Removed hosts entry: 0.0.0.0 www.spiderbait.com

Removed hosts entry: 0.0.0.0 www.textadvertising.com

Removed hosts entry: 0.0.0.0 www.thetop10.com

Removed hosts entry: 0.0.0.0 trustgauge.com

Removed hosts entry: 0.0.0.0 www.trustgauge.com

Removed hosts entry: 0.0.0.0 seal.validatedsite.com

Removed hosts entry: 0.0.0.0 www.validatedsite.com

Removed hosts entry: 0.0.0.0 www.watch24.com

Removed hosts entry: 0.0.0.0 clicks.about.com

Removed hosts entry: 0.0.0.0 f.about.com

Removed hosts entry: 0.0.0.0 home.about.com

Removed hosts entry: 0.0.0.0 js.get.about.com

Removed hosts entry: 0.0.0.0 images.about.com

Removed hosts entry: 0.0.0.0 lunafetch.about.com

Removed hosts entry: 0.0.0.0 pixel3.about.com

Removed hosts entry: 0.0.0.0 sprinks-clicks.about.com

Removed hosts entry: 0.0.0.0 statistics.s5.com

Removed hosts entry: 0.0.0.0 ad.aboutwebservices.com

Removed hosts entry: 0.0.0.0 button.clickability.com

Removed hosts entry: 0.0.0.0 sftp.clickability.com

Removed hosts entry: 0.0.0.0 stats.clickability.com

Removed hosts entry: 0.0.0.0 ad101com.adbureau.net

Removed hosts entry: 0.0.0.0 adops.adbureau.net

Removed hosts entry: 0.0.0.0 bbcww.adbureau.net

Removed hosts entry: 0.0.0.0 capitali-images.adbureau.net

Removed hosts entry: 0.0.0.0 cent.adbureau.net

Removed hosts entry: 0.0.0.0 etype.adbureau.net

Removed hosts entry: 0.0.0.0 etype-images.adbureau.net

Removed hosts entry: 0.0.0.0 granada.adbureau.net

Removed hosts entry: 0.0.0.0 imediac.adbureau.net

Removed hosts entry: 0.0.0.0 studenti.adbureau.net

Removed hosts entry: 0.0.0.0 ttarget.adbureau.net

Removed hosts entry: 0.0.0.0 www.adbureau.net

Removed hosts entry: 0.0.0.0 www.acez.com

Removed hosts entry: 0.0.0.0 www.acezsoftware.com

Removed hosts entry: 0.0.0.0 www.searchnugget.com

Removed hosts entry: 0.0.0.0 www.screengizmos.com

Removed hosts entry: 0.0.0.0 ad-blaster.com

Removed hosts entry: 0.0.0.0 www.ad-blaster.com

Removed hosts entry: 0.0.0.0 promote4profit.com

Removed hosts entry: 0.0.0.0 www.promote4profit.com

Removed hosts entry: 0.0.0.0 www.3dstats.com

Removed hosts entry: 0.0.0.0 addfreestats.com

Removed hosts entry: 0.0.0.0 top.addfreestats.com

Removed hosts entry: 0.0.0.0 www.addfreestats.com

Removed hosts entry: 0.0.0.0 www1.addfreestats.com

Removed hosts entry: 0.0.0.0 www2.addfreestats.com

Removed hosts entry: 0.0.0.0 www3.addfreestats.com

Removed hosts entry: 0.0.0.0 www4.addfreestats.com

Removed hosts entry: 0.0.0.0 www5.addfreestats.com

Removed hosts entry: 0.0.0.0 ncontext.adacuity.com

Removed hosts entry: 0.0.0.0 www.adacuity.com

Removed hosts entry: 0.0.0.0 adlogix.com

Removed hosts entry: 0.0.0.0 lasagne.adlogix.com

Removed hosts entry: 0.0.0.0 publisher.adlogix.com

Removed hosts entry: 0.0.0.0 traffic.adlogix.com

Removed hosts entry: 0.0.0.0 trafficsource.adlogix.com

Removed hosts entry: 0.0.0.0 www.adlogix.com

Removed hosts entry: 0.0.0.0 www.creatrixads.com

Removed hosts entry: 0.0.0.0 hitgo.com

Removed hosts entry: 0.0.0.0 www.hitgo.com

Removed hosts entry: 0.0.0.0 ncontextmedia.com

Removed hosts entry: 0.0.0.0 www.ncontextmedia.com

Removed hosts entry: 0.0.0.0 www.ncontextsearch.com

Removed hosts entry: 0.0.0.0 neededware.com

Removed hosts entry: 0.0.0.0 www.neededware.com

Removed hosts entry: 0.0.0.0 www.tinkopal.com

Removed hosts entry: 0.0.0.0 tinko-pal.com

Removed hosts entry: 0.0.0.0 www.tinkopal.net

Removed hosts entry: 0.0.0.0 r2.trafficserverstats.com

Removed hosts entry: 0.0.0.0 r5.trafficserverstats.com

Removed hosts entry: 0.0.0.0 r10.trafficserverstats.com

Removed hosts entry: 0.0.0.0 r18.trafficserverstats.com

Removed hosts entry: 0.0.0.0 r25.trafficserverstats.com

Removed hosts entry: 0.0.0.0 webengo.com

Removed hosts entry: 0.0.0.0 ads.adorigin.com

Removed hosts entry: 0.0.0.0 dev.adorigin.com

Removed hosts entry: 0.0.0.0 www.adorigin.com

Removed hosts entry: 0.0.0.0 blowsearch.com

Removed hosts entry: 0.0.0.0 msxml.blowsearch.com

Removed hosts entry: 0.0.0.0 web.blowsearch.com

Removed hosts entry: 0.0.0.0 www.blowsearch.com

Removed hosts entry: 0.0.0.0 www.1-viagra-on-line.com

Removed hosts entry: 0.0.0.0 www.all-casinos.org

Removed hosts entry: 0.0.0.0 www.all-lyrics.org

Removed hosts entry: 0.0.0.0 www.best-poker.biz

Removed hosts entry: 0.0.0.0 www.chenjesu.com

Removed hosts entry: 0.0.0.0 halflemon.com

Removed hosts entry: 0.0.0.0 www.halflemon.com

Removed hosts entry: 0.0.0.0 www.spycounter.net

Removed hosts entry: 0.0.0.0 www-start-page.com

Removed hosts entry: 0.0.0.0 www.www-start-page.com

Removed hosts entry: 0.0.0.0 www.start-page.net

Removed hosts entry: 0.0.0.0 www.start-page.org

Removed hosts entry: 0.0.0.0 the-roulette.net

Removed hosts entry: 0.0.0.0 www.usa-phendimetrazine.com

Removed hosts entry: 0.0.0.0 www.ad-souk.com

Removed hosts entry: 0.0.0.0 bilbob.com

Removed hosts entry: 0.0.0.0 didtal.com

Removed hosts entry: 0.0.0.0 quinst.com

Removed hosts entry: 0.0.0.0 cb.adprofile.net

Removed hosts entry: 0.0.0.0 content.adprofile.net

Removed hosts entry: 0.0.0.0 tx.adprofile.net

Removed hosts entry: 0.0.0.0 w2-ver.adprofile.net

Removed hosts entry: 0.0.0.0 adteractive.com

Removed hosts entry: 0.0.0.0 www.adteractive.com

Removed hosts entry: 0.0.0.0 icc.intellisrv.net

Removed hosts entry: 0.0.0.0 adtegrity.com

Removed hosts entry: 0.0.0.0 www.adtegrity.com

Removed hosts entry: 0.0.0.0 webalize.com

Removed hosts entry: 0.0.0.0 toolbar.webalize.com

Removed hosts entry: 0.0.0.0 www.webalize.com

Removed hosts entry: 0.0.0.0 webalize.net

Removed hosts entry: 0.0.0.0 www.webalize.net

Removed hosts entry: 0.0.0.0 webalize.mygeek.com

Removed hosts entry: 0.0.0.0 ads.adtomi.com

Removed hosts entry: 0.0.0.0 www.adtomi.com

Removed hosts entry: 0.0.0.0 aidintime.com

Removed hosts entry: 0.0.0.0 www.aidintime.com

Removed hosts entry: 0.0.0.0 www.bascowater.com

Removed hosts entry: 0.0.0.0 bianka.cafreedom.com

Removed hosts entry: 0.0.0.0 margo.cafreedom.com

Removed hosts entry: 0.0.0.0 mirka.cafreedom.com

Removed hosts entry: 0.0.0.0 money.cafreedom.com

Removed hosts entry: 0.0.0.0 morze.cafreedom.com

Removed hosts entry: 0.0.0.0 www.camberageflex.com

Removed hosts entry: 0.0.0.0 www.collarsaround.com

Removed hosts entry: 0.0.0.0 www.emorningmoss.net

Removed hosts entry: 0.0.0.0 www.etightstrings.net

Removed hosts entry: 0.0.0.0 www.logiose.com

Removed hosts entry: 0.0.0.0 www.moltenmagnet.net

Removed hosts entry: 0.0.0.0 www.netremoteline.com

Removed hosts entry: 0.0.0.0 www.treestompertime.net

Removed hosts entry: 0.0.0.0 install.007guard.com

Removed hosts entry: 0.0.0.0 download.007guard.com

Removed hosts entry: 0.0.0.0 www.007guard.com

Removed hosts entry: 0.0.0.0 2search.org

Removed hosts entry: 0.0.0.0 www.2search.org

Removed hosts entry: 0.0.0.0 hotmsnnames.com

Removed hosts entry: 0.0.0.0 www.hotmsnnames.com

Removed hosts entry: 0.0.0.0 www.hottestgames.net

Removed hosts entry: 0.0.0.0 adserver.shizzlehost.com

Removed hosts entry: 0.0.0.0 www.shizzlelyrics.com

Removed hosts entry: 0.0.0.0 www.shizzletraffic.com

Removed hosts entry: 0.0.0.0 sv1.xmcmx.net

Removed hosts entry: 0.0.0.0 webmasterz.biz

Removed hosts entry: 0.0.0.0 www.webmasterz.biz

Removed hosts entry: 0.0.0.0 www.xyfex.com

Removed hosts entry: 0.0.0.0 alset.com

Removed hosts entry: 0.0.0.0 www.alset.com

Removed hosts entry: 0.0.0.0 allcybersearch.com

Removed hosts entry: 0.0.0.0 www.allcybersearch.com

Removed hosts entry: 0.0.0.0 amigeek.com

Removed hosts entry: 0.0.0.0 www.amigeek.com

Removed hosts entry: 0.0.0.0 clickyestoenter.net

Removed hosts entry: 0.0.0.0 www.clickyestoenter.net

Removed hosts entry: 0.0.0.0 www.gay50.com

Removed hosts entry: 0.0.0.0 gocybersearch.com

Removed hosts entry: 0.0.0.0 www.gocybersearch.com

Removed hosts entry: 0.0.0.0 www.hotelxxxcams.com

Removed hosts entry: 0.0.0.0 hotpopup.com

Removed hosts entry: 0.0.0.0 search.hotpopup.com

Removed hosts entry: 0.0.0.0 www.hotpopup.com

Removed hosts entry: 0.0.0.0 hotsearchbox.com

Removed hosts entry: 0.0.0.0 www.hotsearchbox.com

Removed hosts entry: 0.0.0.0 i--search.com

Removed hosts entry: 0.0.0.0 www.i--search.com

Removed hosts entry: 0.0.0.0 jethomepage.com

Removed hosts entry: 0.0.0.0 www.jethomepage.com

Removed hosts entry: 0.0.0.0 jetseeker.com

Removed hosts entry: 0.0.0.0 www.jetseeker.com

Removed hosts entry: 0.0.0.0 searchxl.com

Removed hosts entry: 0.0.0.0 www.searchxl.com

Removed hosts entry: 0.0.0.0 tinybar.com

Removed hosts entry: 0.0.0.0 www.tinybar.com

Removed hosts entry: 0.0.0.0 topsearcher.com

Removed hosts entry: 0.0.0.0 www.topsearcher.com

Removed hosts entry: 0.0.0.0 trixscripts.com

Removed hosts entry: 0.0.0.0 www.trixscripts.com

Removed hosts entry: 0.0.0.0 zeropopup.com

Removed hosts entry: 0.0.0.0 www.zeropopup.com

Removed hosts entry: 0.0.0.0 znext.com

Removed hosts entry: 0.0.0.0 www.znext.com

Removed hosts entry: 0.0.0.0 cdn1.adsdk.com

Removed hosts entry: 0.0.0.0 cdn2.adsdk.com

Removed hosts entry: 0.0.0.0 advertising.com

Removed hosts entry: 0.0.0.0 adserve.advertising.com

Removed hosts entry: 0.0.0.0 bannerfarm.ace.advertising.com

Removed hosts entry: 0.0.0.0 dbs.advertising.com

Removed hosts entry: 0.0.0.0 demo.advertising.com

Removed hosts entry: 0.0.0.0 opera1-servedby.advertising.com

Removed hosts entry: 0.0.0.0 servedby.advertising.com

Removed hosts entry: 0.0.0.0 rd.advertising.com

Removed hosts entry: 0.0.0.0 wap.advertising.com

Removed hosts entry: 0.0.0.0 www.advertising.com

Removed hosts entry: 0.0.0.0 clk4.com

Removed hosts entry: 0.0.0.0 www.clk4.com

Removed hosts entry: 0.0.0.0 www.contextualclicks.com

Removed hosts entry: 0.0.0.0 fastseeker.com

Removed hosts entry: 0.0.0.0 www.fastseeker.com

Removed hosts entry: 0.0.0.0 spyblast.com

Removed hosts entry: 0.0.0.0 www.spyblast.com

Removed hosts entry: 0.0.0.0 www.thesearchster.com

Removed hosts entry: 0.0.0.0 ads.ign.com

Removed hosts entry: 0.0.0.0 adserver.ign.com

Removed hosts entry: 0.0.0.0 t.ign.com

Removed hosts entry: 0.0.0.0 tracker.ign.com

Removed hosts entry: 0.0.0.0 adserver.snowball.com

Removed hosts entry: 0.0.0.0 polls.snowball.com

Removed hosts entry: 0.0.0.0 scripts.snowball.com

Removed hosts entry: 0.0.0.0 t.snowball.com

Removed hosts entry: 0.0.0.0 tracker.snowball.com

Removed hosts entry: 0.0.0.0 www.allheadlinenews.com

Removed hosts entry: 0.0.0.0 www.americlicks.com

Removed hosts entry: 0.0.0.0 www.weatherclicks.com

Removed hosts entry: 0.0.0.0 altnet.com

Removed hosts entry: 0.0.0.0 file.altnet.com

Removed hosts entry: 0.0.0.0 media.altnet.com

Removed hosts entry: 0.0.0.0 ts.altnet.com

Removed hosts entry: 0.0.0.0 tss.altnet.com

Removed hosts entry: 0.0.0.0 pm.altnet.com

Removed hosts entry: 0.0.0.0 www.altnet.com

Removed hosts entry: 0.0.0.0 www.altnetp2p.com

Removed hosts entry: 0.0.0.0 brilliantdigital.com

Removed hosts entry: 0.0.0.0 st.brilliantdigital.com

Removed hosts entry: 0.0.0.0 www.brilliantdigital.com

Removed hosts entry: 0.0.0.0 b3d.com

Removed hosts entry: 0.0.0.0 bde3d.com

Removed hosts entry: 0.0.0.0 www.b3d.com

Removed hosts entry: 0.0.0.0 xiti.com

Removed hosts entry: 0.0.0.0 loga.xiti.com

Removed hosts entry: 0.0.0.0 logc13.xiti.com

Removed hosts entry: 0.0.0.0 logi6.xiti.com

Removed hosts entry: 0.0.0.0 logi7.xiti.com

Removed hosts entry: 0.0.0.0 logv3.xiti.com

Removed hosts entry: 0.0.0.0 logv18.xiti.com

Removed hosts entry: 0.0.0.0 logv20.xiti.com

Removed hosts entry: 0.0.0.0 logv21.xiti.com

Removed hosts entry: 0.0.0.0 logv26.xiti.com

Removed hosts entry: 0.0.0.0 logp.xiti.com

Removed hosts entry: 0.0.0.0 trafic.xiti.com

Removed hosts entry: 0.0.0.0 www.xiti.com

Removed hosts entry: 0.0.0.0 adintelligence.net

Removed hosts entry: 0.0.0.0 acc.adintelligence.net

Removed hosts entry: 0.0.0.0 adchannel.adintelligence.net

Removed hosts entry: 0.0.0.0 creatives.adintelligence.net

Removed hosts entry: 0.0.0.0 download.adintelligence.net

Removed hosts entry: 0.0.0.0 www.adintelligence.net

Removed hosts entry: 0.0.0.0 adchannel.contextplus.net

Removed hosts entry: 0.0.0.0 au.contextplus.net

Removed hosts entry: 0.0.0.0 download.contextplus.net

Removed hosts entry: 0.0.0.0 www.contextplus.net

Removed hosts entry: 0.0.0.0 www.contextplus.com

Removed hosts entry: 0.0.0.0 adv.peopleonpage.com

Removed hosts entry: 0.0.0.0 app.peopleonpage.com

Removed hosts entry: 0.0.0.0 download.peopleonpage.com

Removed hosts entry: 0.0.0.0 envolo.peopleonpage.com

Removed hosts entry: 0.0.0.0 img.peopleonpage.com

Removed hosts entry: 0.0.0.0 srv.peopleonpage.com

Removed hosts entry: 0.0.0.0 www.peopleonpage.com

Removed hosts entry: 0.0.0.0 www.avenuea.com

Removed hosts entry: 0.0.0.0 att.atdmt.com

Removed hosts entry: 0.0.0.0 click.atdmt.com

Removed hosts entry: 0.0.0.0 clk.atdmt.com

Removed hosts entry: 0.0.0.0 image.atdmt.com

Removed hosts entry: 0.0.0.0 spd.atdmt.com

Removed hosts entry: 0.0.0.0 spe.atdmt.com

Removed hosts entry: 0.0.0.0 switch.atdmt.com

Removed hosts entry: 0.0.0.0 view.atdmt.com

Removed hosts entry: 0.0.0.0 www.atdmt.com

Removed hosts entry: 0.0.0.0 atlasdmt.com

Removed hosts entry: 0.0.0.0 www.atlasdmt.com

Removed hosts entry: 0.0.0.0 www.avenueainc.com

Removed hosts entry: 0.0.0.0 ads.toplayerserver.com

Removed hosts entry: 0.0.0.0 www1.toplayerserver.com

Removed hosts entry: 0.0.0.0 www.toplayerserver.com

Removed hosts entry: 0.0.0.0 track.roiservice.com

Removed hosts entry: 0.0.0.0 affiliates.jeanharris.com

Removed hosts entry: 0.0.0.0 popup.jeanharris.com

Removed hosts entry: 0.0.0.0 spyware-removal.net

Removed hosts entry: 0.0.0.0 www.systemdetective.com

Removed hosts entry: 0.0.0.0 ztrack.net

Removed hosts entry: 0.0.0.0 active-alert-server.com

Removed hosts entry: 0.0.0.0 www.active-alert-server.com

Removed hosts entry: 0.0.0.0 amnv.net

Removed hosts entry: 0.0.0.0 www.amnv.net

Removed hosts entry: 0.0.0.0 avenuemedia.com

Removed hosts entry: 0.0.0.0 www.avenuemedia.com

Removed hosts entry: 0.0.0.0 climaxbucks.com

Removed hosts entry: 0.0.0.0 cdn.climaxbucks.com

Removed hosts entry: 0.0.0.0 mt1.climaxbucks.com

Removed hosts entry: 0.0.0.0 mt23.climaxbucks.com

Removed hosts entry: 0.0.0.0 xbs.climaxbucks.com

Removed hosts entry: 0.0.0.0 www.climaxbucks.com

Removed hosts entry: 0.0.0.0 xbs.cocktailcash.com

Removed hosts entry: 0.0.0.0 cocktailcash.com

Removed hosts entry: 0.0.0.0 www.cocktailcash.com

Removed hosts entry: 0.0.0.0 internet-optimizer.com

Removed hosts entry: 0.0.0.0 ads.internet-optimizer.com

Removed hosts entry: 0.0.0.0 configure.internet-optimizer.com

Removed hosts entry: 0.0.0.0 help.internet-optimizer.com

Removed hosts entry: 0.0.0.0 www.internet-optimizer.com

Removed hosts entry: 0.0.0.0 www.lunasearch.com

Removed hosts entry: 0.0.0.0 movies-etc.com

Removed hosts entry: 0.0.0.0 cdn.movies-etc.com

Removed hosts entry: 0.0.0.0 cdn2.movies-etc.com

Removed hosts entry: 0.0.0.0 www.movies-etc.com

Removed hosts entry: 0.0.0.0 yoogee.com

Removed hosts entry: 0.0.0.0 www.yoogee.com

Removed hosts entry: 0.0.0.0 i.1100i.com

Removed hosts entry: 0.0.0.0 images.1100i.com

Removed hosts entry: 0.0.0.0 www.adroz.com

Removed hosts entry: 0.0.0.0 c.azjmp.com

Removed hosts entry: 0.0.0.0 www.azjmp.com

Removed hosts entry: 0.0.0.0 images.azoogleads.com

Removed hosts entry: 0.0.0.0 images.azooimages.com

Removed hosts entry: 0.0.0.0 www.azoogleads.com

Removed hosts entry: 0.0.0.0 b.bluetime.com

Removed hosts entry: 0.0.0.0 b1.bluetime.com

Removed hosts entry: 0.0.0.0 images.bluetime.com

Removed hosts entry: 0.0.0.0 www.bluetime.com

Removed hosts entry: 0.0.0.0 www.giftfox.com

Removed hosts entry: 0.0.0.0 images.hostimages.net

Removed hosts entry: 0.0.0.0 images.imagesbyaz.com

Removed hosts entry: 0.0.0.0 images.imgehost.com

Removed hosts entry: 0.0.0.0 impulseleads.com

Removed hosts entry: 0.0.0.0 www.impulseleads.com

Removed hosts entry: 0.0.0.0 images.imgserver.net

Removed hosts entry: 0.0.0.0 www.merchantportal.com

Removed hosts entry: 0.0.0.0 www.mport.com

Removed hosts entry: 0.0.0.0 www.mptrack.com

Removed hosts entry: 0.0.0.0 www.mydishprovider.com

Removed hosts entry: 0.0.0.0 noadware.biz

Removed hosts entry: 0.0.0.0 www.noadware.biz

Removed hosts entry: 0.0.0.0 1.primaryads.com

Removed hosts entry: 0.0.0.0 c.qckjmp.com

Removed hosts entry: 0.0.0.0 google.begin2search.com

Removed hosts entry: 0.0.0.0 toolbar.begin2search.com

Removed hosts entry: 0.0.0.0 www.begin2search.com

Removed hosts entry: 0.0.0.0 bigtrafficnetwork.com

Removed hosts entry: 0.0.0.0 www2.bigtrafficnetwork.com

Removed hosts entry: 0.0.0.0 www3.bigtrafficnetwork.com

Removed hosts entry: 0.0.0.0 www.bigtrafficnetwork.com

Removed hosts entry: 0.0.0.0 www2.click2begin.com

Removed hosts entry: 0.0.0.0 desktoptraffic.net

Removed hosts entry: 0.0.0.0 toolbar.desktoptraffic.net

Removed hosts entry: 0.0.0.0 popupsearches.com

Removed hosts entry: 0.0.0.0 www2.popupsearches.com

Removed hosts entry: 0.0.0.0 www.popupsearches.com

Removed hosts entry: 0.0.0.0 trafficgeneration.biz

Removed hosts entry: 0.0.0.0 toolbar.trafficgeneration.biz

Removed hosts entry: 0.0.0.0 toolbar2.trafficgeneration.biz

Removed hosts entry: 0.0.0.0 toolbar3.trafficgeneration.biz

Removed hosts entry: 0.0.0.0 toolbar4.trafficgeneration.biz

Removed hosts entry: 0.0.0.0 www.trafficgeneration.biz

Removed hosts entry: 0.0.0.0 www2.1evidencekiller.com

Removed hosts entry: 0.0.0.0 www2.1historyeraser.com

Removed hosts entry: 0.0.0.0 www2.1popupblocker.com

Removed hosts entry: 0.0.0.0 www2.1registrycleaner.com

Removed hosts entry: 0.0.0.0 www.1spywarekiller.com

Removed hosts entry: 0.0.0.0 www2.1spywarekiller.com

Removed hosts entry: 0.0.0.0 www3.1spywarekiller.com

Removed hosts entry: 0.0.0.0 exits.evilbucks.com

Removed hosts entry: 0.0.0.0 stats.evilbucks.com

Removed hosts entry: 0.0.0.0 www.evilmembers.com

Removed hosts entry: 0.0.0.0 www2.surfertools.com

Removed hosts entry: 0.0.0.0 www.surfertools.com

Removed hosts entry: 0.0.0.0 zippy-lookup.com

Removed hosts entry: 0.0.0.0 www.zippy-lookup.com

Removed hosts entry: 0.0.0.0 www.eaffiliateinc.com

Removed hosts entry: 0.0.0.0 gpstool.globaladserver.com

Removed hosts entry: 0.0.0.0 www.globaladserver.com

Removed hosts entry: 0.0.0.0 globalwebsearch.com

Removed hosts entry: 0.0.0.0 toolbar.globalwebsearch.com

Removed hosts entry: 0.0.0.0 toolbar2.globalwebsearch.com

Removed hosts entry: 0.0.0.0 www.globalwebsearch.com

Removed hosts entry: 0.0.0.0 goldmembersarea.com

Removed hosts entry: 0.0.0.0 www.goldmembersarea.com

Removed hosts entry: 0.0.0.0 gophersearch.com

Removed hosts entry: 0.0.0.0 www.gophersearch.com

Removed hosts entry: 0.0.0.0 www.megaadultsite.com

Removed hosts entry: 0.0.0.0 secure.pinkpays.com

Removed hosts entry: 0.0.0.0 www.pinkpays.com

Removed hosts entry: 0.0.0.0 vroomsearch.com

Removed hosts entry: 0.0.0.0 www.vroomsearch.com

Removed hosts entry: 0.0.0.0 worldanywhere.com

Removed hosts entry: 0.0.0.0 toolbar.worldanywhere.com

Removed hosts entry: 0.0.0.0 www.worldanywhere.com

Removed hosts entry: 0.0.0.0 www.icannnews.com

Removed hosts entry: 0.0.0.0 kvmmedia.com

Removed hosts entry: 0.0.0.0 mononews.com

Removed hosts entry: 0.0.0.0 www.alarm-works.com

Removed hosts entry: 0.0.0.0 www.beachtrash.com

Removed hosts entry: 0.0.0.0 www.600.net

Removed hosts entry: 0.0.0.0 www.aimface.com

Removed hosts entry: 0.0.0.0 www.funnyjoke.net

Removed hosts entry: 0.0.0.0 www.imbuddy.net

Removed hosts entry: 0.0.0.0 www.ratepic.com

Removed hosts entry: 0.0.0.0 1cat.com

Removed hosts entry: 0.0.0.0 i.1cat.com

Removed hosts entry: 0.0.0.0 www.1cat.com

Removed hosts entry: 0.0.0.0 selectbonus.com

Removed hosts entry: 0.0.0.0 www.selectbonus.com

Removed hosts entry: 0.0.0.0 www.shopathome.com

Removed hosts entry: 0.0.0.0 shopathomeselect.com

Removed hosts entry: 0.0.0.0 download1.shopathomeselect.com

Removed hosts entry: 0.0.0.0 downloads.shopathomeselect.com

Removed hosts entry: 0.0.0.0 download21.shopathomeselect.com

Removed hosts entry: 0.0.0.0 www.shopathomeselect.com

Removed hosts entry: 0.0.0.0 adcounter.theglobeandmail.com

Removed hosts entry: 0.0.0.0 adrates.theglobeandmail.com

Removed hosts entry: 0.0.0.0 ads.globeandmail.com

Removed hosts entry: 0.0.0.0 ads1.theglobeandmail.com

Removed hosts entry: 0.0.0.0 visit.theglobeandmail.com

Removed hosts entry: 0.0.0.0 www1.theglobeandmail.com

Removed hosts entry: 0.0.0.0 www.321search.com

Removed hosts entry: 0.0.0.0 www.bitwisepublishing.com

Removed hosts entry: 0.0.0.0 www.free-patriotic-screensavers.com

Removed hosts entry: 0.0.0.0 www.my247eshop.com

Removed hosts entry: 0.0.0.0 www.scenicreflections.com

Removed hosts entry: 0.0.0.0 adbot.com

Removed hosts entry: 0.0.0.0 w1.adbot.com

Removed hosts entry: 0.0.0.0 www.adbot.com

Removed hosts entry: 0.0.0.0 counter.bloke.com

Removed hosts entry: 0.0.0.0 www1.counter.bloke.com

Removed hosts entry: 0.0.0.0 www3.counter.bloke.com

Removed hosts entry: 0.0.0.0 www4.counter.bloke.com

Removed hosts entry: 0.0.0.0 www5.counter.bloke.com

Removed hosts entry: 0.0.0.0 www6.counter.bloke.com

Removed hosts entry: 0.0.0.0 www7.counter.bloke.com

Removed hosts entry: 0.0.0.0 counterbot.com

Removed hosts entry: 0.0.0.0 cb1.counterbot.com

Removed hosts entry: 0.0.0.0 bluestreak.com

Removed hosts entry: 0.0.0.0 ak.bluestreak.com

Removed hosts entry: 0.0.0.0 ca1.bluestreak.com

Removed hosts entry: 0.0.0.0 s0.bluestreak.com

Removed hosts entry: 0.0.0.0 s0b.bluestreak.com

Removed hosts entry: 0.0.0.0 s1.bluestreak.com

Removed hosts entry: 0.0.0.0 s2.bluestreak.com

Removed hosts entry: 0.0.0.0 s3.bluestreak.com

Removed hosts entry: 0.0.0.0 s4.bluestreak.com

Removed hosts entry: 0.0.0.0 s5.bluestreak.com

Removed hosts entry: 0.0.0.0 s6.bluestreak.com

Removed hosts entry: 0.0.0.0 s7.bluestreak.com

Removed hosts entry: 0.0.0.0 s8.bluestreak.com

Removed hosts entry: 0.0.0.0 www.bluestreak.com

Removed hosts entry: 0.0.0.0 www.bluetidesoftware.com

Removed hosts entry: 0.0.0.0 surfsidekick.com

Removed hosts entry: 0.0.0.0 ads.surfsidekick.com

Removed hosts entry: 0.0.0.0 dl.surfsidekick.com

Removed hosts entry: 0.0.0.0 www.surfsidekick.com

Removed hosts entry: 0.0.0.0 www.block-checker.com

Removed hosts entry: 0.0.0.0 www.spootie.com

Removed hosts entry: 0.0.0.0 www.system-processes.com

Removed hosts entry: 0.0.0.0 secure.certone.com

Removed hosts entry: 0.0.0.0 www.filefront.net

Removed hosts entry: 0.0.0.0 www.gizmoyo.com

Removed hosts entry: 0.0.0.0 www.torrentsearcher.net

Removed hosts entry: 0.0.0.0 www.xcode.info

Removed hosts entry: 0.0.0.0 files.xeol.net

Removed hosts entry: 0.0.0.0 pr.xeol.net

Removed hosts entry: 0.0.0.0 download.bonzi.com

Removed hosts entry: 0.0.0.0 images.bonzi.com

Removed hosts entry: 0.0.0.0 www.bonzi.com

Removed hosts entry: 0.0.0.0 www.bonzibuddy.com

Removed hosts entry: 0.0.0.0 cdn.gms1.net

Removed hosts entry: 0.0.0.0 i.gms1.net

Removed hosts entry: 0.0.0.0 www.gms1.net

Removed hosts entry: 0.0.0.0 bravenet.com

Removed hosts entry: 0.0.0.0 adserv.bravenet.com

Removed hosts entry: 0.0.0.0 images.bravenet.com

Removed hosts entry: 0.0.0.0 linktrack.bravenet.com

Removed hosts entry: 0.0.0.0 pub1.bravenet.com

Removed hosts entry: 0.0.0.0 www.bravenet.com

Removed hosts entry: 0.0.0.0 belgiandip.com

Removed hosts entry: 0.0.0.0 www.belgiandip.com

Removed hosts entry: 0.0.0.0 www.illtemperedguppys.com

Removed hosts entry: 0.0.0.0 www.no-beba-el-agua.com

Removed hosts entry: 0.0.0.0 www.undergroundlair.net

Removed hosts entry: 0.0.0.0 www2.undergroundlair.net

Removed hosts entry: 0.0.0.0 www.00z70az77mnsa-00swj1zzprh.com

Removed hosts entry: 0.0.0.0 www.funcionamiento-con-la-tijera.com

Removed hosts entry: 0.0.0.0 www.pshnw6510990nmo-34nue7700.net

Removed hosts entry: 0.0.0.0 www.anquiro.com

Removed hosts entry: 0.0.0.0 show.budsinc.com

Removed hosts entry: 0.0.0.0 www.budsinc.com

Removed hosts entry: 0.0.0.0 www.musicfeet.com

Removed hosts entry: 0.0.0.0 www.iwebmusic.com

Removed hosts entry: 0.0.0.0 iwebtunes.com

Removed hosts entry: 0.0.0.0 www.iwebtunes.com

Removed hosts entry: 0.0.0.0 ads.addesktop.com

Removed hosts entry: 0.0.0.0 burstmedia.com

Removed hosts entry: 0.0.0.0 web.burstmedia.com

Removed hosts entry: 0.0.0.0 roscoe.burstmedia.com

Removed hosts entry: 0.0.0.0 ads.burstnet.com

Removed hosts entry: 0.0.0.0 gifs.burstnet.com

Removed hosts entry: 0.0.0.0 sj.burstnet.com

Removed hosts entry: 0.0.0.0 te.burstnet.com

Removed hosts entry: 0.0.0.0 text.burstnet.com

Removed hosts entry: 0.0.0.0 www.burstnet.com

Removed hosts entry: 0.0.0.0 www2.burstnet.com

Removed hosts entry: 0.0.0.0 www3.burstnet.com

Removed hosts entry: 0.0.0.0 www4.burstnet.com

Removed hosts entry: 0.0.0.0 www5.burstnet.com

Removed hosts entry: 0.0.0.0 www6.burstnet.com

Removed hosts entry: 0.0.0.0 www.burstnet.akadns.net

Removed hosts entry: 0.0.0.0 casalemedia.com

Removed hosts entry: 0.0.0.0 as.casalemedia.com

Removed hosts entry: 0.0.0.0 asg01.casalemedia.com

Removed hosts entry: 0.0.0.0 asg02.casalemedia.com

Removed hosts entry: 0.0.0.0 asg03.casalemedia.com

Removed hosts entry: 0.0.0.0 asg04.casalemedia.com

Removed hosts entry: 0.0.0.0 asg05.casalemedia.com

Removed hosts entry: 0.0.0.0 asg06.casalemedia.com

Removed hosts entry: 0.0.0.0 asg07.casalemedia.com

Removed hosts entry: 0.0.0.0 asg08.casalemedia.com

Removed hosts entry: 0.0.0.0 asg09.casalemedia.com

Removed hosts entry: 0.0.0.0 asg10.casalemedia.com

Removed hosts entry: 0.0.0.0 asg11.casalemedia.com

Removed hosts entry: 0.0.0.0 asg12.casalemedia.com

Removed hosts entry: 0.0.0.0 asg13.casalemedia.com

Removed hosts entry: 0.0.0.0 asg14.casalemedia.com

Removed hosts entry: 0.0.0.0 asg15.casalemedia.com

Removed hosts entry: 0.0.0.0 asg16.casalemedia.com

Removed hosts entry: 0.0.0.0 asg17.casalemedia.com

Removed hosts entry: 0.0.0.0 asg18.casalemedia.com

Removed hosts entry: 0.0.0.0 asg19.casalemedia.com

Removed hosts entry: 0.0.0.0 asg20.casalemedia.com

Removed hosts entry: 0.0.0.0 asg21.casalemedia.com

Removed hosts entry: 0.0.0.0 asg22.casalemedia.com

Removed hosts entry: 0.0.0.0 asg23.casalemedia.com

Removed hosts entry: 0.0.0.0 asg24.casalemedia.com

Removed hosts entry: 0.0.0.0 asg25.casalemedia.com

Removed hosts entry: 0.0.0.0 asg26.casalemedia.com

Removed hosts entry: 0.0.0.0 asg27.casalemedia.com

Removed hosts entry: 0.0.0.0 asg28.casalemedia.com

Removed hosts entry: 0.0.0.0 asg29.casalemedia.com

Removed hosts entry: 0.0.0.0 asg30.casalemedia.com

Removed hosts entry: 0.0.0.0 asg31.casalemedia.com

Removed hosts entry: 0.0.0.0 asg32.casalemedia.com

Removed hosts entry: 0.0.0.0 asg33.casalemedia.com

Removed hosts entry: 0.0.0.0 asg34.casalemedia.com

Removed hosts entry: 0.0.0.0 asg35.casalemedia.com

Removed hosts entry: 0.0.0.0 asg36.casalemedia.com

Removed hosts entry: 0.0.0.0 asg37.casalemedia.com

Removed hosts entry: 0.0.0.0 asg38.casalemedia.com

Removed hosts entry: 0.0.0.0 asg39.casalemedia.com

Removed hosts entry: 0.0.0.0 asg40.casalemedia.com

Removed hosts entry: 0.0.0.0 asg41.casalemedia.com

Removed hosts entry: 0.0.0.0 asg42.casalemedia.com

Removed hosts entry: 0.0.0.0 asg43.casalemedia.com

Removed hosts entry: 0.0.0.0 asg44.casalemedia.com

Removed hosts entry: 0.0.0.0 asg45.casalemedia.com

Removed hosts entry: 0

[Armando Leitão 0]

Ainda tem mais mais é muito grande então vou colocar aqui em baixo o hijackthis..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:05:28, on 27/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\antoniol399@hotmail.com\Sharing Folders\Installer\WINXP\WBG901.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 9462 bytes

[Silas Martins 0]

Baixe o MSN Vírus Cleaner em : http://dcmagnet.eu/download/MsnCleaner/down/MsnCleaner.exe

Utilize o MSN Vírus Cleaner para eliminar processos suspeitos (como os de vírus, por exemplo) e limpar arquivos temporários, cache e lixeira. Para conseguir rodá-lo, você deve fechar o MSN e executar o arquivo, reiniciando o computador logo em seguida. Não é necessário realizar instalação.

[Armando Leitão 0]

Quando executei o arquivo apareceu um erro veja:

 

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

[Armando Leitão 0]

ComboFix 09-02-12.03 - Administrador 2009-02-12 21:50:41.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.383.147 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.exe

c:\windows\system32\autorun.ini

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\erma.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbieh.gmd

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbpdist.dll

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\gbpdist.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\LegitCheckControl.inf

c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Legacy_NPF

-------\Service_GbpSv

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-12 to 2009-02-12 ))))))))))))))))))))))))))))

.

 

2009-01-27 21:04 . 2009-01-27 21:04 401,720 --a------ C:\HiJackThis.exe

2009-01-23 21:08 . 2009-01-23 21:08 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-01-23 20:57 . 2009-01-27 19:59 <DIR> d-------- c:\arquivos de programas\Add Remove Pro

2009-01-23 09:12 . 2009-01-23 09:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-01-23 09:12 . 2009-01-23 09:12 <DIR> d-------- c:\arquivos de programas\Avira

2009-01-23 09:05 . 2009-01-23 09:05 268 --ah----- C:\sqmdata14.sqm

2009-01-23 09:05 . 2009-01-23 09:05 244 --ah----- C:\sqmnoopt14.sqm

2009-01-18 09:10 . 2009-01-23 09:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira(2)

2009-01-16 09:58 . 2009-01-16 09:58 268 --ah----- C:\sqmdata13.sqm

2009-01-16 09:58 . 2009-01-16 09:58 244 --ah----- C:\sqmnoopt13.sqm

2009-01-14 08:16 . 2009-01-14 08:16 268 --ah----- C:\sqmdata12.sqm

2009-01-14 08:16 . 2009-01-14 08:16 244 --ah----- C:\sqmnoopt12.sqm

2009-01-13 22:26 . 2009-01-13 22:26 268 --ah----- C:\sqmdata11.sqm

2009-01-13 22:26 . 2009-01-13 22:26 244 --ah----- C:\sqmnoopt11.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-12 23:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-12 23:54 --------- d-----w c:\arquivos de programas\GbPlugin

2009-01-23 11:20 --------- d-----w c:\arquivos de programas\Yahoo!

2009-01-23 11:13 --------- d-----w c:\arquivos de programas\Google

2009-01-10 10:53 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-12-21 22:20 --------- d-----w c:\arquivos de programas\Método de Guitarra - Volumen I DEMO

2008-12-21 21:13 --------- d-----w c:\arquivos de programas\LenMus3.6

2008-12-18 22:00 --------- d--h--r c:\documents and settings\All Users\Dados de aplicativos\yahoo!

2008-12-18 21:59 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Yahoo!

2008-12-18 12:44 --------- d-----w c:\arquivos de programas\CCleaner

2008-12-16 23:49 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-12-16 23:49 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-12-16 23:42 24,192 ----a-w c:\documents and settings\Administrador\usbsermptxp.sys

2008-12-16 23:42 22,768 ----a-w c:\documents and settings\Administrador\usbsermpt.sys

2006-07-31 00:20 959 --sha-r c:\windows\system32\autorun.bin

2006-03-20 17:01 729,088 --sha-r c:\windows\system32\AutoRun.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Octoshape Streaming Services"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Wireless Intelbras WBG901.lnk - c:\documents and settings\Administrador\Configura‡äes locais\Dados de aplicativos\Microsoft\Messenger\antoniol399@hotmail.com\Sharing Folders\Installer\WINXP\WBG901.exe [2008-11-26 671744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 14:47 384840 c:\arquiv~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2008-09-01 14:47 384840 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^UOL Voip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\UOL Voip.lnk

backup=c:\windows\pss\UOL Voip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicio rápido de HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Inicio rápido de HP Image Zone.lnk

backup=c:\windows\pss\Inicio rápido de HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABAEnglish MiniCourse]

--a------ 2008-08-01 09:24 785920 c:\abaenglishminicourse\abaenglishminicourse.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

--a------ 2008-08-10 05:15 2064384 c:\arquivos de programas\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 13:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]

--a------ 2005-03-28 18:55 24576 c:\windows\system32\drivers\RMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a------ 2005-01-14 11:00 339968 c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-20 10:35 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-25 22:28 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

--a------ 2008-07-11 15:06 223984 c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-04-12 02:10 65536 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atalho para a Página de Propriedades do High Definition Audio]

--------- 2005-01-07 18:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-14 00:21 110592 c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-04-13 00:21 14156800 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]

R2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [2005-04-22 13912]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-01-05 226768]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2007-05-05 28672]

UnknownUnknown GbpSv;GbpSv; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-12 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-AtiExtEvent - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://br.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://br.yahoo.com

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {156086F0-6C6A-4D0A-8E6B-A8013B76EB5B} = 192.168.0.1

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - hxxp://www.terra.com.br/ads/campanhas/vxp/install.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-12 21:56:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(556)

c:\arquiv~1\GBPLUGIN\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\slserv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-12 22:00:21 - Máquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2009-02-13 00:00:13

 

Pré-execução: 14 pasta(s) 44.487.987.200 bytes disponíveis

Pós execução: 14 pasta(s) 44,425,527,296 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

249 --- E O F --- 2009-02-11 11:11:53

[Armando Leitão 0]

Logfile of Trend Micro HijackThis v2.0.2 ATUALIZADO

Scan saved at 22:06:58, on 12/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 8635 bytes

[Armando Leitão 0]

Estou esperando resposta...

[Silas Martins 0]

Desculpe a demora mas não havia marcado seu tópico.

Retomando a análise:

Baixe o bankerfix.exe.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

[Armando Leitão 0]

BankerFix 3.0 VALKYRIE - Banker Trojan Remover

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Date: 2009-03-23 - 19:52

-------------------------------------------------------

Version: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- End -------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:47, on 23/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\antoniol399@hotmail.com\Sharing Folders\Installer\WINXP\WBG901.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 9546 bytes

[Silas Martins 0]

1ºPasso

Vá em Iniciar > Executar e digite (ou copie e cole): ComboFix /u

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.

Apague as pastas C:\ComboFix e C:\Qoobox, caso existam.

 

2ºPasso:

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt e do novo log Hijackthis em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Aguardo retorno

[Armando Leitão 0]

ComboFix 09-03-23.01 - Administrador 2009-03-25 20:09:18.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.383.152 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090324-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))

.

 

2009-03-25 20:00 . 2009-03-25 20:00 4,444 --a------ c:\windows\system32\pid.PNF

2009-03-25 17:09 . 2006-01-12 08:46 252,928 -ra------ c:\windows\system32\drivers\rt73.sys

2009-03-24 20:41 . 2009-03-24 20:41 <DIR> d-------- c:\windows\system32\KB905474

2009-03-24 20:41 . 2009-03-10 22:26 1,434,496 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-03-24 20:41 . 2009-03-10 22:18 454,536 --a------ c:\windows\system32\KB905474\wgasetup.exe

2009-03-24 20:41 . 2009-02-09 18:51 14,318 --a------ c:\windows\system32\KB905474\wga_eula.txt

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 23:16 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-05 06:22 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-27 06:15 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-22 12:55 --------- d-----w c:\arquivos de programas\NitroPC

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Microsoft

2009-02-14 22:45 --------- d-----w c:\arquivos de programas\Microsoft Sync Framework

2009-02-14 22:44 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-02-14 22:42 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-02-14 10:07 --------- d-----w c:\arquivos de programas\Google

2009-02-12 23:54 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-06 21:34 308,616 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 20:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-27 23:04 401,720 ----a-w C:\HiJackThis.exe

2009-01-27 21:59 --------- d-----w c:\arquivos de programas\Add Remove Pro

2008-12-16 23:42 24,192 ----a-w c:\documents and settings\Administrador\usbsermptxp.sys

2008-12-16 23:42 22,768 ----a-w c:\documents and settings\Administrador\usbsermpt.sys

2006-07-31 00:20 959 --sha-r c:\windows\system32\autorun.bin

2006-03-20 17:01 729,088 --sha-r c:\windows\system32\AutoRun.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-04-08 3434000]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 13:47 384840 c:\arquiv~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2008-09-01 13:47 384840 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^UOL Voip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\UOL Voip.lnk

backup=c:\windows\pss\UOL Voip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicio rápido de HP Image Zone.lnk]

backup=c:\windows\pss\Inicio rápido de HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABAEnglish MiniCourse]

--a------ 2008-08-01 08:24 785920 c:\abaenglishminicourse\abaenglishminicourse.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 01:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

--a------ 2008-08-10 04:15 2064384 c:\arquivos de programas\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]

--a------ 2005-03-28 17:55 24576 c:\windows\system32\drivers\RMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a------ 2005-01-14 10:00 339968 c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-20 09:35 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-25 21:28 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

--a------ 2008-07-11 14:06 223984 c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-04-12 01:10 65536 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atalho para a Página de Propriedades do High Definition Audio]

--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 23:21 110592 c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-04-12 23:21 14156800 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R3 cpuz129;cpuz129; [x]

R3 fsssvc;Windows Live Protección Infantil;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

S2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [2005-04-22 13912]

S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\DRIVERS\SLDRV\slazldrv.sys [2005-01-05 226768]

 

 

--- ---

 

*Deregistered* - ALG

*Deregistered* - AntiVirScheduler

*Deregistered* - aswUpdSv

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avast! Antivirus

*Deregistered* - avast! Mail Scanner

*Deregistered* - avast! Web Scanner

*Deregistered* - avipbb

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - BthServ

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - fssfltr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - HTTP

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - JavaQuickStarterService

*Deregistered* - KSecDD

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - Modem

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RecAgent

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - SeaPort

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - Serenum

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SLService

*Deregistered* - SlWdmSup

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - ssmdrv

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VcommMgr

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-25 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-msnmsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://br.yahoo.com

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {156086F0-6C6A-4D0A-8E6B-A8013B76EB5B} = 192.168.0.1

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - hxxp://www.terra.com.br/ads/campanhas/vxp/install.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 20:15:46

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(488)

c:\arquiv~1\GBPLUGIN\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\slserv.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-25 20:23:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-25 23:23:04

 

Pré-execução: 14 pasta(s) 46.031.839.232 bytes disponíveis

Pós execução: 14 pasta(s) 46,024,593,408 bytes disponíveis

 

326 --- E O F --- 2009-03-24 23:41:31

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:27:31, on 25/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 9040 bytes

[Silas Martins 0]

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

c:\windows\system32\AutoRun.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

Aguardo retorno

[Armando Leitão 0]

ComboFix 09-03-23.01 - Administrador 2009-03-25 20:58:59.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.383.126 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\system32\AutoRun.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\AutoRun.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-25 to 2009-03-25 ))))))))))))))))))))))))))))

.

 

2009-03-25 20:56 . 2009-03-25 20:57 <DIR> d-------- C:\32788R22FWJFW

2009-03-25 20:00 . 2009-03-25 20:00 4,444 --a------ c:\windows\system32\pid.PNF

2009-03-25 17:09 . 2006-01-12 08:46 252,928 -ra------ c:\windows\system32\drivers\rt73.sys

2009-03-24 20:41 . 2009-03-24 20:41 <DIR> d-------- c:\windows\system32\KB905474

2009-03-24 20:41 . 2009-03-10 22:26 1,434,496 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-03-24 20:41 . 2009-03-10 22:18 454,536 --a------ c:\windows\system32\KB905474\wgasetup.exe

2009-03-24 20:41 . 2009-02-09 18:51 14,318 --a------ c:\windows\system32\KB905474\wga_eula.txt

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 23:16 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-05 06:22 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-27 06:15 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-22 12:55 --------- d-----w c:\arquivos de programas\NitroPC

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Microsoft

2009-02-14 22:45 --------- d-----w c:\arquivos de programas\Microsoft Sync Framework

2009-02-14 22:44 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-02-14 22:42 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-02-14 10:07 --------- d-----w c:\arquivos de programas\Google

2009-02-12 23:54 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 14:06 1,846,912 ------w c:\windows\system32\DllCache\win32k.sys

2009-02-06 21:34 308,616 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 20:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 20:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-27 23:04 401,720 ----a-w C:\HiJackThis.exe

2009-01-27 21:59 --------- d-----w c:\arquivos de programas\Add Remove Pro

2009-01-16 23:16 3,594,752 ------w c:\windows\system32\DllCache\mshtml.dll

2008-12-16 23:42 24,192 ----a-w c:\documents and settings\Administrador\usbsermptxp.sys

2008-12-16 23:42 22,768 ----a-w c:\documents and settings\Administrador\usbsermpt.sys

2006-07-31 00:20 959 --sha-r c:\windows\system32\autorun.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-04-08 3434000]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 13:47 384840 c:\arquiv~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2008-09-01 13:47 384840 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^UOL Voip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\UOL Voip.lnk

backup=c:\windows\pss\UOL Voip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicio rápido de HP Image Zone.lnk]

backup=c:\windows\pss\Inicio rápido de HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABAEnglish MiniCourse]

--a------ 2008-08-01 08:24 785920 c:\abaenglishminicourse\abaenglishminicourse.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 01:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

--a------ 2008-08-10 04:15 2064384 c:\arquivos de programas\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]

--a------ 2005-03-28 17:55 24576 c:\windows\system32\drivers\RMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a------ 2005-01-14 10:00 339968 c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-20 09:35 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-25 21:28 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

--a------ 2008-07-11 14:06 223984 c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-04-12 01:10 65536 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atalho para a Página de Propriedades do High Definition Audio]

--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 23:21 110592 c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-04-12 23:21 14156800 c:\windows\RTHDCPL.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-14 55152]

R2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [2005-04-22 13912]

R2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-01-05 226768]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 fsssvc;Windows Live Protección Infantil;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2007-05-05 28672]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-25 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://br.yahoo.com

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {156086F0-6C6A-4D0A-8E6B-A8013B76EB5B} = 192.168.0.1

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - hxxp://www.terra.com.br/ads/campanhas/vxp/install.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 21:01:14

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(488)

c:\arquiv~1\GBPLUGIN\gbieh.dll

.

Tempo para conclusão: 2009-03-25 21:04:00

ComboFix-quarantined-files.txt 2009-03-26 00:03:32

ComboFix2.txt 2009-03-25 23:23:17

 

Pré-execução: 15 pasta(s) 45.938.282.496 bytes disponíveis

Pós execução: 15 pasta(s) 45,930,008,576 bytes disponíveis

 

203 --- E O F --- 2009-03-24 23:41:31

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:08:13, on 25/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 9344 bytes

[Silas Martins 0]

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

C?\\WINDOWS\\system32\\FM20ENU.DLL

Registry::

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado

 

2ºPasso

# Inicie o computador em modo de segurança

 

# Execute a ferramenta HiJackThis;

 

# Selecione o(s) item(s) abaixo indicado(s):

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll"

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

 

# Clique no botão "Fix checked";

 

Aguardo o retorno

[Armando Leitão 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59:13, on 25/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\KB905474\wgasetup.exe

C:\WINDOWS\system32\KB905474\wgasetup.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 8975 bytes

 

 

ComboFix 09-03-23.01 - Administrador 2009-03-25 21:35:38.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.383.136 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))

.

 

2009-03-25 20:00 . 2009-03-25 20:00 4,444 --a------ c:\windows\system32\pid.PNF

2009-03-25 17:09 . 2006-01-12 08:46 252,928 -ra------ c:\windows\system32\drivers\rt73.sys

2009-03-24 20:41 . 2009-03-24 20:41 <DIR> d-------- c:\windows\system32\KB905474

2009-03-24 20:41 . 2009-03-10 22:26 1,434,496 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-03-24 20:41 . 2009-03-10 22:18 454,536 --a------ c:\windows\system32\KB905474\wgasetup.exe

2009-03-24 20:41 . 2009-02-09 18:51 14,318 --a------ c:\windows\system32\KB905474\wga_eula.txt

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-25 23:16 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-05 06:22 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-27 06:15 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-22 12:55 --------- d-----w c:\arquivos de programas\NitroPC

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Microsoft

2009-02-14 22:45 --------- d-----w c:\arquivos de programas\Microsoft Sync Framework

2009-02-14 22:44 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-02-14 22:42 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-02-14 10:07 --------- d-----w c:\arquivos de programas\Google

2009-02-12 23:54 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 14:06 1,846,912 ------w c:\windows\system32\DllCache\win32k.sys

2009-02-06 21:34 308,616 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 20:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 20:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-27 23:04 401,720 ----a-w C:\HiJackThis.exe

2009-01-27 21:59 --------- d-----w c:\arquivos de programas\Add Remove Pro

2009-01-16 23:16 3,594,752 ------w c:\windows\system32\DllCache\mshtml.dll

2008-12-16 23:42 24,192 ----a-w c:\documents and settings\Administrador\usbsermptxp.sys

2008-12-16 23:42 22,768 ----a-w c:\documents and settings\Administrador\usbsermpt.sys

2006-07-31 00:20 959 --sha-r c:\windows\system32\autorun.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-04-08 3434000]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 13:47 384840 c:\arquiv~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2008-09-01 13:47 384840 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^UOL Voip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\UOL Voip.lnk

backup=c:\windows\pss\UOL Voip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicio rápido de HP Image Zone.lnk]

backup=c:\windows\pss\Inicio rápido de HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABAEnglish MiniCourse]

--a------ 2008-08-01 08:24 785920 c:\abaenglishminicourse\abaenglishminicourse.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 01:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

--a------ 2008-08-10 04:15 2064384 c:\arquivos de programas\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]

--a------ 2005-03-28 17:55 24576 c:\windows\system32\drivers\RMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a------ 2005-01-14 10:00 339968 c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-20 09:35 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-25 21:28 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

--a------ 2008-07-11 14:06 223984 c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-04-12 01:10 65536 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atalho para a Página de Propriedades do High Definition Audio]

--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 23:21 110592 c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-04-12 23:21 14156800 c:\windows\RTHDCPL.EXE

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-14 55152]

R2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [2005-04-22 13912]

R2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-01-05 226768]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 fsssvc;Windows Live Protección Infantil;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2007-05-05 28672]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-25 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://br.yahoo.com

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {156086F0-6C6A-4D0A-8E6B-A8013B76EB5B} = 192.168.0.1

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - hxxp://www.terra.com.br/ads/campanhas/vxp/install.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 21:37:50

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(488)

c:\arquiv~1\GBPLUGIN\gbieh.dll

.

Tempo para conclusão: 2009-03-25 21:40:52

ComboFix-quarantined-files.txt 2009-03-26 00:40:29

 

Pré-execução: 14 pasta(s) 45.911.732.224 bytes disponíveis

Pós execução: 14 pasta(s) 45,901,963,264 bytes disponíveis

 

195 --- E O F --- 2009-03-24 23:41:31

[Silas Martins 0]

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui aproximadamente 32 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

Aguardo retorno

[Armando Leitão 0]

ComboFix 09-03-27.02 - Administrador 2009-03-28 19:57:50.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.383.106 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

-------\Service_PCIDump

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))

.

 

2009-03-28 18:38 . 2009-03-28 18:38 <DIR> d-------- c:\documents and settings\TEMP\Configurações locais

2009-03-28 18:38 . 2009-03-28 18:38 <DIR> d---s---- c:\documents and settings\TEMP

2009-03-25 22:06 . 2009-03-28 18:38 <DIR> d-------- C:\RECYCLER(2)

2009-03-25 21:53 . 2009-03-25 21:53 <DIR> d-------- C:\backups

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-28 23:03 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-05 06:22 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-02-27 06:15 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-22 12:55 --------- d-----w c:\arquivos de programas\NitroPC

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-14 22:52 --------- d-----w c:\arquivos de programas\Microsoft

2009-02-14 22:45 --------- d-----w c:\arquivos de programas\Microsoft Sync Framework

2009-02-14 22:44 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-02-14 22:42 --------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-02-14 10:07 --------- d-----w c:\arquivos de programas\Google

2009-02-12 23:54 --------- d-----w c:\arquivos de programas\GbPlugin

2009-02-06 21:34 308,616 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 20:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-27 23:04 401,720 ----a-w C:\HiJackThis.exe

2008-12-16 23:42 24,192 ----a-w c:\documents and settings\Administrador\usbsermptxp.sys

2008-12-16 23:42 22,768 ----a-w c:\documents and settings\Administrador\usbsermpt.sys

2006-07-31 00:20 959 --sha-r c:\windows\system32\autorun.bin

2006-03-20 17:01 729,088 --sha-r c:\windows\system32\AutoRun.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-04-08 3434000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Wireless Intelbras WBG901.lnk - c:\documents and settings\Administrador\Configura‡äes locais\Dados de aplicativos\Microsoft\Messenger\antoniol399@hotmail.com\Sharing Folders\Installer\WINXP\WBG901.exe [2008-11-26 671744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-09-01 13:47 384840 c:\arquiv~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2008-09-01 13:47 384840 c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^UOL Voip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\UOL Voip.lnk

backup=c:\windows\pss\UOL Voip.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicio rápido de HP Image Zone.lnk]

backup=c:\windows\pss\Inicio rápido de HP Image Zone.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABAEnglish MiniCourse]

--a------ 2008-08-01 08:24 785920 c:\abaenglishminicourse\abaenglishminicourse.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 23:20 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 01:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

--a------ 2008-08-10 04:15 2064384 c:\arquivos de programas\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]

--a------ 2005-03-28 17:55 24576 c:\windows\system32\drivers\RMC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]

--a------ 2005-01-14 10:00 339968 c:\windows\vsnpstd3.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-20 09:35 136600 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-06-25 21:28 68856 c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

--a------ 2008-07-11 14:06 223984 c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-04-12 01:10 65536 c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atalho para a Página de Propriedades do High Definition Audio]

--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 23:21 110592 c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-04-12 23:21 14156800 c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-23 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-14 55152]

R2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [2005-04-22 13912]

R2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-01-05 226768]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 fsssvc;Windows Live Protección Infantil;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2007-05-05 28672]

UnknownUnknown GbpSv;GbpSv; [x]

 

--- ---

 

*NewlyCreated* - GBPSV

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-msnmsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://br.yahoo.com

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

TCP: {156086F0-6C6A-4D0A-8E6B-A8013B76EB5B} = 192.168.0.1

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - hxxp://www.terra.com.br/ads/campanhas/vxp/install.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-28 20:03:36

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv]

"ImagePath"="c:\arquiv~1\GbPlugin\GbpSv.exe"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(488)

c:\arquiv~1\GBPLUGIN\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\WgaTray.exe

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\slserv.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-28 20:07:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-28 23:07:41

ComboFix2.txt 2009-03-26 00:40:53

 

Pré-execução: 16 pasta(s) 45.656.428.544 bytes disponíveis

Pós execução: 15 pasta(s) 45,607,415,808 bytes disponíveis

 

220 --- E O F --- 2009-03-21 13:33:36

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:40:17, on 29/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\antoniol399@hotmail.com\Sharing Folders\Installer\WINXP\WBG901.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Arquivos de programas\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {EABF23B1-16D4-4FCB-8872-0AA0D510C651} - http://www.terra.com.br/ads/campanhas/vxp/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{156086F0-6C6A-4D0A-8E6B-A8013B76EB5B}: NameServer = 192.168.0.1

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 9582 bytes

[Armando Leitão 0]

Scan

----

Scanned: 365665

Detected: 0

Untreated: 0

Start time: 28/03/2009 20:25:24

Duration: 04:02:47

Finish time: 29/03/2009 0:28:11

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

28/03/2009 20:25:34 Running module: smss.exe\smss.exe ok scanned

28/03/2009 20:25:35 File: C:\WINDOWS\System32\smss.exe ok scanned

28/03/2009 20:25:35 Running module: smss.exe\ntdll.dll ok scanned

28/03/2009 20:25:35 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:25:35 Running module: csrss.exe\csrss.exe ok scanned

28/03/2009 20:25:35 File: C:\WINDOWS\system32\csrss.exe ok scanned

28/03/2009 20:25:35 Running module: csrss.exe\ntdll.dll ok scanned

28/03/2009 20:25:35 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:25:35 Running module: csrss.exe\CSRSRV.dll ok scanned

28/03/2009 20:25:35 File: C:\WINDOWS\system32\CSRSRV.dll ok scanned

28/03/2009 20:25:35 Running module: csrss.exe\basesrv.dll ok scanned

28/03/2009 20:25:35 File: C:\WINDOWS\system32\basesrv.dll ok scanned

28/03/2009 20:25:35 Running module: csrss.exe\winsrv.dll ok scanned

28/03/2009 20:25:36 File: C:\WINDOWS\system32\winsrv.dll ok scanned

28/03/2009 20:25:36 Running module: csrss.exe\GDI32.dll ok scanned

28/03/2009 20:25:36 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:25:36 Running module: csrss.exe\KERNEL32.dll ok scanned

28/03/2009 20:25:36 File: C:\WINDOWS\system32\KERNEL32.dll ok scanned

28/03/2009 20:25:36 Running module: csrss.exe\USER32.dll ok scanned

28/03/2009 20:25:37 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:25:37 Running module: csrss.exe\sxs.dll ok scanned

28/03/2009 20:25:38 File: C:\WINDOWS\system32\sxs.dll ok scanned

28/03/2009 20:25:38 Running module: csrss.exe\ADVAPI32.dll ok scanned

28/03/2009 20:25:38 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:25:38 Running module: csrss.exe\RPCRT4.dll ok scanned

28/03/2009 20:25:39 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:25:39 Running module: csrss.exe\Secur32.dll ok scanned

28/03/2009 20:25:39 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:25:39 Running module: csrss.exe\Apphelp.dll ok scanned

28/03/2009 20:25:39 File: C:\WINDOWS\system32\Apphelp.dll ok scanned

28/03/2009 20:25:39 Running module: csrss.exe\VERSION.dll ok scanned

28/03/2009 20:25:39 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:25:39 Running module: winlogon.exe\winlogon.exe ok scanned

28/03/2009 20:25:42 File: C:\WINDOWS\system32\winlogon.exe ok scanned

28/03/2009 20:25:42 Running module: winlogon.exe\ntdll.dll ok scanned

28/03/2009 20:25:42 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:25:42 Running module: winlogon.exe\kernel32.dll ok scanned

28/03/2009 20:25:42 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:25:42 Running module: winlogon.exe\ADVAPI32.dll ok scanned

28/03/2009 20:25:42 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:25:42 Running module: winlogon.exe\RPCRT4.dll ok scanned

28/03/2009 20:25:42 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:25:42 Running module: winlogon.exe\Secur32.dll ok scanned

28/03/2009 20:25:42 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:25:42 Running module: winlogon.exe\AUTHZ.dll ok scanned

28/03/2009 20:25:43 File: C:\WINDOWS\system32\AUTHZ.dll ok scanned

28/03/2009 20:25:43 Running module: winlogon.exe\msvcrt.dll ok scanned

28/03/2009 20:25:43 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:25:43 Running module: winlogon.exe\CRYPT32.dll ok scanned

28/03/2009 20:25:44 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned

28/03/2009 20:25:44 Running module: winlogon.exe\MSASN1.dll ok scanned

28/03/2009 20:25:44 File: C:\WINDOWS\system32\MSASN1.dll ok scanned

28/03/2009 20:25:44 Running module: winlogon.exe\USER32.dll ok scanned

28/03/2009 20:25:44 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:25:44 Running module: winlogon.exe\GDI32.dll ok scanned

28/03/2009 20:25:44 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:25:44 Running module: winlogon.exe\NDdeApi.dll ok scanned

28/03/2009 20:25:44 File: C:\WINDOWS\system32\NDdeApi.dll ok scanned

28/03/2009 20:25:44 Running module: winlogon.exe\PROFMAP.dll ok scanned

28/03/2009 20:25:44 File: C:\WINDOWS\system32\PROFMAP.dll ok scanned

28/03/2009 20:25:44 Running module: winlogon.exe\NETAPI32.dll ok scanned

28/03/2009 20:25:45 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned

28/03/2009 20:25:45 Running module: winlogon.exe\USERENV.dll ok scanned

28/03/2009 20:25:45 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:25:45 Running module: winlogon.exe\PSAPI.DLL ok scanned

28/03/2009 20:25:45 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned

28/03/2009 20:25:45 Running module: winlogon.exe\REGAPI.dll ok scanned

28/03/2009 20:25:45 File: C:\WINDOWS\system32\REGAPI.dll ok scanned

28/03/2009 20:25:45 Running module: winlogon.exe\SETUPAPI.dll ok scanned

28/03/2009 20:25:46 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:25:46 Running module: winlogon.exe\VERSION.dll ok scanned

28/03/2009 20:25:46 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:25:46 Running module: winlogon.exe\WINSTA.dll ok scanned

28/03/2009 20:25:46 File: C:\WINDOWS\system32\WINSTA.dll ok scanned

28/03/2009 20:25:46 Running module: winlogon.exe\WINTRUST.dll ok scanned

28/03/2009 20:25:47 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned

28/03/2009 20:25:47 Running module: winlogon.exe\IMAGEHLP.dll ok scanned

28/03/2009 20:25:47 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned

28/03/2009 20:25:47 Running module: winlogon.exe\WS2_32.dll ok scanned

28/03/2009 20:25:47 File: C:\WINDOWS\system32\WS2_32.dll ok scanned

28/03/2009 20:25:47 Running module: winlogon.exe\WS2HELP.dll ok scanned

28/03/2009 20:25:47 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:25:47 Running module: winlogon.exe\IMM32.DLL ok scanned

28/03/2009 20:25:48 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:25:48 Running module: winlogon.exe\MSGINA.dll ok scanned

28/03/2009 20:25:49 File: C:\WINDOWS\system32\MSGINA.dll ok scanned

28/03/2009 20:25:49 Running module: winlogon.exe\COMCTL32.dll ok scanned

28/03/2009 20:25:50 File: C:\WINDOWS\system32\COMCTL32.dll ok scanned

28/03/2009 20:25:50 Running module: winlogon.exe\ODBC32.dll ok scanned

28/03/2009 20:25:50 File: C:\WINDOWS\system32\ODBC32.dll ok scanned

28/03/2009 20:25:50 Running module: winlogon.exe\comdlg32.dll ok scanned

28/03/2009 20:25:51 File: C:\WINDOWS\system32\comdlg32.dll ok scanned

28/03/2009 20:25:51 Running module: winlogon.exe\SHELL32.dll ok scanned

28/03/2009 20:26:02 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:26:02 Running module: winlogon.exe\SHLWAPI.dll ok scanned

28/03/2009 20:26:02 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:26:02 Running module: winlogon.exe\comctl32.dll ok scanned

28/03/2009 20:26:03 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:26:03 Running module: winlogon.exe\odbcint.dll ok scanned

28/03/2009 20:26:03 File: C:\WINDOWS\system32\odbcint.dll ok scanned

28/03/2009 20:26:03 Running module: winlogon.exe\SHSVCS.dll ok scanned

28/03/2009 20:26:04 File: C:\WINDOWS\system32\SHSVCS.dll ok scanned

28/03/2009 20:26:04 Running module: winlogon.exe\sfc.dll ok scanned

28/03/2009 20:26:04 File: C:\WINDOWS\system32\sfc.dll ok scanned

28/03/2009 20:26:04 Running module: winlogon.exe\sfc_os.dll ok scanned

28/03/2009 20:26:04 File: C:\WINDOWS\system32\sfc_os.dll ok scanned

28/03/2009 20:26:04 Running module: winlogon.exe\ole32.dll ok scanned

28/03/2009 20:26:05 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:26:05 Running module: winlogon.exe\Apphelp.dll ok scanned

28/03/2009 20:26:05 File: C:\WINDOWS\system32\Apphelp.dll ok scanned

28/03/2009 20:26:05 Running module: winlogon.exe\msctfime.ime ok scanned

28/03/2009 20:26:05 File: C:\WINDOWS\system32\msctfime.ime ok scanned

28/03/2009 20:26:05 Running module: winlogon.exe\WINMM.dll ok scanned

28/03/2009 20:26:05 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:26:05 Running module: winlogon.exe\gbieh.dll ok scanned

28/03/2009 20:26:06 File: C:\ARQUIV~1\GBPLUGIN\gbieh.dll packed file ASPack

28/03/2009 20:26:07 File: C:\ARQUIV~1\GBPLUGIN\gbieh.dll//ASPack ok scanned

28/03/2009 20:26:07 File: C:\ARQUIV~1\GBPLUGIN\gbieh.dll ok scanned

28/03/2009 20:26:07 Running module: winlogon.exe\oleaut32.dll ok scanned

28/03/2009 20:26:07 File: C:\WINDOWS\system32\oleaut32.dll ok scanned

28/03/2009 20:26:07 Running module: winlogon.exe\rsaenh.dll ok scanned

28/03/2009 20:26:07 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:26:07 Running module: winlogon.exe\cscdll.dll ok scanned

28/03/2009 20:26:07 File: C:\WINDOWS\system32\cscdll.dll ok scanned

28/03/2009 20:26:07 Running module: winlogon.exe\dimsntfy.dll ok scanned

28/03/2009 20:26:07 File: C:\WINDOWS\System32\dimsntfy.dll ok scanned

28/03/2009 20:26:07 Running module: winlogon.exe\WlNotify.dll ok scanned

28/03/2009 20:26:08 File: C:\WINDOWS\system32\WlNotify.dll ok scanned

28/03/2009 20:26:08 Running module: winlogon.exe\MPR.dll ok scanned

28/03/2009 20:26:08 File: C:\WINDOWS\system32\MPR.dll ok scanned

28/03/2009 20:26:08 Running module: winlogon.exe\WinSCard.dll ok scanned

28/03/2009 20:26:08 File: C:\WINDOWS\system32\WinSCard.dll ok scanned

28/03/2009 20:26:08 Running module: winlogon.exe\WTSAPI32.dll ok scanned

28/03/2009 20:26:08 File: C:\WINDOWS\system32\WTSAPI32.dll ok scanned

28/03/2009 20:26:08 Running module: winlogon.exe\WINSPOOL.DRV ok scanned

28/03/2009 20:26:08 File: C:\WINDOWS\system32\WINSPOOL.DRV ok scanned

28/03/2009 20:26:08 Running module: winlogon.exe\WgaLogon.dll ok scanned

28/03/2009 20:26:09 File: C:\WINDOWS\system32\WgaLogon.dll ok scanned

28/03/2009 20:26:09 Running module: winlogon.exe\NTMARTA.DLL ok scanned

28/03/2009 20:26:09 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned

28/03/2009 20:26:09 Running module: winlogon.exe\SAMLIB.dll ok scanned

28/03/2009 20:26:09 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned

28/03/2009 20:26:09 Running module: winlogon.exe\WLDAP32.dll ok scanned

28/03/2009 20:26:10 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:26:10 Running module: winlogon.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:26:10 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:26:10 Running module: winlogon.exe\COMRes.dll ok scanned

28/03/2009 20:26:11 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:26:11 Running module: winlogon.exe\msxml3.dll ok scanned

28/03/2009 20:26:12 File: C:\WINDOWS\system32\msxml3.dll ok scanned

28/03/2009 20:26:12 Running module: winlogon.exe\UxTheme.dll ok scanned

28/03/2009 20:26:12 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:26:12 Running module: winlogon.exe\MSIMG32.DLL ok scanned

28/03/2009 20:26:12 File: C:\WINDOWS\system32\MSIMG32.DLL ok scanned

28/03/2009 20:26:12 Running module: winlogon.exe\cscui.dll ok scanned

28/03/2009 20:26:13 File: C:\WINDOWS\system32\cscui.dll ok scanned

28/03/2009 20:26:13 Running module: winlogon.exe\LINKINFO.dll ok scanned

28/03/2009 20:26:13 File: C:\WINDOWS\system32\LINKINFO.dll ok scanned

28/03/2009 20:26:13 Running module: winlogon.exe\ntshrui.dll ok scanned

28/03/2009 20:26:14 File: C:\WINDOWS\system32\ntshrui.dll ok scanned

28/03/2009 20:26:14 Running module: winlogon.exe\ATL.DLL ok scanned

28/03/2009 20:26:14 File: C:\WINDOWS\system32\ATL.DLL ok scanned

28/03/2009 20:26:14 Running module: winlogon.exe\ieframe.dll ok scanned

28/03/2009 20:26:20 File: C:\WINDOWS\system32\ieframe.dll ok scanned

28/03/2009 20:26:20 Running module: winlogon.exe\iertutil.dll ok scanned

28/03/2009 20:26:21 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:26:21 Running module: winlogon.exe\xpsp2res.dll ok scanned

28/03/2009 20:26:28 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:26:28 Running module: services.exe\services.exe ok scanned

28/03/2009 20:26:29 File: C:\WINDOWS\system32\services.exe ok scanned

28/03/2009 20:26:29 Running module: services.exe\ntdll.dll ok scanned

28/03/2009 20:26:29 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:26:29 Running module: services.exe\kernel32.dll ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:26:30 Running module: services.exe\ADVAPI32.dll ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:26:30 Running module: services.exe\RPCRT4.dll ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:26:30 Running module: services.exe\Secur32.dll ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:26:30 Running module: services.exe\msvcrt.dll ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:26:30 Running module: services.exe\NCObjAPI.DLL ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\NCObjAPI.DLL ok scanned

28/03/2009 20:26:30 Running module: services.exe\MSVCP60.dll ok scanned

28/03/2009 20:26:30 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned

28/03/2009 20:26:30 Running module: services.exe\SCESRV.dll ok scanned

28/03/2009 20:26:31 File: C:\WINDOWS\system32\SCESRV.dll ok scanned

28/03/2009 20:26:31 Running module: services.exe\AUTHZ.dll ok scanned

28/03/2009 20:26:31 File: C:\WINDOWS\system32\AUTHZ.dll ok scanned

28/03/2009 20:26:31 Running module: services.exe\USER32.dll ok scanned

28/03/2009 20:26:31 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:26:31 Running module: services.exe\GDI32.dll ok scanned

28/03/2009 20:26:31 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:26:31 Running module: services.exe\USERENV.dll ok scanned

28/03/2009 20:26:31 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:26:31 Running module: services.exe\umpnpmgr.dll ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\system32\umpnpmgr.dll ok scanned

28/03/2009 20:26:32 Running module: services.exe\WINSTA.dll ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\system32\WINSTA.dll ok scanned

28/03/2009 20:26:32 Running module: services.exe\NETAPI32.dll ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned

28/03/2009 20:26:32 Running module: services.exe\ShimEng.dll ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:26:32 Running module: services.exe\AcAdProc.dll ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\AppPatch\AcAdProc.dll ok scanned

28/03/2009 20:26:32 Running module: services.exe\IMM32.DLL ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:26:32 Running module: services.exe\Apphelp.dll ok scanned

28/03/2009 20:26:32 File: C:\WINDOWS\system32\Apphelp.dll ok scanned

28/03/2009 20:26:32 Running module: services.exe\VERSION.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:26:33 Running module: services.exe\eventlog.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\eventlog.dll ok scanned

28/03/2009 20:26:33 Running module: services.exe\PSAPI.DLL ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned

28/03/2009 20:26:33 Running module: services.exe\WS2_32.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\WS2_32.dll ok scanned

28/03/2009 20:26:33 Running module: services.exe\WS2HELP.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:26:33 Running module: services.exe\wtsapi32.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\wtsapi32.dll ok scanned

28/03/2009 20:26:33 Running module: lsass.exe\lsass.exe ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\lsass.exe ok scanned

28/03/2009 20:26:33 Running module: lsass.exe\ntdll.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:26:33 Running module: lsass.exe\kernel32.dll ok scanned

28/03/2009 20:26:33 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:26:33 Running module: lsass.exe\ADVAPI32.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\RPCRT4.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\Secur32.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\LSASRV.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\LSASRV.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\MPR.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\MPR.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\USER32.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\GDI32.dll ok scanned

28/03/2009 20:26:34 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:26:34 Running module: lsass.exe\MSASN1.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\MSASN1.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\msvcrt.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\NETAPI32.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\NTDSAPI.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\NTDSAPI.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\DNSAPI.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\WS2_32.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\WS2_32.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\WS2HELP.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\WLDAP32.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\SAMLIB.dll ok scanned

28/03/2009 20:26:35 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned

28/03/2009 20:26:35 Running module: lsass.exe\SAMSRV.dll ok scanned

28/03/2009 20:26:36 File: C:\WINDOWS\system32\SAMSRV.dll ok scanned

28/03/2009 20:26:36 Running module: lsass.exe\cryptdll.dll ok scanned

28/03/2009 20:26:36 File: C:\WINDOWS\system32\cryptdll.dll ok scanned

28/03/2009 20:26:36 Running module: lsass.exe\ShimEng.dll ok scanned

28/03/2009 20:26:36 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:26:36 Running module: lsass.exe\AcGenral.DLL ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\WINMM.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\ole32.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\OLEAUT32.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\MSACM32.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\VERSION.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\SHELL32.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\SHLWAPI.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\USERENV.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\UxTheme.dll ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\IMM32.DLL ok scanned

28/03/2009 20:26:38 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:26:38 Running module: lsass.exe\comctl32.dll ok scanned

28/03/2009 20:26:39 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:26:39 Running module: lsass.exe\comctl32.dll ok scanned

28/03/2009 20:26:39 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:26:39 Running module: lsass.exe\msprivs.dll ok scanned

28/03/2009 20:26:39 File: C:\WINDOWS\system32\msprivs.dll ok scanned

28/03/2009 20:26:39 Running module: lsass.exe\kerberos.dll ok scanned

28/03/2009 20:26:39 File: C:\WINDOWS\system32\kerberos.dll ok scanned

28/03/2009 20:26:39 Running module: lsass.exe\msv1_0.dll ok scanned

28/03/2009 20:26:39 File: C:\WINDOWS\system32\msv1_0.dll ok scanned

28/03/2009 20:26:39 Running module: lsass.exe\iphlpapi.dll ok scanned

28/03/2009 20:26:40 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned

28/03/2009 20:26:40 Running module: lsass.exe\netlogon.dll ok scanned

28/03/2009 20:26:40 File: C:\WINDOWS\system32\netlogon.dll ok scanned

28/03/2009 20:26:40 Running module: lsass.exe\w32time.dll ok scanned

28/03/2009 20:26:41 File: C:\WINDOWS\system32\w32time.dll ok scanned

28/03/2009 20:26:41 Running module: lsass.exe\MSVCP60.dll ok scanned

28/03/2009 20:26:41 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned

28/03/2009 20:26:41 Running module: lsass.exe\schannel.dll ok scanned

28/03/2009 20:26:41 File: C:\WINDOWS\system32\schannel.dll ok scanned

28/03/2009 20:26:41 Running module: lsass.exe\CRYPT32.dll ok scanned

28/03/2009 20:26:41 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned

28/03/2009 20:26:41 Running module: lsass.exe\wdigest.dll ok scanned

28/03/2009 20:26:41 File: C:\WINDOWS\system32\wdigest.dll ok scanned

28/03/2009 20:26:41 Running module: lsass.exe\rsaenh.dll ok scanned

28/03/2009 20:26:42 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:26:42 Running module: lsass.exe\scecli.dll ok scanned

28/03/2009 20:26:42 File: C:\WINDOWS\system32\scecli.dll ok scanned

28/03/2009 20:26:42 Running module: lsass.exe\SETUPAPI.dll ok scanned

28/03/2009 20:26:42 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:26:42 Running module: svchost.exe\svchost.exe ok scanned

28/03/2009 20:26:42 File: C:\WINDOWS\system32\svchost.exe ok scanned

28/03/2009 20:26:42 Running module: svchost.exe\ntdll.dll ok scanned

28/03/2009 20:26:42 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:26:42 Running module: svchost.exe\kernel32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\ADVAPI32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\RPCRT4.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\Secur32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\ShimEng.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\AcGenral.DLL ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\USER32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\GDI32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\WINMM.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\ole32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\msvcrt.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\OLEAUT32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\MSACM32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\VERSION.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\SHELL32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\SHLWAPI.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\USERENV.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\UxTheme.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\IMM32.DLL ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\comctl32.dll ok scanned

28/03/2009 20:26:43 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:26:43 Running module: svchost.exe\comctl32.dll ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\NTMARTA.DLL ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\SAMLIB.dll ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\WLDAP32.dll ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\rpcss.dll ok scanned

28/03/2009 20:26:44 File: c:\windows\system32\rpcss.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\WS2_32.dll ok scanned

28/03/2009 20:26:44 File: c:\windows\system32\WS2_32.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\WS2HELP.dll ok scanned

28/03/2009 20:26:44 File: c:\windows\system32\WS2HELP.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\xpsp2res.dll ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\COMRes.dll ok scanned

28/03/2009 20:26:44 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:26:44 Running module: svchost.exe\Apphelp.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\Apphelp.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\svchost.exe ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\svchost.exe ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\ntdll.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\kernel32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\ADVAPI32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\RPCRT4.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\Secur32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\ShimEng.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\AcGenral.DLL ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\USER32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\GDI32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\WINMM.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\ole32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\msvcrt.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\OLEAUT32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\MSACM32.dll ok scanned

28/03/2009 20:26:45 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:26:45 Running module: svchost.exe\VERSION.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\SHELL32.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\SHLWAPI.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\USERENV.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\UxTheme.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\IMM32.DLL ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\comctl32.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\comctl32.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\rpcss.dll ok scanned

28/03/2009 20:26:46 File: c:\windows\system32\rpcss.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\WS2_32.dll ok scanned

28/03/2009 20:26:46 File: c:\windows\system32\WS2_32.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\WS2HELP.dll ok scanned

28/03/2009 20:26:46 File: c:\windows\system32\WS2HELP.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\xpsp2res.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\rsaenh.dll ok scanned

28/03/2009 20:26:46 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:26:46 Running module: svchost.exe\mswsock.dll ok scanned

28/03/2009 20:26:47 File: C:\WINDOWS\system32\mswsock.dll ok scanned

28/03/2009 20:26:47 Running module: svchost.exe\hnetcfg.dll ok scanned

28/03/2009 20:26:47 File: C:\WINDOWS\system32\hnetcfg.dll ok scanned

28/03/2009 20:26:47 Running module: svchost.exe\wshtcpip.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\System32\wshtcpip.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\DNSAPI.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\iphlpapi.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\winrnr.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\System32\winrnr.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\WLDAP32.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\wshbth.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\wshbth.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\SETUPAPI.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\rasadhlp.dll ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\rasadhlp.dll ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:26:48 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:26:48 Running module: svchost.exe\COMRes.dll ok scanned

28/03/2009 20:26:49 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:26:49 Running module: svchost.exe\msi.dll ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\msi.dll ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\svchost.exe ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\svchost.exe ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\ntdll.dll ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\kernel32.dll ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\ADVAPI32.dll ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\RPCRT4.dll ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\Secur32.dll ok scanned

28/03/2009 20:26:54 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:26:54 Running module: svchost.exe\ShimEng.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\AcGenral.DLL ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\USER32.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\GDI32.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\WINMM.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\ole32.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\msvcrt.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\OLEAUT32.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\MSACM32.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\VERSION.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\SHELL32.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\SHLWAPI.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\USERENV.dll ok scanned

28/03/2009 20:26:55 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:26:55 Running module: svchost.exe\UxTheme.dll ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\IMM32.DLL ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\comctl32.dll ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\comctl32.dll ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\NTMARTA.DLL ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\SAMLIB.dll ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\WLDAP32.dll ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\xpsp2res.dll ok scanned

28/03/2009 20:26:56 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\cryptsvc.dll ok scanned

28/03/2009 20:26:56 File: c:\windows\system32\cryptsvc.dll ok scanned

28/03/2009 20:26:56 Running module: svchost.exe\certcli.dll ok scanned

28/03/2009 20:26:57 File: c:\windows\system32\certcli.dll ok scanned

28/03/2009 20:26:57 Running module: svchost.exe\ATL.DLL ok scanned

28/03/2009 20:26:57 File: c:\windows\system32\ATL.DLL ok scanned

28/03/2009 20:26:57 Running module: svchost.exe\CRYPT32.dll ok scanned

28/03/2009 20:26:57 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned

28/03/2009 20:26:57 Running module: svchost.exe\MSASN1.dll ok scanned

28/03/2009 20:26:57 File: C:\WINDOWS\system32\MSASN1.dll ok scanned

28/03/2009 20:26:57 Running module: svchost.exe\CRYPTUI.dll ok scanned

28/03/2009 20:26:58 File: C:\WINDOWS\system32\CRYPTUI.dll ok scanned

28/03/2009 20:26:58 Running module: svchost.exe\NETAPI32.dll ok scanned

28/03/2009 20:26:58 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned

28/03/2009 20:26:58 Running module: svchost.exe\WININET.dll ok scanned

28/03/2009 20:26:59 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch

28/03/2009 20:27:01 File: C:\WINDOWS\system32\WININET.dll//PE_Patch ok scanned

28/03/2009 20:27:01 File: C:\WINDOWS\system32\WININET.dll ok scanned

28/03/2009 20:27:01 Running module: svchost.exe\Normaliz.dll ok scanned

28/03/2009 20:27:02 File: C:\WINDOWS\system32\Normaliz.dll ok scanned

28/03/2009 20:27:02 Running module: svchost.exe\iertutil.dll ok scanned

28/03/2009 20:27:02 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:27:02 Running module: svchost.exe\WINTRUST.dll ok scanned

28/03/2009 20:27:02 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned

28/03/2009 20:27:02 Running module: svchost.exe\IMAGEHLP.dll ok scanned

28/03/2009 20:27:02 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned

28/03/2009 20:27:02 Running module: svchost.exe\ESENT.dll ok scanned

28/03/2009 20:27:02 File: c:\windows\system32\ESENT.dll ok scanned

28/03/2009 20:27:02 Running module: svchost.exe\wmisvc.dll ok scanned

28/03/2009 20:27:02 File: c:\windows\system32\wbem\wmisvc.dll ok scanned

28/03/2009 20:27:02 Running module: svchost.exe\VSSAPI.DLL ok scanned

28/03/2009 20:27:03 File: C:\WINDOWS\system32\VSSAPI.DLL ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\srsvc.dll ok scanned

28/03/2009 20:27:03 File: c:\windows\system32\srsvc.dll ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\POWRPROF.dll ok scanned

28/03/2009 20:27:03 File: c:\windows\system32\POWRPROF.dll ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\pchsvc.dll ok scanned

28/03/2009 20:27:03 File: c:\windows\pchealth\helpctr\binaries\pchsvc.dll ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\WINSTA.dll ok scanned

28/03/2009 20:27:03 File: C:\WINDOWS\system32\WINSTA.dll ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:27:03 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\COMRes.dll ok scanned

28/03/2009 20:27:03 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\dmserver.dll ok scanned

28/03/2009 20:27:03 File: c:\windows\system32\dmserver.dll ok scanned

28/03/2009 20:27:03 Running module: svchost.exe\SETUPAPI.dll ok scanned

28/03/2009 20:27:04 File: c:\windows\system32\SETUPAPI.dll ok scanned

28/03/2009 20:27:04 Running module: svchost.exe\wbemcore.dll ok scanned

28/03/2009 20:27:04 File: C:\WINDOWS\System32\Wbem\wbemcore.dll ok scanned

28/03/2009 20:27:04 Running module: svchost.exe\MSVCP60.dll ok scanned

28/03/2009 20:27:04 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned

28/03/2009 20:27:04 Running module: svchost.exe\esscli.dll ok scanned

28/03/2009 20:27:05 File: C:\WINDOWS\System32\Wbem\esscli.dll ok scanned

28/03/2009 20:27:05 Running module: svchost.exe\wbemcomn.dll ok scanned

28/03/2009 20:27:05 File: C:\WINDOWS\System32\Wbem\wbemcomn.dll ok scanned

28/03/2009 20:27:05 Running module: svchost.exe\FastProx.dll ok scanned

28/03/2009 20:27:06 File: C:\WINDOWS\System32\Wbem\FastProx.dll ok scanned

28/03/2009 20:27:06 Running module: svchost.exe\NTDSAPI.dll ok scanned

28/03/2009 20:27:06 File: C:\WINDOWS\system32\NTDSAPI.dll ok scanned

28/03/2009 20:27:06 Running module: svchost.exe\DNSAPI.dll ok scanned

28/03/2009 20:27:06 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned

28/03/2009 20:27:06 Running module: svchost.exe\WS2_32.dll ok scanned

28/03/2009 20:27:06 File: C:\WINDOWS\system32\WS2_32.dll ok scanned

28/03/2009 20:27:06 Running module: svchost.exe\WS2HELP.dll ok scanned

28/03/2009 20:27:06 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:27:06 Running module: svchost.exe\wmiutils.dll ok scanned

28/03/2009 20:27:07 File: C:\WINDOWS\system32\wbem\wmiutils.dll ok scanned

28/03/2009 20:27:07 Running module: svchost.exe\repdrvfs.dll ok scanned

28/03/2009 20:27:07 File: C:\WINDOWS\system32\wbem\repdrvfs.dll ok scanned

28/03/2009 20:27:07 Running module: svchost.exe\wmiprvsd.dll ok scanned

28/03/2009 20:27:07 File: C:\WINDOWS\system32\wbem\wmiprvsd.dll ok scanned

28/03/2009 20:27:07 Running module: svchost.exe\NCObjAPI.DLL ok scanned

28/03/2009 20:27:08 File: C:\WINDOWS\system32\NCObjAPI.DLL ok scanned

28/03/2009 20:27:08 Running module: svchost.exe\wbemess.dll ok scanned

28/03/2009 20:27:08 File: C:\WINDOWS\system32\wbem\wbemess.dll ok scanned

28/03/2009 20:27:08 Running module: svchost.exe\rsaenh.dll ok scanned

28/03/2009 20:27:08 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:27:08 Running module: svchost.exe\ncprov.dll ok scanned

28/03/2009 20:27:08 File: C:\WINDOWS\system32\wbem\ncprov.dll ok scanned

28/03/2009 20:27:08 Running module: WgaTray.exe\WgaTray.exe ok scanned

28/03/2009 20:27:12 File: C:\WINDOWS\system32\WgaTray.exe ok scanned

28/03/2009 20:27:12 Running module: WgaTray.exe\ntdll.dll ok scanned

28/03/2009 20:27:12 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:12 Running module: WgaTray.exe\kernel32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\Secur32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\GDI32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\USER32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\SHELL32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\msvcrt.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\ole32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\CRYPT32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\MSASN1.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\MSASN1.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\VERSION.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\COMCTL32.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ok scanned

28/03/2009 20:27:13 Running module: WgaTray.exe\WININET.dll ok scanned

28/03/2009 20:27:13 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch

28/03/2009 20:27:13 File: C:\WINDOWS\system32\WININET.dll//PE_Patch ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\WININET.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\Normaliz.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\Normaliz.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\iertutil.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\SETUPAPI.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\IMM32.DLL ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\NTMARTA.DLL ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\NTMARTA.DLL ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\SAMLIB.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\WLDAP32.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\COMRes.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\msxml3.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\msxml3.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\ws2_32.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\ws2_32.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\WS2HELP.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\rsaenh.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\xpsp2res.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\userenv.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\userenv.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\netapi32.dll ok scanned

28/03/2009 20:27:14 File: C:\WINDOWS\system32\netapi32.dll ok scanned

28/03/2009 20:27:14 Running module: WgaTray.exe\cryptnet.dll ok scanned

28/03/2009 20:27:15 File: C:\WINDOWS\system32\cryptnet.dll ok scanned

28/03/2009 20:27:15 Running module: WgaTray.exe\PSAPI.DLL ok scanned

28/03/2009 20:27:15 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned

28/03/2009 20:27:15 Running module: WgaTray.exe\SensApi.dll ok scanned

28/03/2009 20:27:15 File: C:\WINDOWS\system32\SensApi.dll ok scanned

28/03/2009 20:27:15 Running module: WgaTray.exe\WINHTTP.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\WINHTTP.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\SXS.DLL ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\SXS.DLL ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\wbemprox.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\wbem\wbemprox.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\wbemcomn.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\wbem\wbemcomn.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\wbemsvc.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\wbem\wbemsvc.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\fastprox.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\wbem\fastprox.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\MSVCP60.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\NTDSAPI.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\NTDSAPI.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\DNSAPI.dll ok scanned

28/03/2009 20:27:16 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned

28/03/2009 20:27:16 Running module: WgaTray.exe\msxml6.dll ok scanned

28/03/2009 20:27:17 File: C:\WINDOWS\system32\msxml6.dll ok scanned

28/03/2009 20:27:17 Running module: WgaTray.exe\msctfime.ime ok scanned

28/03/2009 20:27:17 File: C:\WINDOWS\system32\msctfime.ime ok scanned

28/03/2009 20:27:17 Running module: WgaTray.exe\UxTheme.dll ok scanned

28/03/2009 20:27:17 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:27:17 Running module: WgaTray.exe\MSIMG32.DLL ok scanned

28/03/2009 20:27:17 File: C:\WINDOWS\system32\MSIMG32.DLL ok scanned

28/03/2009 20:27:17 Running module: WgaTray.exe\MSCTF.dll ok scanned

28/03/2009 20:27:17 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:17 Running module: explorer.exe\Explorer.EXE ok scanned

28/03/2009 20:27:22 File: C:\WINDOWS\Explorer.EXE ok scanned

28/03/2009 20:27:22 Running module: explorer.exe\ntdll.dll ok scanned

28/03/2009 20:27:22 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:22 Running module: explorer.exe\kernel32.dll ok scanned

28/03/2009 20:27:22 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:22 Running module: explorer.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:22 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:22 Running module: explorer.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:22 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:22 Running module: explorer.exe\Secur32.dll ok scanned

28/03/2009 20:27:22 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:22 Running module: explorer.exe\BROWSEUI.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\BROWSEUI.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\GDI32.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\USER32.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\msvcrt.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\ole32.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:23 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:23 Running module: explorer.exe\SHDOCVW.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\SHDOCVW.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\CRYPT32.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\MSASN1.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\MSASN1.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\CRYPTUI.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\CRYPTUI.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\NETAPI32.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\VERSION.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\WININET.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\WININET.dll packed file PE_Patch

28/03/2009 20:27:25 File: C:\WINDOWS\system32\WININET.dll//PE_Patch ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\WININET.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\Normaliz.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\Normaliz.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\iertutil.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\WINTRUST.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\IMAGEHLP.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\WLDAP32.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\SHELL32.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\UxTheme.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\ShimEng.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\AcGenral.DLL ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\WINMM.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\MSACM32.dll ok scanned

28/03/2009 20:27:25 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:27:25 Running module: explorer.exe\USERENV.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\IMM32.DLL ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\comctl32.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\comctl32.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\msctfime.ime ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\msctfime.ime ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\appHelp.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\appHelp.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\COMRes.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\cscui.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\System32\cscui.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\CSCDLL.dll ok scanned

28/03/2009 20:27:26 File: C:\WINDOWS\System32\CSCDLL.dll ok scanned

28/03/2009 20:27:26 Running module: explorer.exe\themeui.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\themeui.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\MSIMG32.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\MSIMG32.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\xpsp2res.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\msutb.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\msutb.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\MSCTF.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\LINKINFO.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\LINKINFO.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\ntshrui.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\ntshrui.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\ATL.DLL ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\ATL.DLL ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\SAMLIB.dll ok scanned

28/03/2009 20:27:27 File: C:\WINDOWS\system32\SAMLIB.dll ok scanned

28/03/2009 20:27:27 Running module: explorer.exe\SETUPAPI.dll ok scanned

28/03/2009 20:27:28 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:27:28 Running module: explorer.exe\msi.dll ok scanned

28/03/2009 20:27:28 File: C:\WINDOWS\system32\msi.dll ok scanned

28/03/2009 20:27:28 Running module: explorer.exe\WINSTA.dll ok scanned

28/03/2009 20:27:28 File: C:\WINDOWS\system32\WINSTA.dll ok scanned

28/03/2009 20:27:28 Running module: explorer.exe\ieframe.dll ok scanned

28/03/2009 20:27:28 File: C:\WINDOWS\system32\ieframe.dll ok scanned

28/03/2009 20:27:28 Running module: explorer.exe\PSAPI.DLL ok scanned

28/03/2009 20:27:28 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned

28/03/2009 20:27:28 Running module: explorer.exe\NETSHELL.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\NETSHELL.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\credui.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\credui.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\dot3api.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\dot3api.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\rtutils.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\rtutils.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\dot3dlg.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\dot3dlg.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\OneX.DLL ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\OneX.DLL ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\WTSAPI32.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\WTSAPI32.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\eappcfg.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\eappcfg.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\MSVCP60.dll ok scanned

28/03/2009 20:27:30 File: C:\WINDOWS\system32\MSVCP60.dll ok scanned

28/03/2009 20:27:30 Running module: explorer.exe\eappprxy.dll ok scanned

28/03/2009 20:27:31 File: C:\WINDOWS\system32\eappprxy.dll ok scanned

28/03/2009 20:27:31 Running module: explorer.exe\iphlpapi.dll ok scanned

28/03/2009 20:27:31 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned

28/03/2009 20:27:31 Running module: explorer.exe\WS2_32.dll ok scanned

28/03/2009 20:27:31 File: C:\WINDOWS\system32\WS2_32.dll ok scanned

28/03/2009 20:27:31 Running module: explorer.exe\WS2HELP.dll ok scanned

28/03/2009 20:27:31 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:27:31 Running module: explorer.exe\urlmon.dll ok scanned

28/03/2009 20:27:31 File: C:\WINDOWS\system32\urlmon.dll ok scanned

28/03/2009 20:27:31 Running module: explorer.exe\MLANG.dll ok scanned

28/03/2009 20:27:32 File: C:\WINDOWS\system32\MLANG.dll ok scanned

28/03/2009 20:27:32 Running module: explorer.exe\PDFShell.dll ok scanned

28/03/2009 20:27:33 File: C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll ok scanned

28/03/2009 20:27:33 Running module: explorer.exe\MSVCR80.dll ok scanned

28/03/2009 20:27:34 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll ok scanned

28/03/2009 20:27:34 Running module: explorer.exe\PDFShell.ESP ok scanned

28/03/2009 20:27:35 File: C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.ESP ok scanned

28/03/2009 20:27:35 Running module: explorer.exe\gbieh.dll ok scanned

28/03/2009 20:27:35 File: C:\ARQUIV~1\GBPLUGIN\gbieh.dll packed file ASPack

28/03/2009 20:27:35 File: C:\ARQUIV~1\GBPLUGIN\gbieh.dll//ASPack ok scanned

28/03/2009 20:27:35 File: C:\ARQUIV~1\GBPLUGIN\gbieh.dll ok scanned

28/03/2009 20:27:35 Running module: explorer.exe\MPR.dll ok scanned

28/03/2009 20:27:35 File: C:\WINDOWS\system32\MPR.dll ok scanned

28/03/2009 20:27:35 Running module: explorer.exe\drprov.dll ok scanned

28/03/2009 20:27:35 File: C:\WINDOWS\System32\drprov.dll ok scanned

28/03/2009 20:27:35 Running module: explorer.exe\davclnt.dll ok scanned

28/03/2009 20:27:35 File: C:\WINDOWS\System32\davclnt.dll ok scanned

28/03/2009 20:27:35 Running module: explorer.exe\rsaenh.dll ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:27:36 Running module: explorer.exe\cryptnet.dll ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\cryptnet.dll ok scanned

28/03/2009 20:27:36 Running module: explorer.exe\SensApi.dll ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\SensApi.dll ok scanned

28/03/2009 20:27:36 Running module: explorer.exe\WINHTTP.dll ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\WINHTTP.dll ok scanned

28/03/2009 20:27:36 Running module: explorer.exe\browselc.dll ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\browselc.dll archive EmbeddedHTML

28/03/2009 20:27:36 File: C:\WINDOWS\system32\browselc.dll//data0001.html ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\browselc.dll//data0002.html ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\browselc.dll//data0003.html ok scanned

28/03/2009 20:27:36 File: C:\WINDOWS\system32\browselc.dll ok scanned

28/03/2009 20:27:36 Running module: explorer.exe\shlext.dll ok scanned

28/03/2009 20:27:36 File: C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\shlext.dll ok scanned

28/03/2009 20:27:36 Running module: explorer.exe\MFC71U.DLL ok scanned

28/03/2009 20:27:37 File: C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL ok scanned

28/03/2009 20:27:37 Running module: explorer.exe\MSVCR71.dll ok scanned

28/03/2009 20:27:37 File: C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll ok scanned

28/03/2009 20:27:37 Running module: explorer.exe\ashShell.dll ok scanned

28/03/2009 20:27:37 File: C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll ok scanned

28/03/2009 20:27:37 Running module: explorer.exe\rarext.dll ok scanned

28/03/2009 20:27:37 File: C:\Arquivos de programas\WinRAR\rarext.dll ok scanned

28/03/2009 20:27:37 Running module: explorer.exe\mydocs.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\mydocs.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\ctfmon.exe ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\ctfmon.exe ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\ntdll.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\kernel32.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\msvcrt.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\Secur32.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:38 Running module: ctfmon.exe\USER32.dll ok scanned

28/03/2009 20:27:38 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\GDI32.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\MSCTF.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\MSUTB.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\MSUTB.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\ShimEng.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\AcGenral.DLL ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\WINMM.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\ole32.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\MSACM32.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\VERSION.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\SHELL32.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:39 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:39 Running module: ctfmon.exe\USERENV.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:27:40 Running module: ctfmon.exe\UxTheme.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:27:40 Running module: ctfmon.exe\IMM32.DLL ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:40 Running module: ctfmon.exe\comctl32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:27:40 Running module: ctfmon.exe\msctfime.ime ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\msctfime.ime ok scanned

28/03/2009 20:27:40 Running module: minst.exe\minst.exe ok scanned

28/03/2009 20:27:40 File: C:\Documents and Settings\Administrador\Desktop\Virus Removal Tool\is-5QTAA\minst.exe ok scanned

28/03/2009 20:27:40 Running module: minst.exe\ntdll.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\kernel32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\SHELL32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\Secur32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\GDI32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\USER32.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\msvcrt.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:40 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:40 Running module: minst.exe\MSVCP80.dll ok scanned

28/03/2009 20:27:41 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCP80.dll ok scanned

28/03/2009 20:27:41 Running module: minst.exe\MSVCR80.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\IMM32.DLL ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:42 Running module: minst.exe\comctl32.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\comctl32.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\ole32.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\MSCTF.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\netapi32.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\netapi32.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\appHelp.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\appHelp.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:27:42 Running module: minst.exe\COMRes.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\VERSION.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\iertutil.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\LINKINFO.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\LINKINFO.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\ntshrui.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\ntshrui.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\ATL.DLL ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\ATL.DLL ok scanned

28/03/2009 20:27:42 Running module: minst.exe\USERENV.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\SETUPAPI.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:27:42 Running module: minst.exe\urlmon.dll ok scanned

28/03/2009 20:27:42 File: C:\WINDOWS\system32\urlmon.dll ok scanned

28/03/2009 20:27:42 Running module: rundll32.exe\rundll32.exe ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\rundll32.exe ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\ntdll.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\kernel32.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\msvcrt.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\GDI32.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\USER32.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\IMAGEHLP.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\ShimEng.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\AcGenral.DLL ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:43 Running module: rundll32.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:43 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\Secur32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\WINMM.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\ole32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\MSACM32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\VERSION.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\SHELL32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\USERENV.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\UxTheme.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\IMM32.DLL ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\comctl32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\comctl32.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\setupapi.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\setupapi.dll ok scanned

28/03/2009 20:27:44 Running module: rundll32.exe\MSCTF.dll ok scanned

28/03/2009 20:27:44 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\msctfime.ime ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\msctfime.ime ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\Cabinet.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\Cabinet.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\rsaenh.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\rsaenh.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\WINTRUST.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\WINTRUST.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\CRYPT32.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\CRYPT32.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\MSASN1.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\MSASN1.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\xpsp2res.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\xpsp2res.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\netapi32.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\netapi32.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\cryptnet.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\cryptnet.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\PSAPI.DLL ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\SensApi.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\SensApi.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\WINHTTP.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\WINHTTP.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\WLDAP32.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\WLDAP32.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\ws2_32.dll ok scanned

28/03/2009 20:27:45 File: C:\WINDOWS\system32\ws2_32.dll ok scanned

28/03/2009 20:27:45 Running module: rundll32.exe\WS2HELP.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\WS2HELP.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\mswsock.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\mswsock.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\hnetcfg.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\hnetcfg.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\wshtcpip.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\System32\wshtcpip.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\RASAPI32.DLL ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\RASAPI32.DLL ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\rasman.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\rasman.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\TAPI32.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\TAPI32.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\rtutils.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\rtutils.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\DNSAPI.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\DNSAPI.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\iphlpapi.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\iphlpapi.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\winrnr.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\System32\winrnr.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\wshbth.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\wshbth.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\rasadhlp.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\rasadhlp.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\DHCPCSVC.DLL ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\DHCPCSVC.DLL ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\appHelp.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\appHelp.dll ok scanned

28/03/2009 20:27:46 Running module: rundll32.exe\sfc_os.dll ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\sfc_os.dll ok scanned

28/03/2009 20:27:46 Running module: runonce.exe\runonce.exe ok scanned

28/03/2009 20:27:46 File: C:\WINDOWS\system32\runonce.exe ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\ntdll.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\kernel32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\msvcrt.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\Secur32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\GDI32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\USER32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\COMCTL32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\COMCTL32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\SHELL32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\ShimEng.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\AcGenral.DLL ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\WINMM.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\ole32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\MSACM32.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:27:47 Running module: runonce.exe\VERSION.dll ok scanned

28/03/2009 20:27:47 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\USERENV.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\UxTheme.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\IMM32.DLL ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\comctl32.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\MSCTF.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\netapi32.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\netapi32.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\SETUPAPI.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\appHelp.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\appHelp.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\CLBCATQ.DLL ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\COMRes.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\LINKINFO.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\LINKINFO.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\ntshrui.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\ntshrui.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\ATL.DLL ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\ATL.DLL ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\urlmon.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\urlmon.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\iertutil.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\ieframe.dll ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\ieframe.dll ok scanned

28/03/2009 20:27:48 Running module: runonce.exe\PSAPI.DLL ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\PSAPI.DLL ok scanned

28/03/2009 20:27:48 Running module: rundll32.exe\RunDll32.exe ok scanned

28/03/2009 20:27:48 File: C:\WINDOWS\system32\RunDll32.exe ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\ntdll.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\ntdll.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\kernel32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\kernel32.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\msvcrt.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\msvcrt.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\GDI32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\GDI32.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\USER32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\USER32.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\IMAGEHLP.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\IMAGEHLP.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\ShimEng.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\ShimEng.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\AcGenral.DLL ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\AppPatch\AcGenral.DLL ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\ADVAPI32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\ADVAPI32.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\RPCRT4.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\RPCRT4.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\Secur32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\Secur32.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\WINMM.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\WINMM.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\ole32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\ole32.dll ok scanned

28/03/2009 20:27:49 Running module: rundll32.exe\OLEAUT32.dll ok scanned

28/03/2009 20:27:49 File: C:\WINDOWS\system32\OLEAUT32.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\MSACM32.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\MSACM32.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\VERSION.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\VERSION.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\SHELL32.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\SHELL32.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\SHLWAPI.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\SHLWAPI.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\USERENV.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\USERENV.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\UxTheme.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\UxTheme.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\IMM32.DLL ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\IMM32.DLL ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\comctl32.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\comctl32.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\comctl32.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\MSCTF.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\MSCTF.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\CLBCATQ.DLL ok scanned

[Armando Leitão 0]

28/03/2009 20:27:50 File: C:\WINDOWS\system32\CLBCATQ.DLL ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\COMRes.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\COMRes.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\LINKINFO.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\LINKINFO.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\ntshrui.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\ntshrui.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\ATL.DLL ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\ATL.DLL ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\NETAPI32.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\NETAPI32.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\msctfime.ime ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\msctfime.ime ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\SETUPAPI.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\SETUPAPI.dll ok scanned

28/03/2009 20:27:50 Running module: rundll32.exe\psapi.dll ok scanned

28/03/2009 20:27:50 File: C:\WINDOWS\system32\psapi.dll ok scanned

28/03/2009 20:27:51 Running module: rundll32.exe\appHelp.dll ok scanned

28/03/2009 20:27:51 File: C:\WINDOWS\system32\appHelp.dll ok scanned

28/03/2009 20:27:51 Running module: rundll32.exe\ieframe.dll ok scanned

28/03/2009 20:27:51 File: C:\WINDOWS\system32\ieframe.dll ok scanned

28/03/2009 20:27:51 Running module: rundll32.exe\iertutil.dll ok scanned

28/03/2009 20:27:51 File: C:\WINDOWS\system32\iertutil.dll ok scanned

28/03/2009 20:27:51 File: c:\windows\system32\mmdrv.dll ok scanned

28/03/2009 20:27:51 File: c:\windows\system\timer.drv ok scanned

28/03/2009 20:27:52 File: c:\windows\system32\mshta.exe ok scanned

28/03/2009 20:27:52 File: c:\windows\system32\notepad.exe ok scanned

28/03/2009 20:27:52 File: c:\windows\regedit.exe ok scanned

28/03/2009 20:27:52 File: c:\windows\system32\accwiz.exe ok scanned

28/03/2009 20:27:53 File: c:\arquivos de programas\windows media player\wmplayer.exe ok scanned

28/03/2009 20:27:53 File: c:\arquivos de programas\alwil software\avast4\ashsimpl.exe ok scanned

28/03/2009 20:27:53 File: c:\windows\system32\rundll32.exe ok scanned

28/03/2009 20:27:53 File: c:\windows\system32\cryptext.dll ok scanned

28/03/2009 20:27:53 File: C:\WINDOWS\system32\rundll32.exe ok scanned

28/03/2009 20:27:53 File: C:\WINDOWS\system32\cryptext.dll ok scanned

28/03/2009 20:27:54 File: c:\arquivos de programas\outlook express\wab.exe ok scanned

28/03/2009 20:27:54 File: c:\windows\hh.exe ok scanned

28/03/2009 20:27:54 File: c:\windows\system32\clipbrd.exe ok scanned

28/03/2009 20:28:02 File: c:\arquiv~1\micros~1\office11\excel.exe ok scanned

28/03/2009 20:28:02 File: c:\windows\system32\netshell.dll ok scanned

28/03/2009 20:28:02 File: c:\windows\system32\shimgvw.dll ok scanned

28/03/2009 20:28:02 File: c:\arquivos de programas\microsoft office\office11\excel.exe ok scanned

28/03/2009 20:28:02 File: c:\windows\explorer.exe ok scanned

28/03/2009 20:28:03 File: c:\windows\system32\fontview.exe ok scanned

28/03/2009 20:28:10 File: c:\arquivos de programas\google\google earth\googleearth.exe ok scanned

28/03/2009 20:28:10 File: c:\windows\system32\msconf.dll ok scanned

28/03/2009 20:28:11 File: c:\windows\winhlp32.exe ok scanned

28/03/2009 20:28:11 File: c:\windows\system32\winhlp32.exe ok scanned

28/03/2009 20:28:11 File: c:\arquivos de programas\windows nt\hypertrm.exe ok scanned

28/03/2009 20:28:12 File: c:\arquivos de programas\internet explorer\iexplore.exe ok scanned

28/03/2009 20:28:12 File: C:\WINDOWS\system32\msconf.dll ok scanned

28/03/2009 20:28:12 File: c:\windows\system32\wmpdxm.dll ok scanned

28/03/2009 20:28:12 File: c:\arquivos de programas\java\jre6\bin\javaw.exe ok scanned

28/03/2009 20:28:13 File: c:\arquivos de programas\java\jre6\bin\javaws.exe ok scanned

28/03/2009 20:28:13 File: c:\windows\system32\wscript.exe ok scanned

28/03/2009 20:28:15 File: c:\arquivos de programas\lingoes\translator2\lingoes.exe ok scanned

28/03/2009 20:28:21 File: c:\arquivos de programas\k-lite codec pack\media player classic\mplayerc.exe ok scanned

28/03/2009 20:28:21 File: c:\arquivos de programas\microsoft office\office11\mstore.exe ok scanned

28/03/2009 20:28:26 File: c:\arquivos de programas\megacubo\megacubo.exe ok scanned

28/03/2009 20:28:28 File: c:\windows\system32\ntbackup.exe ok scanned

28/03/2009 20:28:29 File: c:\windows\system32\mmc.exe ok scanned

28/03/2009 20:28:29 File: c:\windows\system32\shell32.dll ok scanned

28/03/2009 20:28:30 File: c:\windows\system32\desk.cpl ok scanned

28/03/2009 20:28:30 File: c:\windows\system32\rasphone.exe ok scanned

28/03/2009 20:28:30 File: c:\windows\system32\perfmon.exe ok scanned

28/03/2009 20:28:36 File: c:\arquivos de programas\microsoft office\office11\powerpnt.exe ok scanned

28/03/2009 20:28:36 File: c:\windows\system32\msrating.dll ok scanned

28/03/2009 20:28:36 File: C:\WINDOWS\system32\msrating.dll ok scanned

28/03/2009 20:28:36 File: C:\WINDOWS\regedit.exe ok scanned

28/03/2009 20:28:36 File: c:\arquivos de programas\windows nt\acessórios\wordpad.exe ok scanned

28/03/2009 20:28:36 File: c:\windows\notepad.exe ok scanned

28/03/2009 20:28:37 File: c:\windows\system32\wpnpinst.exe ok scanned

28/03/2009 20:28:45 File: c:\arquivos de programas\microsoft office\office11\winword.exe ok scanned

28/03/2009 20:28:46 File: c:\arquivos de programas\arquivos comuns\microsoft shared\office11\msoxmled.exe ok scanned

28/03/2009 20:28:46 File: c:\windows\system32\drwtsn32.exe ok scanned

28/03/2009 20:28:46 File: C:\WINDOWS\explorer.exe ok scanned

28/03/2009 20:28:46 File: c:\windows\system32\userinit.exe ok scanned

28/03/2009 20:28:46 File: c:\arquiv~1\gbplugin\gbieh.dll packed file ASPack

28/03/2009 20:28:46 File: c:\arquiv~1\gbplugin\gbieh.dll//ASPack ok scanned

28/03/2009 20:28:46 File: c:\arquiv~1\gbplugin\gbieh.dll ok scanned

28/03/2009 20:28:46 File: c:\windows\system32\crypt32.dll ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\cryptnet.dll ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\cscdll.dll ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\dimsntfy.dll ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\wlnotify.dll ok scanned

28/03/2009 20:28:47 File: C:\WINDOWS\system32\wlnotify.dll ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\sclgntfy.dll ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\wgalogon.dll ok scanned

28/03/2009 20:28:47 File: c:\arquivos de programas\gbplugin\gbieh.dll packed file ASPack

28/03/2009 20:28:47 File: c:\arquivos de programas\gbplugin\gbieh.dll//ASPack ok scanned

28/03/2009 20:28:47 File: c:\arquivos de programas\gbplugin\gbieh.dll ok scanned

28/03/2009 20:28:47 File: c:\arquiv~1\alwils~1\avast4\ashdisp.exe ok scanned

28/03/2009 20:28:47 File: c:\windows\system32\ctfmon.exe ok scanned

28/03/2009 20:28:48 File: c:\windows\system32\cmd.exe ok scanned

28/03/2009 20:28:48 File: c:\windows\system32\syssetup.dll ok scanned

28/03/2009 20:28:48 File: c:\windows\system32\tscupgrd.exe ok scanned

28/03/2009 20:28:49 File: c:\arquivos de programas\nitropc\nitropc.exe packed file Armadillo

28/03/2009 20:28:52 File: c:\arquivos de programas\nitropc\nitropc.exe//Armadillo ok scanned

28/03/2009 20:28:53 File: c:\arquivos de programas\nitropc\nitropc.exe ok scanned

28/03/2009 20:28:53 File: c:\documents and settings\administrador\configurações locais\dados de aplicativos\octoshape\octoshape streaming services\octoshapeclient.exe ok scanned

28/03/2009 20:28:53 File: c:\arquivos de programas\google\googletoolbarnotifier\googletoolbarnotifier.exe ok scanned

28/03/2009 20:28:53 File: C:\WINDOWS\system32\cmd.exe ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\appmgmts.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\audiosrv.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\qmgr.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\browser.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\bthserv.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\cryptsvc.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\rpcss.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\dhcpcsvc.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\dmserver.dll ok scanned

28/03/2009 20:28:54 File: c:\windows\system32\dnsrslvr.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\dot3svc.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\eapsvc.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\ersvc.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\es.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\shsvcs.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\pchealth\helpctr\binaries\pchsvc.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\hidserv.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\kmsvc.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\w3ssl.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\srvsvc.dll ok scanned

28/03/2009 20:28:55 File: c:\windows\system32\lmhsvc.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\msgsvc.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\qagentrt.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\netman.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\mswsock.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\ntmssvc.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\rasauto.dll ok scanned

28/03/2009 20:28:56 File: c:\windows\system32\rasmans.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\mprdim.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\regsvc.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\schedsvc.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\seclogon.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\sens.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\ipnathlp.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\srsvc.dll ok scanned

28/03/2009 20:28:57 File: c:\windows\system32\ssdpsrv.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\wiaservc.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\tapisrv.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\termsrv.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\trkwks.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\upnphost.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\w32time.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\webclnt.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\wbem\wmisvc.dll ok scanned

28/03/2009 20:28:58 File: c:\windows\system32\mspmsnsv.dll ok scanned

28/03/2009 20:28:59 File: c:\windows\system32\advapi32.dll ok scanned

28/03/2009 20:28:59 File: c:\windows\system32\wscsvc.dll ok scanned

28/03/2009 20:28:59 File: c:\windows\system32\wuauserv.dll ok scanned

28/03/2009 20:28:59 File: c:\windows\system32\wudfsvc.dll ok scanned

28/03/2009 20:28:59 File: c:\windows\system32\wzcsvc.dll ok scanned

28/03/2009 20:28:59 File: c:\windows\system32\xmlprov.dll ok scanned

28/03/2009 20:29:00 File: c:\windows\system32\drivers\acpi.sys packed file PE_Patch

28/03/2009 20:29:00 File: c:\windows\system32\drivers\acpi.sys//PE_Patch ok scanned

28/03/2009 20:29:00 File: c:\windows\system32\drivers\acpi.sys ok scanned

28/03/2009 20:29:00 File: c:\windows\system32\drivers\acpiec.sys ok scanned

28/03/2009 20:29:00 File: c:\windows\system32\drivers\aec.sys packed file PE_Patch

28/03/2009 20:29:00 File: c:\windows\system32\drivers\aec.sys//PE_Patch ok scanned

28/03/2009 20:29:00 File: c:\windows\system32\drivers\aec.sys ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\drivers\afd.sys ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\alg.exe ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\drivers\aliide.sys ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\drivers\amdk8.sys packed file PE_Patch

28/03/2009 20:29:01 File: c:\windows\system32\drivers\amdk8.sys//PE_Patch ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\drivers\amdk8.sys ok scanned

28/03/2009 20:29:01 File: c:\arquivos de programas\avira\antivir personaledition classic\sched.exe ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\svchost.exe ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\drivers\arp1394.sys packed file PE_Patch

28/03/2009 20:29:01 File: c:\windows\system32\drivers\arp1394.sys//PE_Patch ok scanned

28/03/2009 20:29:01 File: c:\windows\system32\drivers\arp1394.sys ok scanned

28/03/2009 20:29:02 File: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe packed file PE_Patch

28/03/2009 20:29:02 File: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe//PE_Patch ok scanned

28/03/2009 20:29:02 File: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\aswfsblk.sys packed file PE_Patch

28/03/2009 20:29:02 File: c:\windows\system32\drivers\aswfsblk.sys//PE_Patch ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\aswfsblk.sys ok scanned

28/03/2009 20:29:02 File: c:\arquivos de programas\alwil software\avast4\aswupdsv.exe ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\asyncmac.sys packed file PE_Patch

28/03/2009 20:29:02 File: c:\windows\system32\drivers\asyncmac.sys//PE_Patch ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\asyncmac.sys ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\atapi.sys packed file PE_Patch

28/03/2009 20:29:02 File: c:\windows\system32\drivers\atapi.sys//PE_Patch ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\atapi.sys ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\atmarpc.sys packed file PE_Patch

28/03/2009 20:29:02 File: c:\windows\system32\drivers\atmarpc.sys//PE_Patch ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\atmarpc.sys ok scanned

28/03/2009 20:29:02 File: c:\windows\system32\drivers\audstub.sys ok scanned

28/03/2009 20:29:03 File: c:\arquivos de programas\alwil software\avast4\ashserv.exe ok scanned

28/03/2009 20:29:03 File: c:\arquivos de programas\alwil software\avast4\ashmaisv.exe ok scanned

28/03/2009 20:29:03 File: c:\arquivos de programas\alwil software\avast4\ashwebsv.exe ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\avipbb.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\blueletaudio.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\btnetdrv.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\btcusb.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthenum.sys packed file PE_Patch

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthenum.sys//PE_Patch ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthenum.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\vbtenum.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthidmgr.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthpan.sys packed file PE_Patch

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthpan.sys//PE_Patch ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthpan.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthport.sys packed file PE_Patch

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthport.sys//PE_Patch ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthport.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthusb.sys packed file PE_Patch

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthusb.sys//PE_Patch ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\bthusb.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\btnetfilter.sys ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\ccdecode.sys packed file PE_Patch

28/03/2009 20:29:04 File: c:\windows\system32\drivers\ccdecode.sys//PE_Patch ok scanned

28/03/2009 20:29:04 File: c:\windows\system32\drivers\ccdecode.sys ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\cdrom.sys packed file PE_Patch

28/03/2009 20:29:05 File: c:\windows\system32\drivers\cdrom.sys//PE_Patch ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\cdrom.sys ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\cisvc.exe ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\clipsrv.exe ok scanned

28/03/2009 20:29:05 File: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\cmbatt.sys packed file PE_Patch

28/03/2009 20:29:05 File: c:\windows\system32\drivers\cmbatt.sys//PE_Patch ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\cmbatt.sys ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\compbatt.sys packed file PE_Patch

28/03/2009 20:29:05 File: c:\windows\system32\drivers\compbatt.sys//PE_Patch ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\compbatt.sys ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\dllhost.exe ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\disk.sys packed file PE_Patch

28/03/2009 20:29:05 File: c:\windows\system32\drivers\disk.sys//PE_Patch ok scanned

28/03/2009 20:29:05 File: c:\windows\system32\drivers\disk.sys ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\dmadmin.exe ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmboot.sys packed file PE_Patch

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmboot.sys//PE_Patch ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmboot.sys ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmio.sys packed file PE_Patch

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmio.sys//PE_Patch ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmio.sys ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmload.sys ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmusic.sys packed file PE_Patch

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmusic.sys//PE_Patch ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\dmusic.sys ok scanned

28/03/2009 20:29:06 File: c:\windows\system32\drivers\drmkaud.sys packed file PE_Patch

28/03/2009 20:29:07 File: c:\windows\system32\drivers\drmkaud.sys//PE_Patch ok scanned

28/03/2009 20:29:07 File: c:\windows\system32\drivers\drmkaud.sys ok scanned

28/03/2009 20:29:07 File: c:\windows\system32\services.exe ok scanned

28/03/2009 20:29:07 File: c:\windows\system32\drivers\fltmgr.sys packed file PE_Patch

28/03/2009 20:29:07 File: c:\windows\system32\drivers\fltmgr.sys//PE_Patch ok scanned

28/03/2009 20:29:07 File: c:\windows\system32\drivers\fltmgr.sys ok scanned

28/03/2009 20:29:07 File: c:\windows\system32\drivers\fssfltr_tdi.sys ok scanned

28/03/2009 20:29:07 File: c:\arquivos de programas\windows live\family safety\fsssvc.exe ok scanned

28/03/2009 20:29:07 File: c:\windows\system32\drivers\ftdisk.sys ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\msgpc.sys packed file PE_Patch

28/03/2009 20:29:08 File: c:\windows\system32\drivers\msgpc.sys//PE_Patch ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\msgpc.sys ok scanned

28/03/2009 20:29:08 File: c:\arquivos de programas\google\common\google updater\googleupdaterservice.exe ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hdaudio.sys packed file PE_Patch

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hdaudio.sys//PE_Patch ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hdaudio.sys ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hdaudbus.sys packed file PE_Patch

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hdaudbus.sys//PE_Patch ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hdaudbus.sys ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hidusb.sys packed file PE_Patch

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hidusb.sys//PE_Patch ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hidusb.sys ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hpzid412.sys ok scanned

28/03/2009 20:29:08 File: c:\windows\system32\drivers\hpzipr12.sys ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\hpzius12.sys ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\http.sys packed file PE_Patch

28/03/2009 20:29:09 File: c:\windows\system32\drivers\http.sys//PE_Patch ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\http.sys ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\i8042prt.sys ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\imapi.sys packed file PE_Patch

28/03/2009 20:29:09 File: c:\windows\system32\drivers\imapi.sys//PE_Patch ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\imapi.sys ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\imapi.exe ok scanned

28/03/2009 20:29:09 File: c:\windows\system32\drivers\rtkhdaud.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ip6fw.sys packed file PE_Patch

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ip6fw.sys//PE_Patch ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ip6fw.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipfltdrv.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipinip.sys packed file PE_Patch

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipinip.sys//PE_Patch ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipinip.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipnat.sys packed file PE_Patch

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipnat.sys//PE_Patch ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipnat.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\ipsec.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\irenum.sys packed file PE_Patch

28/03/2009 20:29:10 File: c:\windows\system32\drivers\irenum.sys//PE_Patch ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\irenum.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\73666431.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\81438807.sys ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\isapnp.sys packed file PE_Patch

28/03/2009 20:29:10 File: c:\windows\system32\drivers\isapnp.sys//PE_Patch ok scanned

28/03/2009 20:29:10 File: c:\windows\system32\drivers\isapnp.sys ok scanned

28/03/2009 20:29:11 File: c:\arquivos de programas\java\jre6\bin\jqs.exe ok scanned

28/03/2009 20:29:11 File: c:\arquivos de programas\java\jre6\lib\deploy\jqs\jqs.conf ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kbdclass.sys packed file PE_Patch

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kbdclass.sys//PE_Patch ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kbdclass.sys ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kbdhid.sys packed file PE_Patch

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kbdhid.sys//PE_Patch ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kbdhid.sys ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kmixer.sys packed file PE_Patch

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kmixer.sys//PE_Patch ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\kmixer.sys ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\mnmsrvc.exe ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\mouclass.sys packed file PE_Patch

28/03/2009 20:29:11 File: c:\windows\system32\drivers\mouclass.sys//PE_Patch ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\mouclass.sys ok scanned

28/03/2009 20:29:11 File: c:\windows\system32\drivers\mouhid.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mrxdav.sys packed file PE_Patch

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mrxdav.sys//PE_Patch ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mrxdav.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\msdtc.exe ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\msiexec.exe ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mskssrv.sys packed file PE_Patch

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mskssrv.sys//PE_Patch ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mskssrv.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mspclock.sys packed file PE_Patch

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mspclock.sys//PE_Patch ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mspclock.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mspqm.sys packed file PE_Patch

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mspqm.sys//PE_Patch ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mspqm.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mssmbios.sys packed file PE_Patch

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mssmbios.sys//PE_Patch ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mssmbios.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mstee.sys packed file PE_Patch

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mstee.sys//PE_Patch ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\mstee.sys ok scanned

28/03/2009 20:29:12 File: c:\windows\system32\drivers\rmc.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\sldrv\mtlmnt5.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\sldrv\mtlstrm.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\nabtsfec.sys packed file PE_Patch

28/03/2009 20:29:13 File: c:\windows\system32\drivers\nabtsfec.sys//PE_Patch ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\nabtsfec.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndisip.sys packed file PE_Patch

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndisip.sys//PE_Patch ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndisip.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndistapi.sys packed file PE_Patch

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndistapi.sys//PE_Patch ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndistapi.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndisuio.sys packed file PE_Patch

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndisuio.sys//PE_Patch ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndisuio.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\ndiswan.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\drivers\netbt.sys ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\netdde.exe ok scanned

28/03/2009 20:29:13 File: c:\windows\system32\lsass.exe ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\nic1394.sys packed file PE_Patch

28/03/2009 20:29:14 File: c:\windows\system32\drivers\nic1394.sys//PE_Patch ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\nic1394.sys ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\nwlnkflt.sys ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\nwlnkfwd.sys ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\ohci1394.sys packed file PE_Patch

28/03/2009 20:29:14 File: c:\windows\system32\drivers\ohci1394.sys//PE_Patch ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\ohci1394.sys ok scanned

28/03/2009 20:29:14 File: c:\arquivos de programas\arquivos comuns\microsoft shared\source engine\ose.exe ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\pci.sys packed file PE_Patch

28/03/2009 20:29:14 File: c:\windows\system32\drivers\pci.sys//PE_Patch ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\pci.sys ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\pcmcia.sys packed file PE_Patch

28/03/2009 20:29:14 File: c:\windows\system32\drivers\pcmcia.sys//PE_Patch ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\drivers\pcmcia.sys ok scanned

28/03/2009 20:29:14 File: c:\windows\system32\hpzipm12.exe ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\raspptp.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\ptilink.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rasacd.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rasl2tp.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\raspppoe.sys packed file PE_Patch

28/03/2009 20:29:15 File: c:\windows\system32\drivers\raspppoe.sys//PE_Patch ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\raspppoe.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\raspti.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rdpcdd.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rdpdr.sys packed file PE_Patch

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rdpdr.sys//PE_Patch ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rdpdr.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\sessmgr.exe ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\sldrv\recagent.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\redbook.sys packed file PE_Patch

28/03/2009 20:29:15 File: c:\windows\system32\drivers\redbook.sys//PE_Patch ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\redbook.sys ok scanned

28/03/2009 20:29:15 File: c:\windows\system32\drivers\rfcomm.sys packed file PE_Patch

28/03/2009 20:29:16 File: c:\windows\system32\drivers\rfcomm.sys//PE_Patch ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\rfcomm.sys ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\rootmdm.sys ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\rsvp.exe ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\rt73.sys ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\scardsvr.exe ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\scsiport.sys packed file PE_Patch

28/03/2009 20:29:16 File: c:\windows\system32\drivers\scsiport.sys//PE_Patch ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\scsiport.sys ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\sdbus.sys packed file PE_Patch

28/03/2009 20:29:16 File: c:\windows\system32\drivers\sdbus.sys//PE_Patch ok scanned

28/03/2009 20:29:16 File: c:\windows\system32\drivers\sdbus.sys ok scanned

28/03/2009 20:29:17 File: c:\arquivos de programas\microsoft\search enhancement pack\seaport\seaport.exe ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\secdrv.sys packed file PE_Patch

28/03/2009 20:29:17 File: c:\windows\system32\drivers\secdrv.sys//PE_Patch ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\secdrv.sys ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\serenum.sys packed file PE_Patch

28/03/2009 20:29:17 File: c:\windows\system32\drivers\serenum.sys//PE_Patch ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\serenum.sys ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\sldrv\slazldrv.sys ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\slip.sys packed file PE_Patch

28/03/2009 20:29:17 File: c:\windows\system32\drivers\slip.sys//PE_Patch ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\slip.sys ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\sldrv\slnthal.sys ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\slserv.exe ok scanned

28/03/2009 20:29:17 File: c:\windows\system32\drivers\sldrv\slwdmsup.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\snpstd3.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\splitter.sys packed file PE_Patch

28/03/2009 20:29:18 File: c:\windows\system32\drivers\splitter.sys//PE_Patch ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\splitter.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\spoolsv.exe ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\sr.sys packed file PE_Patch

28/03/2009 20:29:18 File: c:\windows\system32\drivers\sr.sys//PE_Patch ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\sr.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\ssmdrv.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\streamip.sys packed file PE_Patch

28/03/2009 20:29:18 File: c:\windows\system32\drivers\streamip.sys//PE_Patch ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\streamip.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\swenum.sys packed file PE_Patch

28/03/2009 20:29:18 File: c:\windows\system32\drivers\swenum.sys//PE_Patch ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\swenum.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\swmidi.sys packed file PE_Patch

28/03/2009 20:29:18 File: c:\windows\system32\drivers\swmidi.sys//PE_Patch ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\swmidi.sys ok scanned

28/03/2009 20:29:18 File: c:\windows\system32\drivers\sysaudio.sys ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\smlogsvc.exe ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\tcpip.sys ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\termdd.sys packed file PE_Patch

28/03/2009 20:29:19 File: c:\windows\system32\drivers\termdd.sys//PE_Patch ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\termdd.sys ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\tifm21.sys ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\tlntsvr.exe ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\ulilan51.sys ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\update.sys packed file PE_Patch

28/03/2009 20:29:19 File: c:\windows\system32\drivers\update.sys//PE_Patch ok scanned

28/03/2009 20:29:19 File: c:\windows\system32\drivers\update.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\ups.exe ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbccgp.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbccgp.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbccgp.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbehci.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbehci.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbehci.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbhub.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbhub.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbhub.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbohci.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbohci.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbohci.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbprint.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbprint.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbprint.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbscan.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbscan.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbscan.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbsermpt.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbstor.sys packed file PE_Patch

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbstor.sys//PE_Patch ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\usbstor.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\vcomm.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\vcommmgr.sys ok scanned

28/03/2009 20:29:20 File: c:\windows\system32\drivers\vga.sys packed file PE_Patch

28/03/2009 20:29:21 File: c:\windows\system32\drivers\vga.sys//PE_Patch ok scanned

28/03/2009 20:29:21 File: c:\windows\system32\drivers\vga.sys ok scanned

28/03/2009 20:29:21 File: c:\windows\system32\vssvc.exe ok scanned

28/03/2009 20:29:21 File: c:\windows\system32\drivers\wanarp.sys packed file PE_Patch

28/03/2009 20:29:21 File: c:\windows\system32\drivers\wanarp.sys//PE_Patch ok scanned

28/03/2009 20:29:21 File: c:\windows\system32\drivers\wanarp.sys ok scanned

28/03/2009 20:29:21 File: c:\windows\system32\drivers\wdmaud.sys ok scanned

28/03/2009 20:29:21 File: c:\windows\system32\wbem\wmiapsrv.exe ok scanned

28/03/2009 20:29:22 File: c:\arquivos de programas\windows media player\wmpnetwk.exe ok scanned

28/03/2009 20:29:22 File: c:\windows\system32\drivers\ws2ifsl.sys ok scanned

28/03/2009 20:29:22 File: c:\windows\system32\drivers\wstcodec.sys packed file PE_Patch

28/03/2009 20:29:22 File: c:\windows\system32\drivers\wstcodec.sys//PE_Patch ok scanned

28/03/2009 20:29:22 File: c:\windows\system32\drivers\wstcodec.sys ok scanned

28/03/2009 20:29:22 File: c:\windows\system32\drivers\wudfpf.sys packed file PE_Patch

28/03/2009 20:29:22 File: c:\windows\system32\drivers\wudfpf.sys//PE_Patch ok scanned

28/03/2009 20:29:22 File: c:\windows\system32\drivers\wudfpf.sys ok scanned

28/03/2009 20:29:23 File: c:\windows\system32\drivers\wudfrd.sys packed file PE_Patch

28/03/2009 20:29:23 File: c:\windows\system32\drivers\wudfrd.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: c:\windows\system32\drivers\wudfrd.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\acpi.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\acpi.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\acpi.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\acpiec.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aec.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aec.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aec.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aliide.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\amdk8.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\amdk8.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\amdk8.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\arp1394.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\arp1394.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\arp1394.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aswfsblk.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aswfsblk.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\aswfsblk.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\asyncmac.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\asyncmac.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\asyncmac.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\atapi.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\atapi.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\atapi.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\atmarpc.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\atmarpc.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\atmarpc.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\audstub.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\avipbb.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\blueletaudio.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\btnetdrv.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\btcusb.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthenum.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthenum.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthenum.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\vbtenum.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthidmgr.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthpan.sys packed file PE_Patch

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthpan.sys//PE_Patch ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthpan.sys ok scanned

28/03/2009 20:29:23 File: C:\WINDOWS\system32\drivers\bthport.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\bthport.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\bthport.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\bthusb.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\bthusb.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\bthusb.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\ccdecode.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\ccdecode.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\ccdecode.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\cdrom.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\cdrom.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\cdrom.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\cmbatt.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\cmbatt.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\cmbatt.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\compbatt.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\compbatt.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\compbatt.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\disk.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\disk.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\disk.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmboot.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmboot.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmboot.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmio.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmio.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmio.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmload.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmusic.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmusic.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\dmusic.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\dot3svc.dll ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\drmkaud.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\drmkaud.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\drmkaud.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\fltmgr.sys packed file PE_Patch

 

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\fltmgr.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\fltmgr.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\fssfltr_tdi.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\ftdisk.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\msgpc.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\msgpc.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\msgpc.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hdaudio.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hdaudio.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hdaudio.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hdaudbus.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hdaudbus.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hdaudbus.sys ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hidusb.sys packed file PE_Patch

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hidusb.sys//PE_Patch ok scanned

28/03/2009 20:29:24 File: C:\WINDOWS\system32\drivers\hidusb.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\hpzid412.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\hpzipr12.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\hpzius12.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\http.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\http.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\http.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\i8042prt.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\imapi.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\imapi.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\imapi.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\rtkhdaud.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ip6fw.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ip6fw.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ip6fw.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipfltdrv.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipinip.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipinip.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipinip.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipnat.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipnat.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipnat.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\ipsec.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\irenum.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\irenum.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\irenum.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\isapnp.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\isapnp.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\isapnp.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kbdclass.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kbdclass.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kbdclass.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kbdhid.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kbdhid.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kbdhid.sys ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kmixer.sys packed file PE_Patch

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kmixer.sys//PE_Patch ok scanned

28/03/2009 20:29:25 File: C:\WINDOWS\system32\drivers\kmixer.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mouclass.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mouclass.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mouclass.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mouhid.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mrxdav.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mrxdav.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mrxdav.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mskssrv.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mskssrv.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mskssrv.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mspclock.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mspclock.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mspclock.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mspqm.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mspqm.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mspqm.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mssmbios.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mssmbios.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mssmbios.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mstee.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mstee.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\mstee.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\rmc.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\sldrv\mtlmnt5.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\sldrv\mtlstrm.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nabtsfec.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nabtsfec.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nabtsfec.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndisip.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndisip.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndisip.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndistapi.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndistapi.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndistapi.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndisuio.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndisuio.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndisuio.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ndiswan.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\netbt.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nic1394.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nic1394.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nic1394.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nwlnkflt.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\nwlnkfwd.sys ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ohci1394.sys packed file PE_Patch

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ohci1394.sys//PE_Patch ok scanned

28/03/2009 20:29:26 File: C:\WINDOWS\system32\drivers\ohci1394.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\pci.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\pci.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\pci.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\pcmcia.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\pcmcia.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\pcmcia.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\raspptp.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\ptilink.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rasacd.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rasl2tp.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\raspppoe.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\raspppoe.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\raspppoe.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\raspti.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rdpcdd.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rdpdr.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rdpdr.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rdpdr.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\sldrv\recagent.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\redbook.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\redbook.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\redbook.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rfcomm.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rfcomm.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rfcomm.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rootmdm.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\rpcss.dll ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\rt73.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\sdbus.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\sdbus.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\sdbus.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\secdrv.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\secdrv.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\secdrv.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\serenum.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\serenum.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\serenum.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\sldrv\slazldrv.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\slip.sys packed file PE_Patch

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\slip.sys//PE_Patch ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\slip.sys ok scanned

28/03/2009 20:29:27 File: C:\WINDOWS\system32\drivers\sldrv\slnthal.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\slserv.exe ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\sldrv\slwdmsup.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\snpstd3.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\splitter.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\splitter.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\splitter.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\sr.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\sr.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\sr.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\ssmdrv.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\streamip.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\streamip.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\streamip.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\swenum.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\swenum.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\swenum.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\swmidi.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\swmidi.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\swmidi.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\sysaudio.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\tcpip.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\termdd.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\termdd.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\termdd.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\tifm21.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\ulilan51.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\update.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\update.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\update.sys ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\usbccgp.sys packed file PE_Patch

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\usbccgp.sys//PE_Patch ok scanned

28/03/2009 20:29:28 File: C:\WINDOWS\system32\drivers\usbccgp.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbehci.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbehci.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbehci.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbhub.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbhub.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbhub.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbohci.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbohci.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbohci.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbprint.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbprint.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbprint.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbscan.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbscan.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbscan.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbsermpt.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbstor.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbstor.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\usbstor.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\vcomm.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\vcommmgr.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wanarp.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wanarp.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wanarp.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wdmaud.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wstcodec.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wstcodec.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wstcodec.sys ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wudfpf.sys packed file PE_Patch

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wudfpf.sys//PE_Patch ok scanned

28/03/2009 20:29:29 File: C:\WINDOWS\system32\drivers\wudfpf.sys ok scanned

28/03/2009 20:29:30 File: C:\WINDOWS\system32\drivers\wudfrd.sys packed file PE_Patch

28/03/2009 20:29:30 File: C:\WINDOWS\system32\drivers\wudfrd.sys//PE_Patch ok scanned

28/03/2009 20:29:30 File: C:\WINDOWS\system32\drivers\wudfrd.sys ok scanned

28/03/2009 20:29:30 File: c:\windows\system32\autochk.exe ok scanned

28/03/2009 20:29:30 File: C:\WINDOWS\system32\autochk.exe ok scanned

28/03/2009 20:29:30 File: c:\windows\system32\ieudinit.exe ok scanned

28/03/2009 20:29:30 File: c:\windows\inf\unregmp2.exe ok scanned

28/03/2009 20:29:30 File: c:\windows\system32\shmgrate.exe ok scanned

28/03/2009 20:29:30 File: c:\windows\system32\iedkcs32.dll ok scanned

28/03/2009 20:29:31 File: c:\windows\system32\regsvr32.exe ok scanned

28/03/2009 20:29:31 File: c:\windows\system32\themeui.dll ok scanned

28/03/2009 20:29:31 File: c:\arquivos de programas\outlook express\setup50.exe//# ok scanned

28/03/2009 20:29:31 File: c:\arquivos de programas\outlook express\setup50.exe ok scanned

28/03/2009 20:29:31 File: c:\windows\system32\user.exe ok scanned

28/03/2009 20:29:31 File: c:\windows\system32\advpack.dll ok scanned

28/03/2009 20:29:31 File: c:\windows\inf\msnetmtg.inf ok scanned

28/03/2009 20:29:31 File: C:\WINDOWS\system32\advpack.dll ok scanned

28/03/2009 20:29:31 File: c:\windows\inf\msmsgs.inf ok scanned

28/03/2009 20:29:31 File: c:\windows\inf\wmp11.inf ok scanned

28/03/2009 20:29:31 File: C:\WINDOWS\system32\user.exe ok scanned

28/03/2009 20:29:31 File: C:\WINDOWS\system32\shell32.dll ok scanned

28/03/2009 20:29:31 File: c:\windows\system32\ie4uinit.exe ok scanned

28/03/2009 20:29:32 File: c:\windows\system32\mscories.dll ok scanned

28/03/2009 20:29:32 File: c:\windows\system32\comm.drv ok scanned

28/03/2009 20:29:32 File: c:\windows\system\vga.drv ok scanned

28/03/2009 20:29:32 File: c:\windows\system\mmsystem.dll ok scanned

28/03/2009 20:29:32 File: c:\windows\system\keyboard.drv ok scanned

28/03/2009 20:29:32 File: c:\windows\system\mouse.drv ok scanned

28/03/2009 20:29:32 File: c:\windows\system\wfwnet.drv ok scanned

28/03/2009 20:29:32 File: c:\windows\system32\progman.exe ok scanned