[Resolvido!] Navegadores (IE7 e Mozilla) abrindo a todo instante.

[Mescouto 0]

Boa tarde pessoal,

 

O Problema é o seguinte: Basta eu ligar o pc que várias páginas do Mozilla (atual navegador primário) se abrem, o mesmo ocorria com o IE7. Agora a 'calculadora' e o 'meu computador' tb abrem sem minha permissão. O grande problema é que em determinados instantes fica abrindo uma página atrás da outra. Fica impossível usar um pc nesse estado. Preciso da ajuda de vcs.

Abaixo está o log que acabo de fazer do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:48:06, on 04/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

 

--

End of file - 6685 bytes

 

Agradecido desde já.

[DigRam 144]

Boa Tarde! Mescouto

 

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mescouto 0]

Boa tarde DigRam! Segue os Logs do Hijackthis atualizado e ComboFix:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:13:17, on 04/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

 

--

End of file - 6291 bytes

 

--------------------------------------

 

ComboFix 09-05-03.6 - Louise 04/05/2009 13:04.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.3060.2100 [GMT -3:00]

Executando de: c:\users\Louise\Desktop\ComboFix.exe

AV: avast! antivirus 4.7.1043 [VPS 090426-0] *On-access scanning enabled* (Updated)

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-04 to 2009-05-04 ))))))))))))))))))))))))))))

.

 

2009-05-03 22:03 . 2009-05-03 22:03 -------- d-----w c:\program files\TVUPlayer

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Common Files\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\users\All Users\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Macromedia

2009-04-30 00:01 . 2009-04-30 00:01 -------- d-----w c:\windows\Downloaded Installations

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\iWin

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\Oberon Media

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\programdata\TEMP

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\users\All Users\TEMP

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\programdata\GamesBar

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\users\All Users\GamesBar

2009-04-29 22:32 . 2009-04-29 22:32 -------- d-----w c:\program files\Common Files\Oberon Media

2009-04-29 22:32 . 2009-04-29 23:11 -------- d-----w c:\program files\Oberon Media

2009-04-29 02:00 . 2004-03-22 17:17 24816 ----a-w c:\windows\system32\mdimon.dll

2009-04-29 01:57 . 2009-04-29 01:57 -------- d-----w c:\program files\Microsoft Works

2009-04-29 01:54 . 2009-04-29 01:59 -------- d-----w c:\windows\SHELLNEW

2009-04-29 01:53 . 2009-04-29 01:53 -------- d-----w c:\program files\Microsoft.NET

2009-04-28 20:03 . 2009-04-28 20:03 -------- d-----w c:\users\Louise\AppData\Local\Mozilla

2009-04-28 19:09 . 2008-06-19 19:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-04-28 19:09 . 2009-04-28 19:09 -------- d-----w c:\program files\Panda Security

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\users\Louise\AppData\Roaming\Yahoo!

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\programdata\Yahoo! Companion

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\users\All Users\Yahoo! Companion

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\program files\Yahoo!

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\program files\CCleaner

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\Louise\AppData\Roaming\Malwarebytes

2009-04-28 17:41 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 17:41 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\programdata\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\Louise\AppData\Roaming\Grisoft

2009-04-28 17:19 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\programdata\Grisoft

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\All Users\Grisoft

2009-04-28 17:14 . 2009-04-28 17:14 -------- d-----w C:\LinhaDefensiva

2009-04-28 16:29 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll

2009-04-28 15:30 . 2009-05-04 14:48 -------- d-----w C:\HiJackThis

2009-04-28 00:18 . 2004-05-18 18:16 39936 ----a-w c:\windows\system32\huffyuv.dll

2009-04-28 00:18 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll

2009-04-28 00:18 . 2006-04-02 12:47 630784 ----a-w c:\windows\system32\vp7vfw.dll

2009-04-28 00:18 . 2004-12-10 08:03 438272 ----a-w c:\windows\system32\vp6vfw.dll

2009-04-28 00:18 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll

2009-04-28 00:18 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll

2009-04-28 00:18 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll

2009-04-28 00:07 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll

2009-04-28 00:07 . 2009-04-28 00:18 -------- d-----w c:\program files\K-Lite Codec Pack

2009-04-28 00:05 . 2009-04-28 00:12 -------- d-----w c:\users\Louise\AppData\Roaming\Media Player Classic

2009-04-27 23:21 . 2009-04-27 23:21 -------- d-----w c:\program files\VistaCodecPack

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\programdata\VistaCodecs

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\users\All Users\VistaCodecs

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\programdata\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\users\All Users\eMule

2009-04-27 22:52 . 2009-04-27 22:56 -------- d-----w c:\users\Louise\AppData\Local\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\program files\eMule

2009-04-27 22:50 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll

2009-04-27 22:50 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll

2009-04-27 22:50 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll

2009-04-27 22:16 . 2009-04-27 22:16 -------- d-----w c:\program files\SopCast

2009-04-27 22:16 . 2009-05-03 22:03 -------- d-----w c:\program files\Megacubo

2009-04-27 22:14 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll

2009-04-27 22:14 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys

2009-04-27 22:14 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys

2009-04-27 22:14 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll

2009-04-27 22:14 . 2008-08-27 01:05 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys

2009-04-27 22:13 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL

2009-04-27 22:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-27 22:13 . 2008-10-21 05:25 296960 ----a-w c:\windows\system32\gdi32.dll

2009-04-27 22:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-27 22:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-27 22:13 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll

2009-04-27 22:13 . 2008-11-01 03:44 28672 ----a-w c:\windows\system32\Apphlpdm.dll

2009-04-27 22:13 . 2008-03-08 04:21 1695744 ----a-w c:\windows\system32\gameux.dll

2009-04-27 22:13 . 2008-11-01 01:21 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll

2009-04-27 22:11 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll

2009-04-27 22:10 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll

2009-04-27 21:53 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll

2009-04-27 21:53 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe

2009-04-27 21:53 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll

2009-04-27 21:53 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll

2009-04-27 21:52 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll

2009-04-27 21:52 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll

2009-04-27 21:52 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll

2009-04-27 21:52 . 2008-10-16 16:56 31232 ----a-w c:\windows\system32\wuapp.exe

2009-04-27 21:52 . 2008-10-16 17:08 162064 ----a-w c:\windows\system32\wuwebv.dll

2009-04-27 00:46 . 2009-04-27 00:46 -------- d-----w c:\program files\uTorrent

2009-04-27 00:46 . 2009-05-04 15:59 -------- d-----w c:\users\Louise\AppData\Roaming\uTorrent

2009-04-27 00:35 . 2009-04-28 00:07 -------- d-----w c:\users\Louise\AppData\Local\Google

2009-04-27 00:34 . 2009-04-27 00:35 -------- d-----w c:\users\All Users\Google

2009-04-27 00:34 . 2009-04-27 00:40 -------- d-----w c:\program files\Google

2009-04-27 00:34 . 2009-04-27 10:59 -------- d-----w c:\windows\system32\Macromed

2009-04-26 23:23 . 2009-02-05 22:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-04-26 23:23 . 2003-03-18 21:20 1060864 ----a-w c:\windows\system32\MFC71.dll

2009-04-26 23:23 . 2003-03-18 20:14 499712 ----a-w c:\windows\system32\MSVCP71.dll

2009-04-26 23:23 . 2009-04-26 23:23 -------- d-----w c:\program files\Alwil Software

2009-04-26 23:17 . 2009-04-26 23:17 -------- d-----w c:\program files\Webteh

2009-04-26 23:16 . 2009-04-27 21:54 -------- d-----w c:\users\Louise\AppData\Local\Adobe

2009-04-26 23:03 . 2009-04-26 23:03 -------- d-----w c:\users\Louise\AppData\Local\Microsoft Games

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w C:\Arquivos de programas

2009-04-24 00:26 . 2009-04-02 18:21 84480 ----a-w c:\windows\system32\ff_vfw.dll

2009-04-22 23:59 . 2009-04-22 23:59 1033728 ----a-w c:\windows\system32\VSFilter.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-04 13:23 . 2008-01-21 06:32 634040 ----a-w c:\windows\system32\prfh0416.dat

2009-05-04 13:23 . 2008-01-21 06:32 121690 ----a-w c:\windows\system32\prfc0416.dat

2009-04-30 00:01 . 2009-03-15 00:39 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-29 02:13 . 2009-04-26 22:54 99864 ----a-w c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-28 16:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-04-28 16:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-04-28 16:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-04-28 16:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-04-27 22:27 . 2009-03-15 00:34 -------- d-----w c:\program files\Common Files\Adobe

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Common Files\Sistema

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Arquivos Comuns

2009-03-17 03:38 . 2009-04-27 22:11 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-27 22:11 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-15 00:46 . 2009-03-15 00:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-03-15 00:41 . 2009-03-15 00:39 -------- d-----w c:\program files\Realtek

2009-03-15 00:41 . 2009-03-15 00:39 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-15 00:39 . 2009-03-15 00:39 319456 ----a-w c:\windows\DIFxAPI.dll

2009-03-15 00:39 . 2009-03-15 00:39 315392 ----a-w c:\windows\HideWin.exe

2009-03-15 00:39 . 2009-03-15 00:39 -------- d-----w c:\program files\Intel

2009-03-15 00:37 . 2009-03-15 00:35 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2009-03-15 00:36 . 2009-03-15 00:35 -------- d-----w c:\program files\Windows Live

2009-03-15 00:36 . 2009-03-15 00:36 -------- d-----w c:\program files\Windows Live Toolbar

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\CDBurnerXP

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\Movie Maker 2.6

2009-03-03 04:46 . 2009-04-27 22:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-27 22:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-27 22:10 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-27 22:11 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-27 22:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-27 22:10 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-27 22:11 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-27 22:11 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-27 22:11 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-27 22:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-27 22:11 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-27 22:10 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-02-13 08:49 . 2009-04-27 22:11 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-27 22:11 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-04-27 22:10 2033152 ----a-w c:\windows\system32\win32k.sys

2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6A6A340C-E756-441B-AF1D-99218FAFF7FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{113C0CCF-2C83-40ED-AC38-62555A6034E9}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{5B8FFD91-5B17-486D-AFF9-7BD1FF4EB74E}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{A370EA86-0A6D-42BF-8FBD-966106BBFD70}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{16DC8953-9170-404B-A4C4-E0D0CA048806}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{6C7265A4-AA1B-493F-872C-CBC30F6EB970}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"{136E96BD-D7B6-4765-8BF3-04D9ECAB3E25}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"TCP Query User{3C251F08-F36E-4BF4-B9D9-6C960D2DFDA3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{85B1D68B-D65E-4203-9AAB-F9AFB60EF5B7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R2 Norton Internet Security;Norton Internet Security; [x]

R3 FXDrv32;FXDrv32; [x]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{6390703D-5B3C-4525-AF11-260BD113A11C}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

 

2009-05-04 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 14:20]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F23F9139-B115-41DE-A439-28A87249A894} = 200.149.55.140 200.165.132.147

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-04 13:07

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Tempo para conclusão: 2009-05-04 13:08

ComboFix-quarantined-files.txt 2009-05-04 16:08

 

Pré-execução: 276.243.206.144 bytes disponíveis

Pós execução: 276.281.925.632 bytes disponíveis

 

237 --- E O F --- 2009-04-28 16:33

 

P.S.: Alguns fóruns não aceitam diagnosticar o problema em que o computador não seja o do postador, mas afirmo que este PC é meu mesmo estando o nome Louise no Log. Ela é minha noiva e o PC está no nome dela. Abraço.

[DigRam 144]

Bom Dia! Mescouto

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll

Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 1 (0x0)

Folder::

c:\program files\Norton Internet Security

Driver::

"Norton Internet Security"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mescouto 0]

Boa madrugada para nós. Desculpe a demora. Durante o teste do Lop S&D, em cada etapa concluída aparecia a seguinte mensagem: Utilitário de localização de cadeias de caracteres (QGREP) parou de funcionar. Eu tinha que escolher uma opção dentre as duas a seguir: Ou "Procurar solução online e fechar o programa" ou "fechar o programa". Escolhi sempre a primeira opção, assim o scan continuava. Não sei se esse detalhe afetou o desempenho da ferramenta.

 

Seguem os 3 logs pedidos no post anterior:

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft® Windows Vista™ Home Basic ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2220 @ 2.40GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Louise ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.7.1043 [VPS 090426-0] 4.7.1043 (Activated)

C:\ (Local Disk) - NTFS - Total:298 Go (Free:257 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 05/05/2009|23:38 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em Local

 

[27/04/2009|18:54] C:\Users\Louise\AppData\Local\Adobe

[26/04/2009|19:54] C:\Users\Louise\AppData\Local\Dados de aplicativos

[04/05/2009|12:56] C:\Users\Louise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[27/04/2009|19:56] C:\Users\Louise\AppData\Local\eMule

[28/04/2009|23:13] C:\Users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT

[27/04/2009|21:07] C:\Users\Louise\AppData\Local\Google

[26/04/2009|19:54] C:\Users\Louise\AppData\Local\Histórico

[05/05/2009|16:30] C:\Users\Louise\AppData\Local\IconCache.db

[30/04/2009|16:36] C:\Users\Louise\AppData\Local\Microsoft

[26/04/2009|20:03] C:\Users\Louise\AppData\Local\Microsoft Games

[28/04/2009|17:03] C:\Users\Louise\AppData\Local\Mozilla

[05/05/2009|23:38] C:\Users\Louise\AppData\Local\Temp

[26/04/2009|19:54] C:\Users\Louise\AppData\Local\Temporary Internet Files

[28/04/2009|12:33] C:\Users\Louise\AppData\Local\VirtualStore

 

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

 

[05/05/2009 16:22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6390703D-5B3C-4525-AF11-260BD113A11C}.job

[05/05/2009 23:26][--a------] C:\Windows\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

[05/05/2009 22:29][--ah-----] C:\Windows\tasks\SA.DAT

[05/05/2009 16:30][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Lista de pastas em C:\ProgramData

 

[27/04/2009|19:27] C:\ProgramData\Adobe

[02/11/2006|09:59] C:\ProgramData\Application Data

[26/04/2009|19:50] C:\ProgramData\Dados de aplicativos

[02/11/2006|09:59] C:\ProgramData\Desktop

[26/04/2009|19:50] C:\ProgramData\Documentos

[02/11/2006|09:59] C:\ProgramData\Documents

[27/04/2009|19:52] C:\ProgramData\eMule

[02/11/2006|09:59] C:\ProgramData\Favorites

[26/04/2009|19:50] C:\ProgramData\Favoritos

[29/04/2009|20:11] C:\ProgramData\GamesBar

[26/04/2009|21:35] C:\ProgramData\Google

[28/04/2009|14:19] C:\ProgramData\Grisoft

[29/04/2009|21:02] C:\ProgramData\Macromedia

[28/04/2009|14:41] C:\ProgramData\Malwarebytes

[26/04/2009|19:50] C:\ProgramData\Menu Iniciar

[28/04/2009|23:01] C:\ProgramData\Microsoft

[26/04/2009|19:50] C:\ProgramData\Modelos

[26/04/2009|20:35] C:\ProgramData\Norton

[14/03/2009|21:33] C:\ProgramData\NortonInstaller

[02/11/2006|09:59] C:\ProgramData\Start Menu

[29/04/2009|20:09] C:\ProgramData\TEMP

[02/11/2006|09:59] C:\ProgramData\Templates

[27/04/2009|20:20] C:\ProgramData\VistaCodecs

[14/03/2009|21:34] C:\ProgramData\WLInstaller

[28/04/2009|15:38] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Lista de pastas em C:\Program Files

 

[27/04/2009|19:26] C:\Program Files\Adobe

[26/04/2009|20:23] C:\Program Files\Alwil Software

[26/04/2009|19:50] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[28/04/2009|15:38] C:\Program Files\CCleaner

[14/03/2009|21:34] C:\Program Files\CDBurnerXP

[04/05/2009|13:06] C:\Program Files\Common Files

[27/04/2009|19:52] C:\Program Files\eMule

[26/04/2009|21:40] C:\Program Files\Google

[28/04/2009|14:19] C:\Program Files\Grisoft

[14/03/2009|21:41] C:\Program Files\InstallShield Installation Information

[14/03/2009|21:39] C:\Program Files\Intel

[28/04/2009|13:34] C:\Program Files\Internet Explorer

[27/04/2009|21:18] C:\Program Files\K-Lite Codec Pack

[29/04/2009|21:02] C:\Program Files\Macromedia

[28/04/2009|14:41] C:\Program Files\Malwarebytes' Anti-Malware

[03/05/2009|19:03] C:\Program Files\Megacubo

[02/11/2006|09:35] C:\Program Files\Microsoft Games

[28/04/2009|22:57] C:\Program Files\Microsoft Office

[28/04/2009|22:56] C:\Program Files\Microsoft Visual Studio

[28/04/2009|22:57] C:\Program Files\Microsoft Works

[28/04/2009|22:53] C:\Program Files\Microsoft.NET

[20/01/2008|23:47] C:\Program Files\Movie Maker

[14/03/2009|21:34] C:\Program Files\Movie Maker 2.6

[29/04/2009|20:11] C:\Program Files\Mozilla Firefox

[02/11/2006|09:35] C:\Program Files\MSBuild

[29/04/2009|20:11] C:\Program Files\Oberon Media

[28/04/2009|16:09] C:\Program Files\Panda Security

[14/03/2009|21:41] C:\Program Files\Realtek

[02/11/2006|09:35] C:\Program Files\Reference Assemblies

[27/04/2009|19:16] C:\Program Files\SopCast

[03/05/2009|19:03] C:\Program Files\TVUPlayer

[02/11/2006|09:58] C:\Program Files\Uninstall Information

[26/04/2009|21:46] C:\Program Files\uTorrent

[27/04/2009|20:21] C:\Program Files\VistaCodecPack

[26/04/2009|20:17] C:\Program Files\Webteh

[20/01/2008|23:47] C:\Program Files\Windows Calendar

[20/01/2008|23:47] C:\Program Files\Windows Collaboration

[20/01/2008|23:47] C:\Program Files\Windows Defender

[14/03/2009|21:36] C:\Program Files\Windows Live

[14/03/2009|21:36] C:\Program Files\Windows Live Toolbar

[20/01/2008|23:47] C:\Program Files\Windows Mail

[28/04/2009|13:35] C:\Program Files\Windows Media Player

[26/04/2009|19:50] C:\Program Files\Windows NT

[20/01/2008|23:47] C:\Program Files\Windows Photo Gallery

[20/01/2008|23:47] C:\Program Files\Windows Sidebar

[27/04/2009|19:02] C:\Program Files\WinRAR

[28/04/2009|15:38] C:\Program Files\Yahoo!

 

--------------------\\ Lista de pastas em C:\Program Files\Common Files

 

[27/04/2009|19:27] C:\Program Files\Common Files\Adobe

[28/04/2009|22:57] C:\Program Files\Common Files\DESIGNER

[29/04/2009|21:01] C:\Program Files\Common Files\InstallShield

[29/04/2009|21:02] C:\Program Files\Common Files\Macromedia

[28/04/2009|23:00] C:\Program Files\Common Files\microsoft shared

[29/04/2009|19:32] C:\Program Files\Common Files\Oberon Media

[02/11/2006|08:18] C:\Program Files\Common Files\Services

[26/04/2009|19:50] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines

[28/04/2009|22:54] C:\Program Files\Common Files\System

[14/03/2009|21:37] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 57 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-05 23:47:25

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\Louise\Desktop\PC Lou\André\crack-winiso5.3.zip

C:\Users\Louise\Desktop\PC Lou\André\Elifoot2008\Elifoot2008\Crack Elifoot 2008 - equipes reais.exe

 

 

[F:24][D:23]-> C:\Users\Louise\AppData\Local\Temp

[F:88][D:1]-> C:\Users\Louise\AppData\Roaming\MICROS~1\Windows\Cookies

[F:324][D:4]-> C:\Users\Louise\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:3][D:3]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 06/05/2009| 2:29 - Option : [2]

 

---------------------------------------------

 

 

ComboFix 09-05-05.03 - Louise 06/05/2009 2:34.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.3060.2050 [GMT -3:00]

Executando de: c:\users\Louise\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Louise\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.7.1043 [VPS 090426-0] *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Norton Internet Security

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-06 to 2009-05-06 ))))))))))))))))))))))))))))

.

 

2009-05-06 01:34 . 2009-05-06 05:29 -------- d-----w C:\Lop SD

2009-05-06 01:33 . 2009-05-06 01:33 530106 ----a-w C:\LopSD.exe

2009-05-03 22:03 . 2009-05-03 22:03 -------- d-----w c:\program files\TVUPlayer

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Common Files\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\users\All Users\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Macromedia

2009-04-30 00:01 . 2009-04-30 00:01 -------- d-----w c:\windows\Downloaded Installations

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\iWin

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\Oberon Media

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\programdata\TEMP

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\users\All Users\TEMP

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\programdata\GamesBar

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\users\All Users\GamesBar

2009-04-29 22:32 . 2009-04-29 22:32 -------- d-----w c:\program files\Common Files\Oberon Media

2009-04-29 22:32 . 2009-04-29 23:11 -------- d-----w c:\program files\Oberon Media

2009-04-29 02:00 . 2004-03-22 17:17 24816 ----a-w c:\windows\system32\mdimon.dll

2009-04-29 01:57 . 2009-04-29 01:57 -------- d-----w c:\program files\Microsoft Works

2009-04-29 01:54 . 2009-04-29 01:59 -------- d-----w c:\windows\SHELLNEW

2009-04-29 01:53 . 2009-04-29 01:53 -------- d-----w c:\program files\Microsoft.NET

2009-04-28 20:03 . 2009-04-28 20:03 -------- d-----w c:\users\Louise\AppData\Local\Mozilla

2009-04-28 19:09 . 2008-06-19 19:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-04-28 19:09 . 2009-04-28 19:09 -------- d-----w c:\program files\Panda Security

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\users\Louise\AppData\Roaming\Yahoo!

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\programdata\Yahoo! Companion

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\users\All Users\Yahoo! Companion

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\program files\Yahoo!

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\program files\CCleaner

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\Louise\AppData\Roaming\Malwarebytes

2009-04-28 17:41 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 17:41 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\programdata\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\Louise\AppData\Roaming\Grisoft

2009-04-28 17:19 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\programdata\Grisoft

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\All Users\Grisoft

2009-04-28 17:14 . 2009-04-28 17:14 -------- d-----w C:\LinhaDefensiva

2009-04-28 16:29 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll

2009-04-28 15:30 . 2009-05-04 16:13 -------- d-----w C:\HiJackThis

2009-04-28 00:18 . 2004-05-18 18:16 39936 ----a-w c:\windows\system32\huffyuv.dll

2009-04-28 00:18 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll

2009-04-28 00:18 . 2006-04-02 12:47 630784 ----a-w c:\windows\system32\vp7vfw.dll

2009-04-28 00:18 . 2004-12-10 08:03 438272 ----a-w c:\windows\system32\vp6vfw.dll

2009-04-28 00:18 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll

2009-04-28 00:18 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll

2009-04-28 00:18 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll

2009-04-28 00:07 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll

2009-04-28 00:07 . 2009-04-28 00:18 -------- d-----w c:\program files\K-Lite Codec Pack

2009-04-28 00:05 . 2009-04-28 00:12 -------- d-----w c:\users\Louise\AppData\Roaming\Media Player Classic

2009-04-27 23:21 . 2009-04-27 23:21 -------- d-----w c:\program files\VistaCodecPack

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\programdata\VistaCodecs

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\users\All Users\VistaCodecs

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\programdata\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\users\All Users\eMule

2009-04-27 22:52 . 2009-04-27 22:56 -------- d-----w c:\users\Louise\AppData\Local\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\program files\eMule

2009-04-27 22:50 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll

2009-04-27 22:50 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll

2009-04-27 22:50 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll

2009-04-27 22:16 . 2009-04-27 22:16 -------- d-----w c:\program files\SopCast

2009-04-27 22:16 . 2009-05-03 22:03 -------- d-----w c:\program files\Megacubo

2009-04-27 22:14 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll

2009-04-27 22:14 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys

2009-04-27 22:14 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys

2009-04-27 22:14 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll

2009-04-27 22:14 . 2008-08-27 01:05 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys

2009-04-27 22:13 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL

2009-04-27 22:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-27 22:13 . 2008-10-21 05:25 296960 ----a-w c:\windows\system32\gdi32.dll

2009-04-27 22:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-27 22:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-27 22:13 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll

2009-04-27 22:13 . 2008-11-01 03:44 28672 ----a-w c:\windows\system32\Apphlpdm.dll

2009-04-27 22:13 . 2008-03-08 04:21 1695744 ----a-w c:\windows\system32\gameux.dll

2009-04-27 22:13 . 2008-11-01 01:21 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll

2009-04-27 22:11 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll

2009-04-27 22:10 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll

2009-04-27 21:53 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll

2009-04-27 21:53 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe

2009-04-27 21:53 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll

2009-04-27 21:53 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll

2009-04-27 21:52 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll

2009-04-27 21:52 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll

2009-04-27 21:52 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll

2009-04-27 21:52 . 2008-10-16 16:56 31232 ----a-w c:\windows\system32\wuapp.exe

2009-04-27 21:52 . 2008-10-16 17:08 162064 ----a-w c:\windows\system32\wuwebv.dll

2009-04-27 00:46 . 2009-04-27 00:46 -------- d-----w c:\program files\uTorrent

2009-04-27 00:46 . 2009-05-04 15:59 -------- d-----w c:\users\Louise\AppData\Roaming\uTorrent

2009-04-27 00:35 . 2009-04-28 00:07 -------- d-----w c:\users\Louise\AppData\Local\Google

2009-04-27 00:34 . 2009-04-27 00:35 -------- d-----w c:\users\All Users\Google

2009-04-27 00:34 . 2009-04-27 00:40 -------- d-----w c:\program files\Google

2009-04-27 00:34 . 2009-04-27 10:59 -------- d-----w c:\windows\system32\Macromed

2009-04-26 23:23 . 2009-02-05 22:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-04-26 23:23 . 2003-03-18 21:20 1060864 ----a-w c:\windows\system32\MFC71.dll

2009-04-26 23:23 . 2003-03-18 20:14 499712 ----a-w c:\windows\system32\MSVCP71.dll

2009-04-26 23:23 . 2009-04-26 23:23 -------- d-----w c:\program files\Alwil Software

2009-04-26 23:17 . 2009-04-26 23:17 -------- d-----w c:\program files\Webteh

2009-04-26 23:16 . 2009-04-27 21:54 -------- d-----w c:\users\Louise\AppData\Local\Adobe

2009-04-26 23:03 . 2009-04-26 23:03 -------- d-----w c:\users\Louise\AppData\Local\Microsoft Games

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w C:\Arquivos de programas

2009-04-24 00:26 . 2009-04-02 18:21 84480 ----a-w c:\windows\system32\ff_vfw.dll

2009-04-22 23:59 . 2009-04-22 23:59 1033728 ----a-w c:\windows\system32\VSFilter.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 01:34 . 2008-01-21 06:32 634040 ----a-w c:\windows\system32\prfh0416.dat

2009-05-06 01:34 . 2008-01-21 06:32 121690 ----a-w c:\windows\system32\prfc0416.dat

2009-04-30 00:01 . 2009-03-15 00:39 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-29 02:13 . 2009-04-26 22:54 99864 ----a-w c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-28 16:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-04-28 16:34 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-04-28 16:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-04-28 16:34 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-04-27 22:27 . 2009-03-15 00:34 -------- d-----w c:\program files\Common Files\Adobe

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Common Files\Sistema

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Arquivos Comuns

2009-03-17 03:38 . 2009-04-27 22:11 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-27 22:11 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-15 00:46 . 2009-03-15 00:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-03-15 00:41 . 2009-03-15 00:39 -------- d-----w c:\program files\Realtek

2009-03-15 00:41 . 2009-03-15 00:39 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-15 00:39 . 2009-03-15 00:39 319456 ----a-w c:\windows\DIFxAPI.dll

2009-03-15 00:39 . 2009-03-15 00:39 315392 ----a-w c:\windows\HideWin.exe

2009-03-15 00:39 . 2009-03-15 00:39 -------- d-----w c:\program files\Intel

2009-03-15 00:37 . 2009-03-15 00:35 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2009-03-15 00:36 . 2009-03-15 00:35 -------- d-----w c:\program files\Windows Live

2009-03-15 00:36 . 2009-03-15 00:36 -------- d-----w c:\program files\Windows Live Toolbar

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\CDBurnerXP

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\Movie Maker 2.6

2009-03-03 04:46 . 2009-04-27 22:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-27 22:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-27 22:10 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-27 22:11 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-27 22:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-27 22:10 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-27 22:11 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-27 22:11 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-27 22:11 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-27 22:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-27 22:11 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-27 22:10 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-02-13 08:49 . 2009-04-27 22:11 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-27 22:11 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-04-27 22:10 2033152 ----a-w c:\windows\system32\win32k.sys

2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-04_16.07.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-05-06 01:31 31064 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:02 . 2009-05-06 01:31 58054 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-04-26 22:51 . 2009-05-06 05:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-26 22:51 . 2009-05-04 16:03 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-04-26 22:51 . 2009-05-06 05:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-26 22:51 . 2009-05-04 16:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-26 22:51 . 2009-05-06 05:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-26 22:51 . 2009-05-04 16:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-26 22:55 . 2009-05-06 01:31 4798 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3789998073-3381512705-1010731803-1000_UserData.bin

+ 2006-11-02 10:33 . 2009-05-06 01:34 586980 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-05-04 13:23 586980 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-05-06 01:34 101052 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-05-04 13:23 101052 c:\windows\System32\perfc009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6A6A340C-E756-441B-AF1D-99218FAFF7FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{113C0CCF-2C83-40ED-AC38-62555A6034E9}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{5B8FFD91-5B17-486D-AFF9-7BD1FF4EB74E}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{A370EA86-0A6D-42BF-8FBD-966106BBFD70}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{16DC8953-9170-404B-A4C4-E0D0CA048806}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{6C7265A4-AA1B-493F-872C-CBC30F6EB970}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"{136E96BD-D7B6-4765-8BF3-04D9ECAB3E25}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"TCP Query User{3C251F08-F36E-4BF4-B9D9-6C960D2DFDA3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{85B1D68B-D65E-4203-9AAB-F9AFB60EF5B7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [28/04/2009 16:09 28544]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [26/04/2009 20:47 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [26/04/2009 20:47 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [26/04/2009 20:23 51792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-05 c:\windows\Tasks\User_Feed_Synchronization-{6390703D-5B3C-4525-AF11-260BD113A11C}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

 

2009-05-06 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 14:20]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F23F9139-B115-41DE-A439-28A87249A894} = 200.149.55.140 200.165.132.147

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-06 02:40

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\System32\conime.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\igfxsrvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-05-06 2:41 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-05-06 05:41

ComboFix2.txt 2009-05-04 16:08

 

Pré-execução: 276.191.543.296 bytes disponíveis

Pós execução: 275.919.257.600 bytes disponíveis

 

277 --- E O F --- 2009-04-28 16:33

 

-----------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:48:40, on 06/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

 

--

End of file - 6075 bytes

 

 

Abraços

[DigRam 144]

Bom Dia! Mescouto

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Baixe: < a-squared Free 4.0 >

 

<!> Link Opcional: < >

 

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt )

 

Abraços!

[Mescouto 0]

Boa tarde DigRam!

 

ComboFix foi desinstalado com sucesso.

 

Segue o relatório:

 

a-squared Free - Versão 4.0

Última atualização 06/05/2009 11:53:19

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 06/05/2009 11:53:41

 

c:\program files\webteh\bsplayer detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\doc detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\lang detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\plugins detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\skins detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base detectado: Trace.Directory.BSplayer!A2

c:\users\louise\appdata\roaming\microsoft\windows\start menu\programs\webteh detectado: Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\bplay.exe detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bspfilters.sam detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bsplay.exe detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bsplayer.exe.manifest detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bsrendv2.dll detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\changes.txt detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\doc\cmdline.txt detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\doc\ini_files.html detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\plugins\oldskin.dll detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\bsp.h detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\bsp.pas detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\bspplg.h detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\bspplg.pas detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\prevd.bmp detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\rgn.dat detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\rgnfs.dat detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\skin.ini detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\skinfs.ini detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\bat lite.bsz detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\mediabox v-1.bsz detectado: Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\mediabox v-2.bsz detectado: Trace.File.BSplayer!A2

Value: HKEY_USERS\S-1-5-21-3789998073-3381512705-1010731803-1000\Software\BST\bsplayerv1 --> AppPath detectado: Trace.Registry.BSplayer!A2

Value: HKEY_USERS\S-1-5-21-3789998073-3381512705-1010731803-1000\Software\BST\bsplayerv1 --> AppVer detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detectado: Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detectado: Trace.Registry.BSplayer!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@2o7[1].txt detectado: Trace.TrackingCookie.2o7!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@atdmt[1].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@google.com[1].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\cookies.sqlite:1241447916764276 detectado: Trace.TrackingCookie.zedo!A2

C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\cookies.sqlite:1241447957258276 detectado: Trace.TrackingCookie.zedo!A2

C:\Program Files\Megacubo\bin\HTML.dll detectado: Trojan.Generic!IK

C:\Users\Louise\Desktop\PC Lou\André\daemon4121-lite.exe detectado: Adware.Win32.Shopper.r!A2

C:\Users\Louise\Desktop\PC Lou\André\Total+Video+converter+3[1].12+full.rar/PATCH.exe detectado: Riskware.Hacktool.Patch.tvc310!IK

 

Analisado

 

Arquivos: 83158

Objetos: 515691

Cookies: 401

Processos: 51

 

Encontrado

 

Arquivos: 3

Objetos: 50

Cookies: 6

Processos: 0

Chaves do registro: 0

 

Fim da análise: 06/05/2009 12:26:26

Duração da análise: 0:32:45

 

C:\Users\Louise\Desktop\PC Lou\André\Total+Video+converter+3[1].12+full.rar/PATCH.exe Em quarentena Riskware.Hacktool.Patch.tvc310!IK

C:\Users\Louise\Desktop\PC Lou\André\daemon4121-lite.exe Em quarentena Adware.Win32.Shopper.r!A2

C:\Program Files\Megacubo\bin\HTML.dll Em quarentena Trojan.Generic!IK

C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\cookies.sqlite:1241447916764276 Em quarentena Trace.TrackingCookie.zedo!A2

C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\cookies.sqlite:1241447957258276 Em quarentena Trace.TrackingCookie.zedo!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@google.com[1].txt Em quarentena Trace.TrackingCookie.google.com!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@doubleclick[1].txt Em quarentena Trace.TrackingCookie.doubleclick!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@atdmt[1].txt Em quarentena Trace.TrackingCookie.atdmt!A2

C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\louise@2o7[1].txt Em quarentena Trace.TrackingCookie.2o7!A2

Value: HKEY_USERS\S-1-5-21-3789998073-3381512705-1010731803-1000\Software\BST\bsplayerv1 --> AppPath Em quarentena Trace.Registry.BSplayer!A2

Value: HKEY_USERS\S-1-5-21-3789998073-3381512705-1010731803-1000\Software\BST\bsplayerv1 --> AppVer Em quarentena Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName Em quarentena Trace.Registry.BSplayer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString Em quarentena Trace.Registry.BSplayer!A2

c:\program files\webteh\bsplayer\bplay.exe Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bspfilters.sam Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bsplay.exe Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bsplayer.exe.manifest Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\bsrendv2.dll Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\changes.txt Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\doc\cmdline.txt Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\doc\ini_files.html Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\plugins\oldskin.dll Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\bsp.h Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\bsp.pas Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\bspplg.h Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\bspplg.pas Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\prevd.bmp Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\rgn.dat Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\rgnfs.dat Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\skin.ini Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base\skinfs.ini Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\bat lite.bsz Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\mediabox v-1.bsz Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer\skins\mediabox v-2.bsz Em quarentena Trace.File.BSplayer!A2

c:\program files\webteh\bsplayer Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\doc Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\lang Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\plugins Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\skins Em quarentena Trace.Directory.BSplayer!A2

c:\program files\webteh\bsplayer\skins\base Em quarentena Trace.Directory.BSplayer!A2

c:\users\louise\appdata\roaming\microsoft\windows\start menu\programs\webteh Em quarentena Trace.Directory.BSplayer!A2

 

Em quarentena

 

Arquivos: 3

Objetos: 50

Cookies: 6

 

 

Abraços

[DigRam 144]

Boa Tarde! Mescouto

 

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo de backup. ( .reg )

<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><>

<!> Os logs estão limpos! :thumbsup:

<!> Tudo Ok?

 

Abraços!

[Mescouto 0]

Boa noite DigRam!

 

Foram feitas todas as etapas do Ccleaner. Infelizmente o problema ainda não foi solucionado. Continua abrindo o 'meu computador' a 'calculadora' e o navegador a todo instante. Após o scan do Ccleaner essas abas estão abrindo muito mais vezes. E agora? Mesmo na quarentena esse vírus ainda pode estar atacando o pc?

 

Abraço

[DigRam 144]

Boa noite DigRam!

 

Foram feitas todas as etapas do Ccleaner. Infelizmente o problema ainda não foi solucionado. Continua abrindo o 'meu computador' a 'calculadora' e o navegador a todo instante. Após o scan do Ccleaner essas abas estão abrindo muito mais vezes. E agora? Mesmo na quarentena esse vírus ainda pode estar atacando o pc?

 

Abraço

<><><><><><><><><><>

Opa! Mescouto

 

<!> Na quarentena,é impossível essa ação,mas...fora dela,isso se explica.

<><><><><><><><><><>

<@> Baixe: < Kaspersky Virus Removal Tool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Mescouto 0]

Boa noite DigRam! Algumas informações antes dos logs:

 

As etapas foram feitas. Quando apertei scan no programa, detectou 1 arquivo com problema, porém assim que terminou o scan, o programa fechou sozinho. Abri novamente e percebi que somente as três primeiras caixinhas estavam selecionadas. Selecionei todas e refiz o scan. Inacreditavelmente, pelo menos para mim, não detectou mais esse arquivo e o problema persiste. A maioria das vezes que o vírus ataca é quando liga o pc.

 

Após a instalação do Kaspersky, toda vez que ligo o pc o windows faz 3 pedidos de permissão, sendo todas rejeitadas:

 

is-40HRO.exe

is-8J2B1.exe

is-F4F63.exe

 

São executáveis confiáveis?

 

Desde que começamos essa batalha contra o vírus não instalei nada além dos progs que foram pedidos, entretanto tenho percebido meu HD cada vez com menos espaço livre.

 

Seguem os Logs:

 

Scan

----

Scanned: 365437

Detected: 0

Untreated: 0

Start time: 07/05/2009 20:23:20

Duration: 01:00:41

Finish time: 07/05/2009 21:24:01

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 365437 0 0 0 0 2040 990 0 0

System memory 1236 0 0 0 0 0 0 0 0

Startup objects 692 0 0 0 0 0 28 0 0

Disk boot sectors 2 0 0 0 0 0 0 0 0

Documentos 41 0 0 0 0 0 0 0 0

Mail databases 0 0 0 0 0 0 0 0 0

Computador 182696 0 0 0 0 1020 495 0 0

Unidade de Disco (C:) 180770 0 0 0 0 1020 467 0 0

Unidade de CD (D:) 0 0 0 0 0 0 0 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:32:25, on 07/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Virus Removal Tool1\is-7NGHM\startup.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: is-40HRO.lnk = C:\Program Files\Virus Removal Tool1\is-40HRO\startup.exe

O4 - Startup: is-7NGHM.lnk = C:\Program Files\Virus Removal Tool1\is-7NGHM\startup.exe

O4 - Startup: is-8J2B1.lnk = C:\Program Files\Virus Removal Tool1\is-8J2B1\startup.exe

O4 - Startup: is-F4F63.lnk = C:\Users\Louise\Desktop\Virus Removal Tool\is-F4F63\startup.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

 

--

End of file - 6586 bytes

 

Abraços

[DigRam 144]

Bom Dia! Mescouto

 

As etapas foram feitas. Quando apertei scan no programa, detectou 1 arquivo com problema, porém assim que terminou o scan, o programa fechou sozinho. Abri novamente e percebi que somente as três primeiras caixinhas estavam selecionadas. Selecionei todas e refiz o scan. Inacreditavelmente, pelo menos para mim, não detectou mais esse arquivo e o problema persiste. A maioria das vezes que o vírus ataca é quando liga o pc.

<!> Aparentemente e segundo as análises,o PC está isento de malwares.

 

Após a instalação do Kaspersky, toda vez que ligo o pc o windows faz 3 pedidos de permissão, sendo todas rejeitadas:

 

is-40HRO.exe

is-8J2B1.exe

is-F4F63.exe

 

São executáveis confiáveis?

<!> Sim! Mas serão removidas,pois pertencem ao KVRT.

 

Desde que começamos essa batalha contra o vírus não instalei nada além dos progs que foram pedidos, entretanto tenho percebido meu HD cada vez com menos espaço livre.

<!> Ao final,os programas serão removidos.

<><><><><><><><><><>

<!> Desinstale: ig <-- Estabeleça seu próprio discador!

<><><><><><><><><><>

<@> Faça um escaneamento,online,em Eset.

<@> Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Mescouto 0]

Bom dia DigRam!

 

Duas coisas:

 

1° - Não uso o discador ig. Fiz um discador Velox e só me conecto através dele. Ao ligar o pc aparece o Dial-up, mas não entro por ele e sim pelo que fiz.

 

2° - O log no site do ESET não foi possível. Aparece a mensagem: "Error: Cannot initialize OnlineScanner. Administrator rights required." Estranho, pois no pc tem apenas 1 conta no nome de Louise (minha noiva) e não utilizamos senha. Já fiz logoff, reiniciei o pc, desativei firewall e avast, mas nada fez o scan do ESET iniciar. Quando se tem uma conta só, ela já não é o admin?

 

Abraço

[DigRam 144]

Bom dia DigRam!

 

Duas coisas:

 

1° - Não uso o discador ig. Fiz um discador Velox e só me conecto através dele. Ao ligar o pc aparece o Dial-up, mas não entro por ele e sim pelo que fiz.

 

2° - O log no site do ESET não foi possível. Aparece a mensagem: "Error: Cannot initialize OnlineScanner. Administrator rights required." Estranho, pois no pc tem apenas 1 conta no nome de Louise (minha noiva) e não utilizamos senha. Já fiz logoff, reiniciei o pc, desativei firewall e avast, mas nada fez o scan do ESET iniciar. Quando se tem uma conta só, ela já não é o admin?

 

Abraço

<><><><><><><><>

Opa! Mescouto

 

<!> Faça o escaneamento,em Eset,utilizando o Modo de Segurança em rede.

<!> Nessa modalidade,de scan,terás a opção de iniciá-la como administrador.

 

Abraços!

[Mescouto 0]

Boa madrugada DigRam!

 

Não consegui entrar na rede no modo de segurança. Por mais que eu reiniciasse no modo seguro com rede, ele me indicava que nao tinha rede disponível. Fiz o seguinte: Reiniciei em modo normal e desativei o modo protegido do vista, o anti-spy, o avast e o firewall. Aí o ESET funcionou e pude fazer o scan.

 

Num post anterior, eu tinha reportado que meu HD estava com cada vez menos espaço vazio. Quando esse problema começou o HD tinha 265 GB livres. Hoje, mesmo instalando somente os programas recomendados (que são pequenos), estou com 240 GB! Como sumiram 25 GB? Esse problema pode estar danificando meu HD?

 

Seguem os Logs:

 

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=4063 (20090508)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.066 (20070917)

# EOSSerial=218a106292a02244b2c8eaeacbaa1dc5

# end=finished

# remove_checked=true

# unwanted_checked=true

# utc_time=2009-05-10 03:14:30

# local_time=2009-05-10 12:14:30 (-0300, Hora oficial do Brasil)

# country="Brazil"

# osver=6.0.6001 NT Service Pack 1

# scanned=211773

# found=0

# scan_time=1917

 

-----------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:24:30, on 10/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Virus Removal Tool1\is-AUQ36\is-AUQ36.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Virus Removal Tool1\is-40HRO\is-40HRO.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\wuauclt.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: is-40HRO.lnk = C:\Program Files\Virus Removal Tool1\is-40HRO\startup.exe

O4 - Startup: is-7NGHM.lnk = C:\Program Files\Virus Removal Tool1\is-7NGHM\startup.exe

O4 - Startup: is-8J2B1.lnk = C:\Program Files\Virus Removal Tool1\is-8J2B1\startup.exe

O4 - Startup: is-AUQ36.lnk = C:\Program Files\Virus Removal Tool1\is-AUQ36\startup.exe

O4 - Startup: is-F4F63.lnk = C:\Users\Louise\Desktop\Virus Removal Tool\is-F4F63\startup.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

 

--

End of file - 6963 bytes

 

 

Abraços

[DigRam 144]

Bom Dia! Mescouto

 

Num post anterior, eu tinha reportado que meu HD estava com cada vez menos espaço vazio. Quando esse problema começou o HD tinha 265 GB livres. Hoje, mesmo instalando somente os programas recomendados (que são pequenos), estou com 240 GB! Como sumiram 25 GB? Esse problema pode estar danificando meu HD?

<!> Erros lógicos,no HD,podem caracterizar essa perda de 25GB.

<!> Existe uma pequena possibilidade,de avaria ao HD.

<><><><><><><><><>

<@> Feche algum programa que esteja aberto,e abra o HijackThis.

<@> Clique: Do a system scan only --> Marque,abaixo,estas entradas.

 

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

 

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

 

O4 - Startup: is-40HRO.lnk = C:\Program Files\Virus Removal Tool1\is-40HRO\startup.exe

 

O4 - Startup: is-7NGHM.lnk = C:\Program Files\Virus Removal Tool1\is-7NGHM\startup.exe

 

O4 - Startup: is-8J2B1.lnk = C:\Program Files\Virus Removal Tool1\is-8J2B1\startup.exe

 

O4 - Startup: is-F4F63.lnk = C:\Users\Louise\Desktop\Virus Removal Tool\is-F4F63\startup.exe

 

<@> Clique em Fix checked --> Sim!

<><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Users\Louise\Desktop\Virus Removal Tool\is-F4F63\startup.exe

C:\Users\Louise\Desktop\Virus Removal Tool\is-F4F63\is-F4F63.exe

C:\Program Files\Virus Removal Tool1\is-AUQ36\is-AUQ36.exe

C:\Program Files\Virus Removal Tool1\is-40HRO\is-40HRO.exe

C:\Program Files\Virus Removal Tool1\is-8J2B1\is-8J2B1.exe

C:\Program Files\Virus Removal Tool1\is-7NGHM\is-7NGHM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 1 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=-

"Persistence"=-

Folder::

C:\Users\Louise\Desktop\Virus Removal Tool\is-F4F63

C:\Program Files\Virus Removal Tool1\is-8J2B1

C:\Program Files\Virus Removal Tool1\is-7NGHM

C:\Program Files\Virus Removal Tool1\is-40HRO

C:\Program Files\Virus Removal Tool1\is-AUQ36

C:\Users\Louise\Desktop\Virus Removal Tool

C:\Program Files\Virus Removal Tool1

C:\LinhaDefensiva

Driver::

"igfxsrvc"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mescouto 0]

Bom dia DigRam!

 

Em relação ao último post, a única diferença no meu pc é que instalei a multifuncional.

 

Seguem os logs:

 

ComboFix 09-05-09.01 - Louise 10/05/2009 11:04.3 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.3060.2041 [GMT -3:00]

Executando de: c:\users\Louise\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Louise\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.7.1043 [VPS 090426-0] *On-access scanning enabled* (Updated)

 

FILE ::

c:\program files\Virus Removal Tool1\is-40HRO\is-40HRO.exe

c:\program files\Virus Removal Tool1\is-7NGHM\is-7NGHM.exe

c:\program files\Virus Removal Tool1\is-8J2B1\is-8J2B1.exe

c:\program files\Virus Removal Tool1\is-AUQ36\is-AUQ36.exe

c:\users\Louise\Desktop\Virus Removal Tool\is-F4F63\is-F4F63.exe

c:\users\Louise\Desktop\Virus Removal Tool\is-F4F63\startup.exe

c:\windows\System32\igfxpers.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\System32\igfxtray.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\LinhaDefensiva

c:\linhadefensiva\.zip

c:\linhadefensiva\download.exe

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\md5.exe

c:\linhadefensiva\pv.exe

c:\linhadefensiva\readme.txt

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\unzip.exe

c:\linhadefensiva\VERSION

c:\linhadefensiva\webversion.info

c:\program files\Virus Removal Tool1\is-40HRO\advdis.ppl

c:\program files\Virus Removal Tool1\is-40HRO\arj.ppl

c:\program files\Virus Removal Tool1\is-40HRO\arjpack.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avlib.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avp.dt

c:\program files\Virus Removal Tool1\is-40HRO\Avp_io32.dll

c:\program files\Virus Removal Tool1\is-40HRO\avp_iont.dll

c:\program files\Virus Removal Tool1\is-40HRO\avp1.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avp3info.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avpgs.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avpgui.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avpmgr.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avs.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avspm.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avzkrnl.dll

c:\program files\Virus Removal Tool1\is-40HRO\avzproxy.ppl

c:\program files\Virus Removal Tool1\is-40HRO\avzscan.ppl

c:\program files\Virus Removal Tool1\is-40HRO\base64.ppl

c:\program files\Virus Removal Tool1\is-40HRO\base64p.ppl

c:\program files\Virus Removal Tool1\is-40HRO\basegui.ppl

c:\program files\Virus Removal Tool1\is-40HRO\bases\avp_x.set

c:\program files\Virus Removal Tool1\is-40HRO\bases\backup.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\bt.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\engine.dt

c:\program files\Virus Removal Tool1\is-40HRO\bases\keylogger.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\klavemu.kdl

c:\program files\Virus Removal Tool1\is-40HRO\bases\klavemu.kfb

c:\program files\Virus Removal Tool1\is-40HRO\bases\krnldrv.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\megabase.avc

c:\program files\Virus Removal Tool1\is-40HRO\bases\neural.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\neurald.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\neurale.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\neuralm.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\ports.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\prt.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\repair.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\rootkit.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\scripts.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signf001.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signf002.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signf003.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signf004.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signf005.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signfavp.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\signfusr.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\sr.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\srdb.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\startup.ini

c:\program files\Virus Removal Tool1\is-40HRO\bases\syscheck.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\sysipu.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\tsw.avz

c:\program files\Virus Removal Tool1\is-40HRO\bases\verdicts.ini

c:\program files\Virus Removal Tool1\is-40HRO\bl.ppl

c:\program files\Virus Removal Tool1\is-40HRO\btdisk.ppl

c:\program files\Virus Removal Tool1\is-40HRO\btimages.ppl

c:\program files\Virus Removal Tool1\is-40HRO\buffer.ppl

c:\program files\Virus Removal Tool1\is-40HRO\cab.ppl

c:\program files\Virus Removal Tool1\is-40HRO\crpthlpr.ppl

c:\program files\Virus Removal Tool1\is-40HRO\data\BTImages.dat

c:\program files\Virus Removal Tool1\is-40HRO\data\sfdb.dat

c:\program files\Virus Removal Tool1\is-40HRO\deflate.ppl

c:\program files\Virus Removal Tool1\is-40HRO\dmap.ppl

c:\program files\Virus Removal Tool1\is-40HRO\drivers\13480879.cat

c:\program files\Virus Removal Tool1\is-40HRO\drivers\13480879.inf

c:\program files\Virus Removal Tool1\is-40HRO\drivers\13480879.sys

c:\program files\Virus Removal Tool1\is-40HRO\drivers\drvins32.exe

c:\program files\Virus Removal Tool1\is-40HRO\dtreg.ppl

c:\program files\Virus Removal Tool1\is-40HRO\explode.ppl

c:\program files\Virus Removal Tool1\is-40HRO\filemap.ppl

c:\program files\Virus Removal Tool1\is-40HRO\fsdrvplg.ppl

c:\program files\Virus Removal Tool1\is-40HRO\fssync.dll

c:\program files\Virus Removal Tool1\is-40HRO\getsi.dll

c:\program files\Virus Removal Tool1\is-40HRO\hashcont.ppl

c:\program files\Virus Removal Tool1\is-40HRO\hashmd5.ppl

c:\program files\Virus Removal Tool1\is-40HRO\hccmp.ppl

c:\program files\Virus Removal Tool1\is-40HRO\ichk2.ppl

c:\program files\Virus Removal Tool1\is-40HRO\inflate.ppl

c:\program files\Virus Removal Tool1\is-40HRO\inifile.ppl

c:\program files\Virus Removal Tool1\is-40HRO\is-40HRO.cfg

c:\program files\Virus Removal Tool1\is-40HRO\is-40HRO.com

c:\program files\Virus Removal Tool1\is-40HRO\is-40HRO.exe

c:\program files\Virus Removal Tool1\is-40HRO\iwgen.ppl

c:\program files\Virus Removal Tool1\is-40HRO\kldirobj.dll

c:\program files\Virus Removal Tool1\is-40HRO\klipc.dll

c:\program files\Virus Removal Tool1\is-40HRO\l_llio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\lha.ppl

c:\program files\Virus Removal Tool1\is-40HRO\mailmsg.ppl

c:\program files\Virus Removal Tool1\is-40HRO\mdmap.ppl

c:\program files\Virus Removal Tool1\is-40HRO\memmodsc.ppl

c:\program files\Virus Removal Tool1\is-40HRO\memscan.ppl

c:\program files\Virus Removal Tool1\is-40HRO\Microsoft.VC80.CRT.manifest

c:\program files\Virus Removal Tool1\is-40HRO\minizip.ppl

c:\program files\Virus Removal Tool1\is-40HRO\minst.exe

c:\program files\Virus Removal Tool1\is-40HRO\mkavio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\msoe.ppl

c:\program files\Virus Removal Tool1\is-40HRO\msvcm80.dll

c:\program files\Virus Removal Tool1\is-40HRO\msvcp80.dll

c:\program files\Virus Removal Tool1\is-40HRO\msvcr80.dll

c:\program files\Virus Removal Tool1\is-40HRO\nfio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\ntfsstrm.ppl

c:\program files\Virus Removal Tool1\is-40HRO\ods.ppl

c:\program files\Virus Removal Tool1\is-40HRO\params.ppl

c:\program files\Virus Removal Tool1\is-40HRO\passdmap.ppl

c:\program files\Virus Removal Tool1\is-40HRO\pdm.ppl

c:\program files\Virus Removal Tool1\is-40HRO\pdm2rt.ppl

c:\program files\Virus Removal Tool1\is-40HRO\prkernel.ppl

c:\program files\Virus Removal Tool1\is-40HRO\prloader.dll

c:\program files\Virus Removal Tool1\is-40HRO\procmon.ppl

c:\program files\Virus Removal Tool1\is-40HRO\prremote.dll

c:\program files\Virus Removal Tool1\is-40HRO\prseqio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\prutil.ppl

c:\program files\Virus Removal Tool1\is-40HRO\pxstub.ppl

c:\program files\Virus Removal Tool1\is-40HRO\qb.ppl

c:\program files\Virus Removal Tool1\is-40HRO\rar.ppl

c:\program files\Virus Removal Tool1\is-40HRO\reggrd.ppl

c:\program files\Virus Removal Tool1\is-40HRO\regmap.ppl

c:\program files\Virus Removal Tool1\is-40HRO\report.ppl

c:\program files\Virus Removal Tool1\is-40HRO\report\0003_Scan_Objects_eventlog.rpt

c:\program files\Virus Removal Tool1\is-40HRO\report\0006_Scan_Objects_eventlog.rpt

c:\program files\Virus Removal Tool1\is-40HRO\report\detected.idx

c:\program files\Virus Removal Tool1\is-40HRO\report\detected.rpt

c:\program files\Virus Removal Tool1\is-40HRO\report\eventlog.rpt

c:\program files\Virus Removal Tool1\is-40HRO\report\report.rpt

c:\program files\Virus Removal Tool1\is-40HRO\resip.ppl

c:\program files\Virus Removal Tool1\is-40HRO\scmhlpr.dll

c:\program files\Virus Removal Tool1\is-40HRO\sfdb.ppl

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\avz.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\avzkrnl.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\credits.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\hints.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\iso3166-1.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\main.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\oas.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\prot.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\report.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\scan.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\service.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\en\settings.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\enums.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\activity.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\application.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\Arrow.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\background.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\badmail.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\banner.gif

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\Banner.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\battery.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\bootsect.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\collapse.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\danger24.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\danger32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\dialer.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\disk.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\display.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\error.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\expand.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\floppy.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\Goodmail.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\gripper.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\help.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\help16.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\i16.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\i24.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\i32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\ids.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\ie.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\info.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\integrity.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\internet.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\internet16.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\intranet.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kav_en.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kav_ru.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kav2006.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kav2006rus.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_bs.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_caps.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_ctrl.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_enter.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_lshift.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_normal.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_rshift.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_slash.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_space.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kbdbtn_tab.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\key.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\kl.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\local.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\lockbutton.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\locked.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\logo.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\mail.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\mail_bad.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\main_off16.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\main_off32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\main_on16.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\main_on32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\memory.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\msg_bad.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\msg_deleted.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\msg_good.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\msg_new.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\msg_question.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\navstate.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\navstate2.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\network.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\nonrecursive.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\notepad.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\Notify.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\office.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\ok.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\ok24.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\ok32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\password.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\pause.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\popup_allowed.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\popup_blocked.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\Privacy.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\rdisk.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\regedit.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\regicons.ico

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\run.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\settings.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\startupobj.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\stealth.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\stop.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\t_hdr.bmp

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\t_row.bmp

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\taskbar.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\antihacker32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\antihackerX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\antispam32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\antispamX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\antispy32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\antispyX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\datafiles.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\datafiles32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\file32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\fileX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\mail32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\mailX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\pdm32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\pdmX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\prot32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\protection.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\scan32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\scanX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\support.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\support32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\updater32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\updaterX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\web32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\tasks\webX.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\title.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\trusted.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\unkobj.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\unlocked.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\visa.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\warning.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\warning24.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\warning32.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\images\wizard.png

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\avz.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\main.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\oas.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\prot.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\report.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\scan.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\service.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\layout\settings.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\prot.loc

c:\program files\Virus Removal Tool1\is-40HRO\skin\skin.ini

c:\program files\Virus Removal Tool1\is-40HRO\skin\sounds\Infected.wav

c:\program files\Virus Removal Tool1\is-40HRO\startup.exe

c:\program files\Virus Removal Tool1\is-40HRO\stdcomp.ppl

c:\program files\Virus Removal Tool1\is-40HRO\stenum2.ppl

c:\program files\Virus Removal Tool1\is-40HRO\stored.ppl

c:\program files\Virus Removal Tool1\is-40HRO\superio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\tempfile.ppl

c:\program files\Virus Removal Tool1\is-40HRO\thpimpl.ppl

c:\program files\Virus Removal Tool1\is-40HRO\timer.ppl

c:\program files\Virus Removal Tool1\is-40HRO\tm.ppl

c:\program files\Virus Removal Tool1\is-40HRO\unarj.ppl

c:\program files\Virus Removal Tool1\is-40HRO\uniarc.ppl

c:\program files\Virus Removal Tool1\is-40HRO\unlzx.ppl

c:\program files\Virus Removal Tool1\is-40HRO\unreduce.ppl

c:\program files\Virus Removal Tool1\is-40HRO\unshrink.ppl

c:\program files\Virus Removal Tool1\is-40HRO\unstored.ppl

c:\program files\Virus Removal Tool1\is-40HRO\vmarea.ppl

c:\program files\Virus Removal Tool1\is-40HRO\wdiskio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\winreg.ppl

c:\program files\Virus Removal Tool1\is-40HRO\xorio.ppl

c:\program files\Virus Removal Tool1\is-40HRO\zcompare.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\advdis.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\arj.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\arjpack.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avlib.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avp.dt

c:\program files\Virus Removal Tool1\is-7NGHM\Avp_io32.dll

c:\program files\Virus Removal Tool1\is-7NGHM\avp_iont.dll

c:\program files\Virus Removal Tool1\is-7NGHM\avp1.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avp3info.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avpgs.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avpgui.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avpmgr.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avs.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avspm.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avzkrnl.dll

c:\program files\Virus Removal Tool1\is-7NGHM\avzproxy.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\avzscan.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\base64.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\base64p.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\basegui.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\bases\avp_x.set

c:\program files\Virus Removal Tool1\is-7NGHM\bases\backup.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\bt.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\engine.dt

c:\program files\Virus Removal Tool1\is-7NGHM\bases\keylogger.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\klavemu.kdl

c:\program files\Virus Removal Tool1\is-7NGHM\bases\klavemu.kfb

c:\program files\Virus Removal Tool1\is-7NGHM\bases\krnldrv.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\megabase.avc

c:\program files\Virus Removal Tool1\is-7NGHM\bases\neural.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\neurald.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\neurale.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\neuralm.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\ports.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\prt.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\repair.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\rootkit.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\scripts.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signf001.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signf002.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signf003.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signf004.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signf005.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signfavp.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\signfusr.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\sr.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\srdb.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\startup.ini

c:\program files\Virus Removal Tool1\is-7NGHM\bases\syscheck.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\sysipu.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\tsw.avz

c:\program files\Virus Removal Tool1\is-7NGHM\bases\verdicts.ini

c:\program files\Virus Removal Tool1\is-7NGHM\bl.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\btdisk.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\btimages.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\buffer.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\cab.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\crpthlpr.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\data\BTImages.dat

c:\program files\Virus Removal Tool1\is-7NGHM\data\sfdb.dat

c:\program files\Virus Removal Tool1\is-7NGHM\deflate.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\dmap.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\drivers\66382640.cat

c:\program files\Virus Removal Tool1\is-7NGHM\drivers\66382640.inf

c:\program files\Virus Removal Tool1\is-7NGHM\drivers\66382640.sys

c:\program files\Virus Removal Tool1\is-7NGHM\drivers\drvins32.exe

c:\program files\Virus Removal Tool1\is-7NGHM\dtreg.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\explode.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\filemap.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\fsdrvplg.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\fssync.dll

c:\program files\Virus Removal Tool1\is-7NGHM\getsi.dll

c:\program files\Virus Removal Tool1\is-7NGHM\hashcont.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\hashmd5.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\hccmp.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\ichk2.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\inflate.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\inifile.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\is-7NGHM.cfg

c:\program files\Virus Removal Tool1\is-7NGHM\is-7NGHM.com

c:\program files\Virus Removal Tool1\is-7NGHM\is-7NGHM.exe

c:\program files\Virus Removal Tool1\is-7NGHM\iwgen.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\kldirobj.dll

c:\program files\Virus Removal Tool1\is-7NGHM\klipc.dll

c:\program files\Virus Removal Tool1\is-7NGHM\l_llio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\lha.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\mailmsg.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\mdmap.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\memmodsc.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\memscan.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\Microsoft.VC80.CRT.manifest

c:\program files\Virus Removal Tool1\is-7NGHM\minizip.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\minst.exe

c:\program files\Virus Removal Tool1\is-7NGHM\mkavio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\msoe.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\msvcm80.dll

c:\program files\Virus Removal Tool1\is-7NGHM\msvcp80.dll

c:\program files\Virus Removal Tool1\is-7NGHM\msvcr80.dll

c:\program files\Virus Removal Tool1\is-7NGHM\nfio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\ntfsstrm.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\ods.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\params.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\passdmap.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\pdm.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\pdm2rt.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\prkernel.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\prloader.dll

c:\program files\Virus Removal Tool1\is-7NGHM\procmon.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\prremote.dll

c:\program files\Virus Removal Tool1\is-7NGHM\prseqio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\prutil.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\pxstub.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\qb.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\rar.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\reggrd.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\regmap.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\report.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\report\0003_Scan_Objects_eventlog.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\report\0006_Scan_Objects_eventlog.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\report\0008_Scan_Objects_eventlog.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\report\000f_Scan_Objects_eventlog.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\report\detected.idx

c:\program files\Virus Removal Tool1\is-7NGHM\report\detected.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\report\eventlog.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\report\report.rpt

c:\program files\Virus Removal Tool1\is-7NGHM\resip.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\scmhlpr.dll

c:\program files\Virus Removal Tool1\is-7NGHM\sfdb.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\avz.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\avzkrnl.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\credits.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\hints.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\iso3166-1.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\main.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\oas.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\prot.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\report.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\scan.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\service.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\en\settings.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\enums.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\activity.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\application.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\Arrow.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\background.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\badmail.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\banner.gif

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\Banner.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\battery.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\bootsect.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\collapse.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\danger24.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\danger32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\dialer.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\disk.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\display.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\error.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\expand.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\floppy.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\Goodmail.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\gripper.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\help.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\help16.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\i16.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\i24.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\i32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\ids.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\ie.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\info.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\integrity.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\internet.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\internet16.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\intranet.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kav_en.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kav_ru.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kav2006.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kav2006rus.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_bs.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_caps.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_ctrl.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_enter.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_lshift.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_normal.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_rshift.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_slash.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_space.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kbdbtn_tab.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\key.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\kl.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\local.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\lockbutton.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\locked.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\logo.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\mail.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\mail_bad.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\main_off16.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\main_off32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\main_on16.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\main_on32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\memory.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\msg_bad.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\msg_deleted.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\msg_good.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\msg_new.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\msg_question.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\navstate.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\navstate2.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\network.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\nonrecursive.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\notepad.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\Notify.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\office.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\ok.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\ok24.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\ok32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\password.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\pause.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\popup_allowed.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\popup_blocked.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\Privacy.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\rdisk.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\regedit.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\regicons.ico

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\run.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\settings.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\startupobj.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\stealth.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\stop.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\t_hdr.bmp

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\t_row.bmp

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\taskbar.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\antihacker32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\antihackerX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\antispam32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\antispamX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\antispy32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\antispyX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\datafiles.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\datafiles32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\file32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\fileX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\mail32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\mailX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\pdm32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\pdmX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\prot32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\protection.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\scan32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\scanX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\support.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\support32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\updater32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\updaterX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\web32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\tasks\webX.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\title.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\trusted.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\unkobj.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\unlocked.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\visa.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\warning.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\warning24.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\warning32.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\images\wizard.png

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\avz.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\main.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\oas.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\prot.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\report.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\scan.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\service.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\layout\settings.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\prot.loc

c:\program files\Virus Removal Tool1\is-7NGHM\skin\skin.ini

c:\program files\Virus Removal Tool1\is-7NGHM\skin\sounds\Infected.wav

c:\program files\Virus Removal Tool1\is-7NGHM\startup.exe

c:\program files\Virus Removal Tool1\is-7NGHM\stdcomp.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\stenum2.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\stored.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\superio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\tempfile.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\thpimpl.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\timer.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\tm.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\unarj.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\uniarc.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\unlzx.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\unreduce.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\unshrink.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\unstored.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\vmarea.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\wdiskio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\winreg.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\xorio.ppl

c:\program files\Virus Removal Tool1\is-7NGHM\zcompare.ppl

c:\program files\Virus Removal Tool1\Log.bat

c:\program files\Virus Removal Tool1\Scan.bat

c:\program files\Virus Removal Tool1\Script.bat

c:\program files\Virus Removal Tool1\Start.lnk

c:\program files\Virus Removal Tool1\unins000.dat

c:\program files\Virus Removal Tool1\unins000.exe

c:\windows\System32\igfxpers.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\System32\igfxtray.exe

c:\program files\Virus Removal Tool1 . . . . falha na exclusão

c:\program files\Virus Removal Tool1\is-8J2B1 . . . . falha na exclusão

c:\program files\Virus Removal Tool1\is-AUQ36 . . . . falha na exclusão

c:\users\Louise\Desktop\Virus Removal Tool . . . . falha na exclusão

c:\users\Louise\Desktop\Virus Removal Tool\is-F4F63 . . . . falha na exclusão

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-10 to 2009-05-10 ))))))))))))))))))))))))))))

.

 

2009-05-10 02:29 . 2009-05-10 03:14 -------- d-----w c:\program files\EsetOnlineScanner

2009-05-10 02:05 . 2009-05-10 02:05 -------- d-----w c:\programdata\is-AUQ36

2009-05-10 02:05 . 2009-05-10 02:05 -------- d-----w c:\users\All Users\is-AUQ36

2009-05-10 02:05 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\73615330.sys

2009-05-09 22:38 . 2009-05-09 22:38 -------- d-----w c:\programdata\WEBREG

2009-05-09 22:38 . 2009-05-09 22:38 -------- d-----w c:\users\All Users\WEBREG

2009-05-09 22:38 . 2009-05-09 22:38 -------- d-----w c:\users\Louise\AppData\Roaming\HP

2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w c:\programdata\Hewlett-Packard

2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w c:\users\All Users\Hewlett-Packard

2009-05-09 22:32 . 2009-05-09 22:32 -------- d-----w c:\programdata\HP Product Assistant

2009-05-09 22:32 . 2009-05-09 22:32 -------- d-----w c:\users\All Users\HP Product Assistant

2009-05-09 22:31 . 2009-05-09 22:31 -------- d-----w c:\program files\Hewlett-Packard

2009-05-09 22:31 . 2009-05-09 22:31 -------- d-----w c:\program files\Common Files\Hewlett-Packard

2009-05-09 22:30 . 2009-05-09 22:30 -------- d-----w c:\program files\Common Files\HP

2009-05-09 22:29 . 2007-11-08 14:56 271704 ----a-w c:\windows\system32\hpzids01.dll

2009-05-09 22:29 . 2007-10-20 21:25 118272 ----a-w c:\windows\system32\hpz3l5mu.dll

2009-05-09 22:29 . 2007-10-30 09:25 372736 ----a-w c:\windows\system32\hppldcoi.dll

2009-05-09 22:29 . 2007-10-21 16:45 729088 ----a-w c:\windows\system32\hpowiax7.dll

2009-05-09 22:29 . 2007-10-21 16:45 581632 ----a-w c:\windows\system32\hpotscl6.dll

2009-05-09 22:29 . 2007-10-21 16:45 303104 ----a-w c:\windows\system32\hpovst15.dll

2009-05-09 22:28 . 2009-05-09 22:32 -------- d-----w c:\program files\HP

2009-05-09 22:26 . 2009-05-09 22:38 167995 ----a-w c:\windows\hpoins28.dat

2009-05-09 22:26 . 2009-05-09 22:38 -------- d-----w c:\programdata\HP

2009-05-09 22:26 . 2009-05-09 22:38 -------- d-----w c:\users\All Users\HP

2009-05-07 23:23 . 2009-05-07 23:23 -------- d-----w c:\programdata\is-40HRO

2009-05-07 23:23 . 2009-05-07 23:23 -------- d-----w c:\users\All Users\is-40HRO

2009-05-07 23:23 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\13480879.sys

2009-05-07 17:16 . 2009-05-07 17:16 -------- d-----w c:\programdata\is-7NGHM

2009-05-07 17:16 . 2009-05-07 17:16 -------- d-----w c:\users\All Users\is-7NGHM

2009-05-07 17:16 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\66382640.sys

2009-05-07 16:46 . 2009-05-07 16:46 -------- d-----w c:\programdata\is-8J2B1

2009-05-07 16:46 . 2009-05-07 16:46 -------- d-----w c:\users\All Users\is-8J2B1

2009-05-07 16:46 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\69974158.sys

2009-05-07 16:46 . 2009-05-10 14:18 -------- d-----w c:\program files\Virus Removal Tool1

2009-05-07 16:42 . 2009-05-07 16:42 -------- d-----w c:\programdata\is-F4F63

2009-05-07 16:42 . 2009-05-07 16:42 -------- d-----w c:\users\All Users\is-F4F63

2009-05-07 16:42 . 2009-05-10 14:27 143880224 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-07 16:42 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\93612192.sys

2009-05-07 15:43 . 2009-05-07 16:32 39095032 ----a-w c:\program files\setup_7.0.0.290_07.05.2009_18-52.exe

2009-05-06 14:51 . 2009-05-06 14:52 -------- d-----w c:\program files\a-squared Free

2009-05-06 14:45 . 2009-05-06 14:49 49148496 ----a-w c:\program files\a2FreeSetup.exe

2009-05-06 01:34 . 2009-05-06 05:29 -------- d-----w C:\Lop SD

2009-05-06 01:33 . 2009-05-06 01:33 530106 ----a-w C:\LopSD.exe

2009-05-03 22:03 . 2009-05-03 22:03 -------- d-----w c:\program files\TVUPlayer

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Common Files\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\users\All Users\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Macromedia

2009-04-30 00:01 . 2009-04-30 00:01 -------- d-----w c:\windows\Downloaded Installations

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\iWin

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\Oberon Media

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\programdata\TEMP

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\users\All Users\TEMP

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\programdata\GamesBar

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\users\All Users\GamesBar

2009-04-29 22:32 . 2009-04-29 22:32 -------- d-----w c:\program files\Common Files\Oberon Media

2009-04-29 22:32 . 2009-04-29 23:11 -------- d-----w c:\program files\Oberon Media

2009-04-29 02:00 . 2004-03-22 17:17 24816 ----a-w c:\windows\system32\mdimon.dll

2009-04-29 01:57 . 2009-04-29 01:57 -------- d-----w c:\program files\Microsoft Works

2009-04-29 01:54 . 2009-04-29 01:59 -------- d-----w c:\windows\SHELLNEW

2009-04-29 01:53 . 2009-04-29 01:53 -------- d-----w c:\program files\Microsoft.NET

2009-04-28 20:03 . 2009-04-28 20:03 -------- d-----w c:\users\Louise\AppData\Local\Mozilla

2009-04-28 19:09 . 2008-06-19 19:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-04-28 19:09 . 2009-04-28 19:09 -------- d-----w c:\program files\Panda Security

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\users\Louise\AppData\Roaming\Yahoo!

2009-04-28 18:38 . 2009-05-08 23:24 -------- d-----w c:\program files\Yahoo!

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\program files\CCleaner

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\Louise\AppData\Roaming\Malwarebytes

2009-04-28 17:41 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 17:41 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\programdata\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\Louise\AppData\Roaming\Grisoft

2009-04-28 17:19 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\programdata\Grisoft

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\All Users\Grisoft

2009-04-28 16:29 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll

2009-04-28 15:30 . 2009-05-10 13:58 -------- d-----w C:\HiJackThis

2009-04-28 00:18 . 2004-05-18 18:16 39936 ----a-w c:\windows\system32\huffyuv.dll

2009-04-28 00:18 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll

2009-04-28 00:18 . 2006-04-02 12:47 630784 ----a-w c:\windows\system32\vp7vfw.dll

2009-04-28 00:18 . 2004-12-10 08:03 438272 ----a-w c:\windows\system32\vp6vfw.dll

2009-04-28 00:18 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll

2009-04-28 00:18 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll

2009-04-28 00:18 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll

2009-04-28 00:07 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll

2009-04-28 00:07 . 2009-04-28 00:18 -------- d-----w c:\program files\K-Lite Codec Pack

2009-04-28 00:05 . 2009-04-28 00:12 -------- d-----w c:\users\Louise\AppData\Roaming\Media Player Classic

2009-04-27 23:21 . 2009-04-27 23:21 -------- d-----w c:\program files\VistaCodecPack

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\programdata\VistaCodecs

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\users\All Users\VistaCodecs

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\programdata\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\users\All Users\eMule

2009-04-27 22:52 . 2009-04-27 22:56 -------- d-----w c:\users\Louise\AppData\Local\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\program files\eMule

2009-04-27 22:50 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll

2009-04-27 22:50 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll

2009-04-27 22:50 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll

2009-04-27 22:16 . 2009-04-27 22:16 -------- d-----w c:\program files\SopCast

2009-04-27 22:14 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll

2009-04-27 22:14 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys

2009-04-27 22:14 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys

2009-04-27 22:14 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll

2009-04-27 22:14 . 2008-08-27 01:05 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys

2009-04-27 22:13 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL

2009-04-27 22:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-27 22:13 . 2008-10-21 05:25 296960 ----a-w c:\windows\system32\gdi32.dll

2009-04-27 22:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-27 22:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-27 22:13 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll

2009-04-27 22:13 . 2008-11-01 03:44 28672 ----a-w c:\windows\system32\Apphlpdm.dll

2009-04-27 22:13 . 2008-03-08 04:21 1695744 ----a-w c:\windows\system32\gameux.dll

2009-04-27 22:13 . 2008-11-01 01:21 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll

2009-04-27 22:11 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll

2009-04-27 22:10 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll

2009-04-27 21:53 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll

2009-04-27 21:53 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe

2009-04-27 21:53 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll

2009-04-27 21:53 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll

2009-04-27 21:52 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll

2009-04-27 21:52 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll

2009-04-27 21:52 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll

2009-04-27 21:52 . 2008-10-16 16:56 31232 ----a-w c:\windows\system32\wuapp.exe

2009-04-27 21:52 . 2008-10-16 17:08 162064 ----a-w c:\windows\system32\wuwebv.dll

2009-04-27 00:46 . 2009-04-27 00:46 -------- d-----w c:\program files\uTorrent

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-10 14:24 . 2009-05-07 16:42 1685924 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-10 13:50 . 2008-01-21 06:32 634040 ----a-w c:\windows\system32\prfh0416.dat

2009-05-10 13:50 . 2008-01-21 06:32 121690 ----a-w c:\windows\system32\prfc0416.dat

2009-05-09 22:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-05-09 22:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-05-09 22:29 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-05-08 23:22 . 2009-03-15 00:35 -------- d-----w c:\program files\Windows Live

2009-04-30 00:01 . 2009-03-15 00:39 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-29 02:13 . 2009-04-26 22:54 99864 ----a-w c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-28 16:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-04-27 22:27 . 2009-03-15 00:34 -------- d-----w c:\program files\Common Files\Adobe

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Common Files\Sistema

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Arquivos Comuns

2009-03-17 03:38 . 2009-04-27 22:11 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-27 22:11 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-15 00:46 . 2009-03-15 00:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-03-15 00:41 . 2009-03-15 00:39 -------- d-----w c:\program files\Realtek

2009-03-15 00:41 . 2009-03-15 00:39 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-15 00:39 . 2009-03-15 00:39 319456 ----a-w c:\windows\DIFxAPI.dll

2009-03-15 00:39 . 2009-03-15 00:39 315392 ----a-w c:\windows\HideWin.exe

2009-03-15 00:39 . 2009-03-15 00:39 -------- d-----w c:\program files\Intel

2009-03-15 00:37 . 2009-03-15 00:35 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2009-03-15 00:36 . 2009-03-15 00:36 -------- d-----w c:\program files\Windows Live Toolbar

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\CDBurnerXP

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\Movie Maker 2.6

2009-03-03 04:46 . 2009-04-27 22:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-27 22:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-27 22:10 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-27 22:11 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-27 22:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-27 22:10 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-27 22:11 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-27 22:11 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-27 22:11 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-27 22:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-27 22:11 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-27 22:10 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-02-13 08:49 . 2009-04-27 22:11 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-27 22:11 1255936 ----a-w c:\windows\system32\lsasrv.dll

2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

 

c:\users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

is-AUQ36.lnk - c:\program files\Virus Removal Tool1\is-AUQ36\startup.exe [2009-5-9 65536]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6A6A340C-E756-441B-AF1D-99218FAFF7FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{113C0CCF-2C83-40ED-AC38-62555A6034E9}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{5B8FFD91-5B17-486D-AFF9-7BD1FF4EB74E}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{A370EA86-0A6D-42BF-8FBD-966106BBFD70}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{16DC8953-9170-404B-A4C4-E0D0CA048806}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{6C7265A4-AA1B-493F-872C-CBC30F6EB970}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"{136E96BD-D7B6-4765-8BF3-04D9ECAB3E25}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"TCP Query User{3C251F08-F36E-4BF4-B9D9-6C960D2DFDA3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{85B1D68B-D65E-4203-9AAB-F9AFB60EF5B7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{B1AED0C6-3D6C-48BF-92C5-FC356C3E0AD3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{8B468BB5-FBF4-414F-A2AC-86A36EE20390}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{58AFDF4F-C40B-49B3-8B30-DD82ADEC6526}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{C9650678-E23E-42E8-8D34-F943253CFBDA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{AE271FB3-02DE-4A26-809E-1321D158BD29}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{1BC6B084-52FA-4744-BB25-E06D87FC217D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{F3137702-C27A-488A-8D2C-8608C4691335}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{6E25C65A-47BA-421B-8A71-1CA57E0B441A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{5E0D5326-4D05-4845-BD64-CEAA13994F2B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{A31FA7F8-B6A9-4D5C-9645-AE924B71FB38}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [28/04/2009 16:09 28544]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [26/04/2009 20:47 114768]

R1 is-40HROdrv;is-40HROdrv;c:\windows\System32\drivers\13480879.sys [07/05/2009 20:23 148496]

R1 is-7NGHMdrv;is-7NGHMdrv;c:\windows\System32\drivers\66382640.sys [07/05/2009 14:16 148496]

R1 is-8J2B1drv;is-8J2B1drv;c:\windows\System32\drivers\69974158.sys [07/05/2009 13:46 148496]

R1 is-AUQ36drv;is-AUQ36drv;c:\windows\System32\drivers\73615330.sys [09/05/2009 23:05 148496]

R1 is-F4F63drv;is-F4F63drv;c:\windows\System32\drivers\93612192.sys [07/05/2009 13:42 148496]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [26/04/2009 20:47 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [26/04/2009 20:23 51792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-09 c:\windows\Tasks\User_Feed_Synchronization-{6390703D-5B3C-4525-AF11-260BD113A11C}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

 

2009-05-10 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 14:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F23F9139-B115-41DE-A439-28A87249A894} = 200.149.55.140 200.165.132.147

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-10 11:27

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\conime.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-05-10 11:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-05-10 14:30

 

Pré-execução: 258.565.562.368 bytes disponíveis

Pós execução: 258.316.804.096 bytes disponíveis

 

935 --- E O F --- 2009-04-28 16:33

 

 

-----------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:36:43, on 10/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: is-AUQ36.lnk = C:\Program Files\Virus Removal Tool1\is-AUQ36\startup.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

 

--

End of file - 6128 bytes

 

Abraços

[DigRam 144]

Bom Dia! Mescouto

 

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O4 - Startup: is-AUQ36.lnk = C:\Program Files\Virus Removal Tool1\is-AUQ36\startup.exe

 

<@> Marque,àcima,esta entrada!

<@> Clique em Fix checked --> Sim!

<><><><><><><><><><>

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\Program Files\Virus Removal Tool1\is-AUQ36\startup.exe

Folder::

C:\Program Files\Virus Removal Tool1\is-AUQ36

C:\Program Files\Virus Removal Tool1

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 1 (0x0)

Driver::

"is-40HROdrv"

"is-7NGHMdrv"

"is-8J2B1drv"

"is-AUQ36drv"

"is-F4F63drv"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mescouto 0]

Boa tarde DigRam!

 

Seguem os logs:

 

ComboFix 09-05-11.08 - Louise 12/05/2009 12:10.4 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.3060.2127 [GMT -3:00]

Executando de: c:\users\Louise\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Louise\Desktop\CFScript.txt.txt

AV: avast! antivirus 4.7.1043 [VPS 090426-0] *On-access scanning enabled* (Updated)

 

FILE ::

c:\program files\Virus Removal Tool1\is-AUQ36\startup.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Virus Removal Tool1

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_IS-40HRODRV

-------\Legacy_IS-7NGHMDRV

-------\Legacy_IS-8J2B1DRV

-------\Legacy_IS-AUQ36DRV

-------\Legacy_IS-F4F63DRV

-------\Service_is-40HROdrv

-------\Service_is-7NGHMdrv

-------\Service_is-8J2B1drv

-------\Service_is-AUQ36drv

-------\Service_is-F4F63drv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-12 to 2009-05-12 ))))))))))))))))))))))))))))

.

 

2009-05-11 10:49 . 2009-05-11 10:49 -------- d-----w c:\program files\Programas RFB

2009-05-10 15:17 . 2009-05-10 15:17 -------- d-----w c:\users\Louise\AppData\Local\HP

2009-05-10 02:29 . 2009-05-10 03:14 -------- d-----w c:\program files\EsetOnlineScanner

2009-05-10 02:05 . 2009-05-10 02:05 -------- d-----w c:\programdata\is-AUQ36

2009-05-10 02:05 . 2009-05-10 02:05 -------- d-----w c:\users\All Users\is-AUQ36

2009-05-10 02:05 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\73615330.sys

2009-05-09 22:38 . 2009-05-09 22:38 -------- d-----w c:\programdata\WEBREG

2009-05-09 22:38 . 2009-05-09 22:38 -------- d-----w c:\users\All Users\WEBREG

2009-05-09 22:38 . 2009-05-09 22:38 -------- d-----w c:\users\Louise\AppData\Roaming\HP

2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w c:\programdata\Hewlett-Packard

2009-05-09 22:37 . 2009-05-09 22:37 -------- d-----w c:\users\All Users\Hewlett-Packard

2009-05-09 22:32 . 2009-05-09 22:32 -------- d-----w c:\programdata\HP Product Assistant

2009-05-09 22:32 . 2009-05-09 22:32 -------- d-----w c:\users\All Users\HP Product Assistant

2009-05-09 22:31 . 2009-05-09 22:31 -------- d-----w c:\program files\Hewlett-Packard

2009-05-09 22:31 . 2009-05-09 22:31 -------- d-----w c:\program files\Common Files\Hewlett-Packard

2009-05-09 22:30 . 2009-05-09 22:30 -------- d-----w c:\program files\Common Files\HP

2009-05-09 22:29 . 2007-11-08 14:56 271704 ----a-w c:\windows\system32\hpzids01.dll

2009-05-09 22:29 . 2007-10-20 21:25 118272 ----a-w c:\windows\system32\hpz3l5mu.dll

2009-05-09 22:29 . 2007-10-30 09:25 372736 ----a-w c:\windows\system32\hppldcoi.dll

2009-05-09 22:29 . 2007-10-21 16:45 729088 ----a-w c:\windows\system32\hpowiax7.dll

2009-05-09 22:29 . 2007-10-21 16:45 581632 ----a-w c:\windows\system32\hpotscl6.dll

2009-05-09 22:29 . 2007-10-21 16:45 303104 ----a-w c:\windows\system32\hpovst15.dll

2009-05-09 22:28 . 2009-05-09 22:32 -------- d-----w c:\program files\HP

2009-05-09 22:26 . 2009-05-09 22:38 167995 ----a-w c:\windows\hpoins28.dat

2009-05-09 22:26 . 2009-05-09 22:38 -------- d-----w c:\programdata\HP

2009-05-09 22:26 . 2009-05-09 22:38 -------- d-----w c:\users\All Users\HP

2009-05-07 23:23 . 2009-05-07 23:23 -------- d-----w c:\programdata\is-40HRO

2009-05-07 23:23 . 2009-05-07 23:23 -------- d-----w c:\users\All Users\is-40HRO

2009-05-07 23:23 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\13480879.sys

2009-05-07 17:16 . 2009-05-07 17:16 -------- d-----w c:\programdata\is-7NGHM

2009-05-07 17:16 . 2009-05-07 17:16 -------- d-----w c:\users\All Users\is-7NGHM

2009-05-07 17:16 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\66382640.sys

2009-05-07 16:46 . 2009-05-07 16:46 -------- d-----w c:\programdata\is-8J2B1

2009-05-07 16:46 . 2009-05-07 16:46 -------- d-----w c:\users\All Users\is-8J2B1

2009-05-07 16:46 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\69974158.sys

2009-05-07 16:42 . 2009-05-07 16:42 -------- d-----w c:\programdata\is-F4F63

2009-05-07 16:42 . 2009-05-07 16:42 -------- d-----w c:\users\All Users\is-F4F63

2009-05-07 16:42 . 2009-05-12 15:24 149823520 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-07 16:42 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\93612192.sys

2009-05-07 15:43 . 2009-05-07 16:32 39095032 ----a-w c:\program files\setup_7.0.0.290_07.05.2009_18-52.exe

2009-05-06 14:51 . 2009-05-06 14:52 -------- d-----w c:\program files\a-squared Free

2009-05-06 14:45 . 2009-05-06 14:49 49148496 ----a-w c:\program files\a2FreeSetup.exe

2009-05-06 01:34 . 2009-05-06 05:29 -------- d-----w C:\Lop SD

2009-05-06 01:33 . 2009-05-06 01:33 530106 ----a-w C:\LopSD.exe

2009-05-03 22:03 . 2009-05-03 22:03 -------- d-----w c:\program files\TVUPlayer

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Common Files\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\users\All Users\Macromedia

2009-04-30 00:02 . 2009-04-30 00:02 -------- d-----w c:\program files\Macromedia

2009-04-30 00:01 . 2009-04-30 00:01 -------- d-----w c:\windows\Downloaded Installations

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\iWin

2009-04-29 22:34 . 2009-04-29 22:34 -------- d-----w c:\users\Louise\AppData\Roaming\Oberon Media

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\programdata\TEMP

2009-04-29 22:34 . 2009-04-29 23:09 -------- d---a-w c:\users\All Users\TEMP

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\programdata\GamesBar

2009-04-29 22:34 . 2009-04-29 23:11 -------- d-----w c:\users\All Users\GamesBar

2009-04-29 22:32 . 2009-04-29 22:32 -------- d-----w c:\program files\Common Files\Oberon Media

2009-04-29 22:32 . 2009-04-29 23:11 -------- d-----w c:\program files\Oberon Media

2009-04-29 02:00 . 2004-03-22 17:17 24816 ----a-w c:\windows\system32\mdimon.dll

2009-04-29 01:57 . 2009-04-29 01:57 -------- d-----w c:\program files\Microsoft Works

2009-04-29 01:54 . 2009-04-29 01:59 -------- d-----w c:\windows\SHELLNEW

2009-04-29 01:53 . 2009-04-29 01:53 -------- d-----w c:\program files\Microsoft.NET

2009-04-28 20:03 . 2009-04-28 20:03 -------- d-----w c:\users\Louise\AppData\Local\Mozilla

2009-04-28 19:09 . 2008-06-19 19:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-04-28 19:09 . 2009-04-28 19:09 -------- d-----w c:\program files\Panda Security

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\users\Louise\AppData\Roaming\Yahoo!

2009-04-28 18:38 . 2009-05-08 23:24 -------- d-----w c:\program files\Yahoo!

2009-04-28 18:38 . 2009-04-28 18:38 -------- d-----w c:\program files\CCleaner

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\Louise\AppData\Roaming\Malwarebytes

2009-04-28 17:41 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-28 17:41 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\programdata\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-28 17:41 . 2009-04-28 17:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\Louise\AppData\Roaming\Grisoft

2009-04-28 17:19 . 2007-05-30 12:10 10872 ----a-w c:\windows\system32\drivers\AvgAsCln.sys

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\programdata\Grisoft

2009-04-28 17:19 . 2009-04-28 17:19 -------- d-----w c:\users\All Users\Grisoft

2009-04-28 16:29 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll

2009-04-28 15:30 . 2009-05-12 15:04 -------- d-----w C:\HiJackThis

2009-04-28 00:18 . 2004-05-18 18:16 39936 ----a-w c:\windows\system32\huffyuv.dll

2009-04-28 00:18 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll

2009-04-28 00:18 . 2006-04-02 12:47 630784 ----a-w c:\windows\system32\vp7vfw.dll

2009-04-28 00:18 . 2004-12-10 08:03 438272 ----a-w c:\windows\system32\vp6vfw.dll

2009-04-28 00:18 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll

2009-04-28 00:18 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll

2009-04-28 00:18 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll

2009-04-28 00:07 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll

2009-04-28 00:07 . 2009-04-28 00:18 -------- d-----w c:\program files\K-Lite Codec Pack

2009-04-28 00:05 . 2009-04-28 00:12 -------- d-----w c:\users\Louise\AppData\Roaming\Media Player Classic

2009-04-27 23:21 . 2009-04-27 23:21 -------- d-----w c:\program files\VistaCodecPack

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\programdata\VistaCodecs

2009-04-27 23:20 . 2009-04-27 23:20 -------- d-----w c:\users\All Users\VistaCodecs

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\programdata\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\users\All Users\eMule

2009-04-27 22:52 . 2009-04-27 22:56 -------- d-----w c:\users\Louise\AppData\Local\eMule

2009-04-27 22:52 . 2009-04-27 22:52 -------- d-----w c:\program files\eMule

2009-04-27 22:50 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll

2009-04-27 22:50 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll

2009-04-27 22:50 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll

2009-04-27 22:16 . 2009-04-27 22:16 -------- d-----w c:\program files\SopCast

2009-04-27 22:14 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll

2009-04-27 22:14 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys

2009-04-27 22:14 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys

2009-04-27 22:14 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll

2009-04-27 22:14 . 2008-08-27 01:05 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys

2009-04-27 22:13 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL

2009-04-27 22:13 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-27 22:13 . 2008-10-21 05:25 296960 ----a-w c:\windows\system32\gdi32.dll

2009-04-27 22:13 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-27 22:13 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-27 22:13 . 2008-04-18 05:48 269312 ----a-w c:\windows\system32\es.dll

2009-04-27 22:13 . 2008-11-01 03:44 28672 ----a-w c:\windows\system32\Apphlpdm.dll

2009-04-27 22:13 . 2008-03-08 04:21 1695744 ----a-w c:\windows\system32\gameux.dll

2009-04-27 22:13 . 2008-11-01 01:21 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll

2009-04-27 22:11 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll

2009-04-27 22:10 . 2008-05-08 21:59 430080 ----a-w c:\windows\system32\vbscript.dll

2009-04-27 21:53 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll

2009-04-27 21:53 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe

2009-04-27 21:53 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll

2009-04-27 21:53 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll

2009-04-27 21:52 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll

2009-04-27 21:52 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll

2009-04-27 21:52 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll

2009-04-27 21:52 . 2008-10-16 16:56 31232 ----a-w c:\windows\system32\wuapp.exe

2009-04-27 21:52 . 2008-10-16 17:08 162064 ----a-w c:\windows\system32\wuwebv.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-12 15:24 . 2009-05-07 16:42 1756820 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-12 14:53 . 2008-01-21 06:32 634040 ----a-w c:\windows\system32\prfh0416.dat

2009-05-12 14:53 . 2008-01-21 06:32 121690 ----a-w c:\windows\system32\prfc0416.dat

2009-05-09 22:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-05-09 22:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-05-09 22:29 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-05-08 23:22 . 2009-03-15 00:35 -------- d-----w c:\program files\Windows Live

2009-04-30 00:01 . 2009-03-15 00:39 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-29 02:13 . 2009-04-26 22:54 99864 ----a-w c:\users\Louise\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-28 16:34 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-04-27 22:27 . 2009-03-15 00:34 -------- d-----w c:\program files\Common Files\Adobe

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Common Files\Sistema

2009-04-26 22:50 . 2009-04-26 22:50 -------- d-sh--w c:\program files\Arquivos Comuns

2009-03-17 03:38 . 2009-04-27 22:11 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-27 22:11 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-15 00:46 . 2009-03-15 00:46 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-03-15 00:41 . 2009-03-15 00:39 -------- d-----w c:\program files\Realtek

2009-03-15 00:41 . 2009-03-15 00:39 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-15 00:39 . 2009-03-15 00:39 319456 ----a-w c:\windows\DIFxAPI.dll

2009-03-15 00:39 . 2009-03-15 00:39 315392 ----a-w c:\windows\HideWin.exe

2009-03-15 00:39 . 2009-03-15 00:39 -------- d-----w c:\program files\Intel

2009-03-15 00:37 . 2009-03-15 00:35 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2009-03-15 00:36 . 2009-03-15 00:36 -------- d-----w c:\program files\Windows Live Toolbar

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\CDBurnerXP

2009-03-15 00:34 . 2009-03-15 00:34 -------- d-----w c:\program files\Movie Maker 2.6

2009-03-03 04:46 . 2009-04-27 22:11 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-27 22:11 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-27 22:10 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-27 22:11 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-27 22:11 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-27 22:10 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-27 22:11 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-27 22:11 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-27 22:11 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-27 22:11 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-27 22:11 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-27 22:10 26624 ----a-w c:\windows\system32\ieUnatt.exe

2009-02-13 08:49 . 2009-04-27 22:11 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-27 22:11 1255936 ----a-w c:\windows\system32\lsasrv.dll

2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-10_14.27.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-05-12 14:52 36086 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:02 . 2009-05-12 15:27 62852 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-04-26 22:51 . 2009-05-10 13:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-04-26 22:51 . 2009-05-12 14:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-26 22:51 . 2009-05-10 13:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-26 22:51 . 2009-05-12 14:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-26 22:51 . 2009-05-10 13:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-26 22:51 . 2009-05-12 14:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-26 22:55 . 2009-05-12 15:27 5214 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3789998073-3381512705-1010731803-1000_UserData.bin

- 2009-05-10 14:25 . 2009-05-10 14:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-05-12 15:25 . 2009-05-12 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-05-10 14:25 . 2009-05-10 14:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-05-12 15:25 . 2009-05-12 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 10:33 . 2009-05-12 14:53 586980 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-05-10 13:50 586980 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-05-12 14:53 101052 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-05-10 13:50 101052 c:\windows\System32\perfc009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6A6A340C-E756-441B-AF1D-99218FAFF7FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{113C0CCF-2C83-40ED-AC38-62555A6034E9}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{5B8FFD91-5B17-486D-AFF9-7BD1FF4EB74E}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus

"{A370EA86-0A6D-42BF-8FBD-966106BBFD70}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{16DC8953-9170-404B-A4C4-E0D0CA048806}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{6C7265A4-AA1B-493F-872C-CBC30F6EB970}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"{136E96BD-D7B6-4765-8BF3-04D9ECAB3E25}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"TCP Query User{3C251F08-F36E-4BF4-B9D9-6C960D2DFDA3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{85B1D68B-D65E-4203-9AAB-F9AFB60EF5B7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{B1AED0C6-3D6C-48BF-92C5-FC356C3E0AD3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{8B468BB5-FBF4-414F-A2AC-86A36EE20390}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{58AFDF4F-C40B-49B3-8B30-DD82ADEC6526}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{C9650678-E23E-42E8-8D34-F943253CFBDA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{AE271FB3-02DE-4A26-809E-1321D158BD29}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{1BC6B084-52FA-4744-BB25-E06D87FC217D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{F3137702-C27A-488A-8D2C-8608C4691335}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{6E25C65A-47BA-421B-8A71-1CA57E0B441A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe

"{5E0D5326-4D05-4845-BD64-CEAA13994F2B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{A31FA7F8-B6A9-4D5C-9645-AE924B71FB38}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [28/04/2009 16:09 28544]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [26/04/2009 20:47 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [26/04/2009 20:47 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [26/04/2009 20:23 51792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-11 c:\windows\Tasks\User_Feed_Synchronization-{6390703D-5B3C-4525-AF11-260BD113A11C}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

 

2009-05-12 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 14:20]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F23F9139-B115-41DE-A439-28A87249A894} = 200.149.55.140 200.165.132.147

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\z812dn6w.default\

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 12:27

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\conime.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-05-12 12:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-05-12 15:28

ComboFix2.txt 2009-05-10 14:30

 

Pré-execução: 258.145.738.752 bytes disponíveis

Pós execução: 258.084.581.376 bytes disponíveis

 

328 --- E O F --- 2009-04-28 16:33

 

 

--------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:35:43, on 12/05/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F23F9139-B115-41DE-A439-28A87249A894}: NameServer = 200.149.55.140 200.165.132.147

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

 

--

End of file - 5975 bytes

 

Abraços

[DigRam 144]

Bom Dia! Mescouto

 

<@> Baixe: < Runscanner v. 1.8.0.0 >

<@> Salve-o no Disco local(C) ou Desktop.

<@> Descompacte-o e reserve o executável. ( RunScanner.exe )

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. --> Aguarde!

<@> Terminando,clique no menu: "Online analysis" <-- Esteja conectado!

<@> Abrirá a página: "online malware analysis report"

<@> Copie o resultado desta análise;Report Url:,para o seu computador. ( report.aspx )

<@> Coloque-o em um zip,dispondo-o no Desktop.

<@> Mantenha a extenção ( .aspx ),ao copiá-lo!

<@> Não desejando a verificação OnLine,salve-o como Arquivo RUN.

<@> Clique em "Save Run File" --> Coloque-o em um zip,dispondo-o na área de trabalho.

<@> Vá,agora,à este endereço: < Badongo >

<@> Faça upload do report.aspx.zip ou runscanner.run,que estão no desktop,para esse servidor. <-- Badongo!

<@> Copie o(s) endereço(s),que lhe serão fornecidos,para este Tópico. ( Report Url: ) ou ( Arquivo RUN )

 

Abraços!