[Resolvido!] Problemas com TR/Spy.Banker.265216

[vs. bastos 0]

Olá, pessoal

 

Estou vivendo um pesadelo com este TR/Spy.Banker.256216. Já segui instruções de rodar o bankerfix, combofix, anti-malwares e nada deu certo.

 

Gostaria da ajuda de vcs. Obrigado.

 

Meu Log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:36, on 13/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Users\Vinicius\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Vinicius\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Users\Vinicius\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Vinicius\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Vinicius\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Vinicius\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Vinicius\AppData\Local\Temp\Rar$EX00.519\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Wireless Manager] "C:\Program Files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www2.bancobrasil.com.br

O15 - Trusted Zone: *.netzero.com

O15 - Trusted Zone: *.netzero.net

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

 

--

End of file - 14499 bytes

[PedroN 1]

• Baixe: < ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

• Poste, também, HijackThis atualizado.

 

Já segui instruções de rodar o bankerfix, combofix, anti-malwares e nada deu certo

.

 

De quem você seguiu essas instruções? Foi de algum outro fórum? Tem os logs destes programas em seu PC? Caso sim, poste-o em sua resposta.

[vs. bastos 0]

Olá, PedroN. Boa noite.

 

Cara, eu tenho aqui o log do combofix, os outros não me lembro de ter gerado logs. Vou mandar aqui então. Peguei instruções de um fórum que visitei e de um amigo meu aqui... mas num deu certo.

 

E muito obrigado pela ajuda!

 

Log Toolbar S&D:

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : AMD Turion X2 Dual-Core Mobile RM-70 )

BIOS : InsydeH2O Version 1.20

USER : Vinicius ( Administrator )

BOOT : Fail-safe boot

C:\ (Local Disk) - NTFS - Total:184 Go (Free:106 Go)

E:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 13/07/2009|21:22 )

 

[ UAC => 1 ]

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Program Files\AskSBar\bar

Deletado! - C:\Program Files\AskSBar\SrchAstt

Deletado! - C:\Program Files\AskSBar

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://search.speedbit.com/"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

"Url"="http://go.microsoft.com/fwlink/?LinkId=44406"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\Windows\\System32\\blank.htm"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\Vinicius\AppData\Roaming\Microsoft\Windows\Recent\Crack.Corel.X4.rar.lnk

C:\Users\Vinicius\AppData\Roaming\Microsoft\Windows\Recent\Crack.Corel.X4.rar.part.lnk

C:\Users\Vinicius\Desktop\Vinicius Bastos\Arquivos recebidos_programas_keigens\bsplayer[1].pro.2.0.937.keygen-tsrh.zip

C:\Users\Vinicius\Desktop\Vinicius Bastos\Arquivos recebidos_programas_keigens\keygen_imtoodvdripper.txt

C:\Users\Vinicius\Desktop\Vinicius Bastos\papai\corel_keygen.txt

C:\Users\Vinicius\Downloads\Downloads\Downloads\Downloads\Crack.Corel.X4 (2).rar

C:\Users\Vinicius\Downloads\Downloads\Downloads\Downloads\Crack.Corel.X4.rar

C:\Users\Vinicius\Favorites\Rec6 - Crack Corel DRAW X4+Download.URL

 

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 13/07/2009|21:24 - Option : [2]

 

-----------\\ Verificação completa em 21:24:59,34

 

Log HijackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:27:01, on 13/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Vinicius\AppData\Local\Temp\Rar$EX00.601\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Wireless Manager] "C:\Program Files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www2.bancobrasil.com.br

O15 - Trusted Zone: *.netzero.com

O15 - Trusted Zone: *.netzero.net

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

 

--

End of file - 11862 bytes

 

 

Log do combofix:

 

ComboFix 09-07-12.03 - Vinicius 13/07/2009 11:18.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.2813.1722 [GMT -3:00]

Executando de: c:\users\Vinicius\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 58 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2352159997-3132578469-318617820-500

c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Sites possivelmente infectados -----

 

hxxp://download.linksys.com

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))

.

 

2009-07-13 14:27 . 2009-07-13 14:27 -------- d-----w- c:\users\Vinicius\AppData\Local\temp

2009-07-13 04:33 . 2009-07-13 04:33 -------- d-----w- c:\users\Vinicius\AppData\Roaming\Malwarebytes

2009-07-13 04:33 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 04:33 . 2009-07-13 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-13 04:33 . 2009-07-13 04:33 -------- d-----w- c:\programdata\Malwarebytes

2009-07-13 04:33 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-13 04:25 . 2009-07-13 04:27 -------- d-----w- C:\LinhaDefensiva

2009-07-08 12:37 . 2009-07-12 15:21 95744 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll

2009-06-28 14:12 . 1999-12-17 13:13 86016 ----a-w- c:\windows\unvise32.exe

2009-06-28 06:15 . 2009-06-28 06:15 -------- d-----w- c:\users\Vinicius\AppData\Roaming\SpeedBit

2009-06-28 06:14 . 2009-07-01 12:56 -------- d-----w- c:\program files\SpeedOptimizer

2009-06-28 06:13 . 2009-06-28 06:13 2169880 ----a-w- c:\programdata\SpeedBit\DAP\Offers\spo3.exe

2009-06-26 14:45 . 2009-06-26 14:45 -------- d-----w- c:\users\Vinicius\AppData\Roaming\Thinstall

2009-06-25 18:52 . 2009-07-10 01:40 83456 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll

2009-06-25 18:01 . 2009-06-25 18:01 -------- d-----w- c:\program files\AskSBar

2009-06-25 18:01 . 2009-06-25 18:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator

2009-06-25 17:50 . 2009-06-25 17:50 3530776 ----a-w- c:\programdata\SpeedBit\DAP\Offers\VA23_DAPSO.exe

2009-06-25 17:35 . 2009-06-28 06:15 -------- d-----w- c:\programdata\SpeedBit

2009-06-25 17:35 . 2009-06-25 17:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll

2009-06-25 17:35 . 2009-06-25 17:50 -------- d-----w- c:\program files\DAP

2009-06-25 17:35 . 2009-06-25 17:35 -------- d-----w- c:\program files\SpeedBit Video Downloader

2009-06-25 15:47 . 2009-07-05 21:28 -------- d-----w- c:\program files\Mobile Partner

2009-06-22 16:27 . 2009-06-22 16:27 -------- d-----w- c:\users\Vinicius\AppData\Local\HP

2009-06-15 21:15 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-15 21:15 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 04:02 . 2009-02-04 13:56 -------- d-----w- c:\program files\GbPlugin

2009-07-12 17:25 . 2008-12-11 22:58 2880 --sha-w- c:\programdata\KGyGaAvL.sys

2009-07-12 17:25 . 2008-12-11 22:58 2880 --sha-w- c:\programdata\KGyGaAvL.sys

2009-07-11 18:39 . 2008-12-19 12:24 680 ----a-w- c:\users\Vinicius\AppData\Local\d3d9caps.dat

2009-06-28 14:26 . 2008-12-01 17:40 142344 ----a-w- c:\users\Vinicius\AppData\Local\GDIPFONTCACHEV1.DAT

2009-06-28 06:15 . 2008-12-02 12:59 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1

2009-06-18 21:03 . 2008-12-01 22:44 -------- d-----w- c:\programdata\Microsoft Help

2009-06-12 16:36 . 2009-06-12 16:36 -------- d-----w- c:\users\Vinicius\AppData\Roaming\HP

2009-06-11 00:50 . 2009-06-11 00:40 -------- d-----w- c:\programdata\HP

2009-06-11 00:49 . 2009-06-11 00:40 152106 ----a-w- c:\windows\hpoins14.dat

2009-06-11 00:48 . 2009-06-11 00:48 -------- d-----w- c:\programdata\WEBREG

2009-06-11 00:46 . 2009-06-11 00:46 -------- d-----w- c:\programdata\HPSSUPPLY

2009-06-11 00:46 . 2009-06-11 00:41 -------- d-----w- c:\program files\HP

2009-06-11 00:44 . 2009-06-11 00:44 -------- d-----w- c:\programdata\HP Product Assistant

2009-06-11 00:43 . 2009-06-11 00:43 -------- d-----w- c:\program files\Common Files\HP

2009-06-11 00:42 . 2009-06-11 00:42 -------- d-----w- c:\program files\Hewlett-Packard

2009-06-11 00:42 . 2009-06-11 00:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2009-06-10 20:30 . 2008-12-01 22:41 -------- d-----w- c:\program files\Microsoft Works

2009-06-10 19:35 . 2009-06-10 19:35 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCCF.tmp.exe

2009-06-08 17:45 . 2009-06-08 17:45 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-08 17:45 . 2008-05-05 18:33 -------- d-----w- c:\program files\Java

2009-05-18 23:14 . 2009-05-18 23:14 -------- d-----w- c:\program files\KONAMI

2009-05-15 16:50 . 2009-05-15 16:50 -------- d-----w- c:\programdata\Avira

2009-05-15 16:50 . 2009-05-15 16:50 -------- d-----w- c:\program files\Avira

2009-05-15 04:18 . 2009-05-15 04:18 -------- d-----w- c:\program files\Recuva

2009-05-15 03:50 . 2009-05-15 03:50 -------- d-----w- c:\program files\PC Inspector File Recovery

2009-05-15 03:50 . 2008-05-05 18:00 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-14 23:20 . 2009-05-14 23:20 -------- d-----w- c:\programdata\webex

2009-05-14 23:20 . 2009-05-14 23:20 8673792 ----a-w- c:\programdata\atscie.msi

2009-04-30 00:09 . 2009-04-29 23:53 13431880 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\en\Installers\SetupGamesClient.exe

2009-04-23 12:43 . 2009-06-10 10:50 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 10:52 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-12 15:14 2033152 ----a-w- c:\windows\system32\win32k.sys

2008-12-11 18:57 . 2008-12-02 15:24 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys

2008-12-01 17:39 . 2008-12-01 17:39 14 --sh--r- c:\windows\System32\drivers\fbd.sys

2008-12-01 23:29 . 2008-12-01 23:29 4 --sh--r- c:\windows\System32\drivers\taishop.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-25 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2009-06-25 18:01 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

"Wireless Manager"="c:\program files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe" [2008-10-25 32768]

"Google Update"="c:\users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-09 133104]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-02-28 1700864]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-06-25 2811392]

"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-06-25 2823784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

"NDSTray.exe"="NDSTray.exe" [bU]

 

c:\users\Vinicius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-12-2 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-25 14:32 271152 ----a-w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39E286C0-F338-42C2-8096-366C0D324443}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8AB76158-F7DF-46E9-AD2E-0261C555F20B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1FDCC7BA-3230-47D9-B398-2695B9039EB6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{D49A0262-F74C-457C-80B2-628F188E17B9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{83458225-31EF-4C4D-A674-D8E88A71A672}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"TCP Query User{2409A81D-2E57-454A-B40F-F9AC36F69360}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{2AC88F61-CF9E-4B59-AB62-DA713228B07D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"{38899FF4-F9EA-409F-971E-F5B91C3E7648}"= UDP:3703:Adobe Version Cue CS3 Server

"{28FDC7C1-53D0-4599-9C8C-21BD06965211}"= UDP:3704:Adobe Version Cue CS3 Server

"{99149815-B1B2-436E-89B8-73F118C9DB65}"= UDP:50900:Adobe Version Cue CS3 Server

"{141AF415-42E8-40E3-BE4E-14E8139759F4}"= UDP:50901:Adobe Version Cue CS3 Server

"{C55959B7-AEB5-43B0-964C-B05168311854}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{C275096C-B17C-4350-8F71-9D424255DAEA}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"TCP Query User{362E03C2-CE57-490A-9EF6-F8677238340E}c:\\program files\\mozilla firefox 3.1 beta 1\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 1\firefox.exe:Firefox

"UDP Query User{E385F43E-809E-454F-BB59-27082643A7F5}c:\\program files\\mozilla firefox 3.1 beta 1\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 1\firefox.exe:Firefox

"{EC579774-28B7-49CF-B9B9-AB9C9F4A6711}"= TCP:67:0.0.0.0:DHCP Discovery Service

"{4D397852-83EF-4A47-98CA-E2083989F4B8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{D8427433-9EEE-48A1-8AE4-3F8B28716D98}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{135AAFF6-DFD9-4A0F-807D-5E7360834712}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{F04E00A1-591A-48F2-B926-57DBB90F18A8}c:\\users\\vinicius\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\vinicius\appdata\local\google\chrome\application\chrome.exe:chrome.exe

"UDP Query User{4C5C31D8-5D6D-4CED-859C-64CCAD517563}c:\\users\\vinicius\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\vinicius\appdata\local\google\chrome\application\chrome.exe:chrome.exe

"TCP Query User{B71C9729-6742-42E9-AC38-A7CC9BAE368C}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service

"UDP Query User{EB4CA64E-FB06-4E55-B341-5F5612B39CBC}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service

"TCP Query User{69C64ADC-94DB-4E0B-842B-1A59CEACB54D}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)

"UDP Query User{C2254B08-42EB-489E-B93D-747564365441}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

 

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/12/2008 20:15 20384]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/05/2009 13:50 108289]

R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 04:19 40960]

R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [04/02/2009 10:56 52560]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [03/12/2007 22:03 126976]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]

R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [05/05/2008 15:06 7168]

R3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\System32\drivers\sembbus.sys [26/01/2009 20:35 260992]

R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\System32\drivers\sembcard.sys [26/01/2009 20:35 337408]

R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\System32\drivers\sembmdfl2.sys [26/01/2009 20:35 14976]

R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\System32\drivers\sembmdm2.sys [26/01/2009 20:35 380672]

R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\System32\drivers\sembmgmt.sys [26/01/2009 20:35 343680]

R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\System32\drivers\sembnd5.sys [26/01/2009 20:35 24960]

R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\System32\drivers\sembunic.sys [26/01/2009 20:35 344064]

R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\System32\drivers\sembwwan.sys [26/01/2009 20:35 337408]

R3 SEMCReserved;SEMC Reserved Interface;c:\windows\System32\drivers\semcreserved.sys [26/01/2009 20:35 17408]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [24/04/2008 23:35 73728]

R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\System32\drivers\sesc.sys [26/01/2009 20:35 12672]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [17/03/2009 13:42 13224]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [01/12/2008 20:15 954368]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [02/11/2007 10:47 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [02/11/2007 10:47 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [02/11/2007 10:47 109992]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [17/03/2009 13:23 100008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000Core.job

- c:\users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-09 15:46]

 

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000UA.job

- c:\users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-09 15:46]

 

2009-07-13 c:\windows\Tasks\SpeedOptimizer Startup.job

- c:\progra~1\speedo~1\SPO.exe [2009-06-28 06:14]

 

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{1D2B906D-50C2-4557-A94B-F1ED612D6404}.job

- c:\windows\system32\msfeedssync.exe [2009-04-10 11:31]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

HKLM-Run-TimeSheet4J - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.speedbit.com/

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: netzero.com

Trusted Zone: netzero.net

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\users\Vinicius\AppData\Roaming\Mozilla\Firefox\Profiles\0uds1d14.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 1\plugins\NPAskSBr.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\Vinicius\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-13 11:27

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tempo para conclusão: 2009-07-13 11:30

ComboFix-quarantined-files.txt 2009-07-13 14:30

 

Pré-execução: 108.164.390.912 bytes free

Pós execução: 109.865.607.168 bytes free

 

298 --- E O F --- 2009-07-07 15:50

[Pedroav 0]

Fiz o recomendado e continua o Avira anunciando o maldito vírus

 

Log TollBar SD

 

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.com.br/"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

Log Hijack This

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:57:55, on 13/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\USBPhone\USBPhone.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\My Lockbox\mylbx.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Documents and Settings\Pedro\Meus documentos\Standalone\StandaloneStack2.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

c:\arquivos de programas\avira\antivir desktop\avcenter.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Pedro\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CmSkype] "C:\Arquivos de programas\USBPhone\USBPhone.exe" RUNSTART

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [mylbx] C:\Arquivos de programas\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uIWatcher] C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1c9bee2bee3f538) (gupdate1c9bee2bee3f538) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OracleOraHomeCLClientCache - Unknown owner - C:\oracle\oraCL\BIN\ONRSD.EXE

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9342 bytes

 

 

 

O que devo fazer?

[vs. bastos 0]

Caro Pedroav, não sei se você é novo aqui no fórum, mas existe uma regra muito clara ao criar a sua conta que é "Evitar invadir posts já existentes".

 

Sei que nossos problemas técnicos são parecidos, mas cada processo se comporta de uma forma e o analisador precisa se concentrar para oferecer a melhor solução possível.

 

Peço que não interfira neste processo até que termine, ou entãqo abra um novo tópico para obter ajuda adequada.

 

Obrigado.

 

 

Regra Nº 01 - Evite invadir tópicos existentes.

 

Caros usuários,

 

Ultimamente vários users vem "invadindo" tópicos existentes por considerarem que o problema lá colocado é parecido com o seu. Sei que tal ação é feita sem a intenção de atrapalhar, mas acaba atrapalhando. Vejam 02 (dois) exemplos:

 

Tópico 01

 

O tópico foi iniciado pela user PaulinhaBH. Depois houve a inclusão do user Gilberto1750. Por fim, como era de se esperar, a user PaulinhaBH, autora do tópico, retornou para finalizar o processo de desinfecção.

 

Em um dado momento eu até me atrapalhei, pois tantos logs acabaram me confundindo.

 

Tópico 02

 

O tópico foi iniciado pela user vilna. Depois houve a inclusão do user Brunlord. Um tempo depois a user Gaby Cardoso solicitou ajuda. Neste caso pedi que a cara usuária (Gaby Cardoso) criasse um tópico próprio, pois imaginem um tópico com 03 (três) users diferentes que, muito embora possuíssem problemas parecidos, apresentariam logs diferentes. O tópico transformar-se-ia em uma grande "salada de respostas", ou melhor, em uma grande confusão.

 

Assim sendo, solicito que, mesmo que o tópico já aberto apresente problema similar ao seu, seja aberto um NOVO TÓPICO para o caso.

 

Espero obter a compreenssão de todos.

 

Abraços.

[PedroN 1]

Olá vs. bastos,

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\LinhaDefensiva

c:\program files\AskSBar

 

File::

c:\users\Vinicius\AppData\Local\GDIPFONTCACHEV1.DAT

c:\windows\system32\deploytk.dll

c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000UA.job

c:\windows\Tasks\User_Feed_Synchronization-{1D2B906D-50C2-4557-A94B-F1ED612D6404}.job

 

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 1 (0x0)

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[vs. bastos 0]

Olá, PedroN.

 

Cara, fiz o procedimento conforme você me orientou, mas o vírus continua sendo detectado pelo avira, a cada pasta ou janela que abro. Nunca vi nada igual...

 

Meu Log ComboFix:

 

ComboFix 09-07-12.03 - Vinicius 14/07/2009 14:27.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.2813.1903 [GMT -3:00]

Executando de: c:\users\Vinicius\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Vinicius\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL"

"c:\users\Vinicius\AppData\Local\GDIPFONTCACHEV1.DAT"

"c:\windows\system32\deploytk.dll"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000Core.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000UA.job"

"c:\windows\Tasks\User_Feed_Synchronization-{1D2B906D-50C2-4557-A94B-F1ED612D6404}.job"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\QUA\backup.reg

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-appdata

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-md5

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-reg

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\2009-07-13.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

c:\users\Vinicius\AppData\Local\GDIPFONTCACHEV1.DAT

c:\windows\system32\deploytk.dll

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352159997-3132578469-318617820-1000UA.job

c:\windows\Tasks\User_Feed_Synchronization-{1D2B906D-50C2-4557-A94B-F1ED612D6404}.job

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-14 to 2009-07-14 ))))))))))))))))))))))))))))

.

 

2009-07-14 17:34 . 2009-07-14 17:34 -------- d-----w- c:\users\Vinicius\AppData\Local\temp

2009-07-14 00:22 . 2009-07-14 00:24 -------- d-----w- C:\ToolBar SD

2009-07-14 00:11 . 2009-07-14 00:27 -------- d-----w- C:\Tolbar S&D

2009-07-14 00:10 . 2009-07-14 00:10 -------- d-----w- c:\program files\tolbar S&D

2009-07-13 04:33 . 2009-07-13 04:33 -------- d-----w- c:\users\Vinicius\AppData\Roaming\Malwarebytes

2009-07-13 04:33 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 04:33 . 2009-07-13 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-13 04:33 . 2009-07-13 04:33 -------- d-----w- c:\programdata\Malwarebytes

2009-07-13 04:33 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-08 12:37 . 2009-07-14 17:10 95744 ----a-w- c:\programdata\SpeedBit\DAP\Updates\Condition.dll

2009-06-28 14:12 . 1999-12-17 13:13 86016 ----a-w- c:\windows\unvise32.exe

2009-06-28 06:15 . 2009-06-28 06:15 -------- d-----w- c:\users\Vinicius\AppData\Roaming\SpeedBit

2009-06-28 06:14 . 2009-07-01 12:56 -------- d-----w- c:\program files\SpeedOptimizer

2009-06-28 06:13 . 2009-06-28 06:13 2169880 ----a-w- c:\programdata\SpeedBit\DAP\Offers\spo3.exe

2009-06-26 14:45 . 2009-06-26 14:45 -------- d-----w- c:\users\Vinicius\AppData\Roaming\Thinstall

2009-06-25 18:52 . 2009-07-10 01:40 83456 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll

2009-06-25 18:01 . 2009-06-25 18:02 -------- d-----w- c:\program files\SpeedBit Video Accelerator

2009-06-25 17:50 . 2009-06-25 17:50 3530776 ----a-w- c:\programdata\SpeedBit\DAP\Offers\VA23_DAPSO.exe

2009-06-25 17:35 . 2009-06-28 06:15 -------- d-----w- c:\programdata\SpeedBit

2009-06-25 17:35 . 2009-06-25 17:35 50688 ----a-w- c:\windows\system32\wbhelp2.dll

2009-06-25 17:35 . 2009-06-25 17:50 -------- d-----w- c:\program files\DAP

2009-06-25 17:35 . 2009-06-25 17:35 -------- d-----w- c:\program files\SpeedBit Video Downloader

2009-06-25 15:47 . 2009-07-05 21:28 -------- d-----w- c:\program files\Mobile Partner

2009-06-22 16:27 . 2009-06-22 16:27 -------- d-----w- c:\users\Vinicius\AppData\Local\HP

2009-06-15 21:15 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-15 21:15 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 04:02 . 2009-02-04 13:56 -------- d-----w- c:\program files\GbPlugin

2009-07-12 17:25 . 2008-12-11 22:58 2880 --sha-w- c:\programdata\KGyGaAvL.sys

2009-07-12 17:25 . 2008-12-11 22:58 2880 --sha-w- c:\programdata\KGyGaAvL.sys

2009-07-11 18:39 . 2008-12-19 12:24 680 ----a-w- c:\users\Vinicius\AppData\Local\d3d9caps.dat

2009-06-28 06:15 . 2008-12-02 12:59 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 1

2009-06-18 21:03 . 2008-12-01 22:44 -------- d-----w- c:\programdata\Microsoft Help

2009-06-12 16:36 . 2009-06-12 16:36 -------- d-----w- c:\users\Vinicius\AppData\Roaming\HP

2009-06-11 00:50 . 2009-06-11 00:40 -------- d-----w- c:\programdata\HP

2009-06-11 00:49 . 2009-06-11 00:40 152106 ----a-w- c:\windows\hpoins14.dat

2009-06-11 00:48 . 2009-06-11 00:48 -------- d-----w- c:\programdata\WEBREG

2009-06-11 00:46 . 2009-06-11 00:46 -------- d-----w- c:\programdata\HPSSUPPLY

2009-06-11 00:46 . 2009-06-11 00:41 -------- d-----w- c:\program files\HP

2009-06-11 00:44 . 2009-06-11 00:44 -------- d-----w- c:\programdata\HP Product Assistant

2009-06-11 00:43 . 2009-06-11 00:43 -------- d-----w- c:\program files\Common Files\HP

2009-06-11 00:42 . 2009-06-11 00:42 -------- d-----w- c:\program files\Hewlett-Packard

2009-06-11 00:42 . 2009-06-11 00:42 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2009-06-10 20:30 . 2008-12-01 22:41 -------- d-----w- c:\program files\Microsoft Works

2009-06-10 19:35 . 2009-06-10 19:35 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCCF.tmp.exe

2009-06-08 17:45 . 2008-05-05 18:33 -------- d-----w- c:\program files\Java

2009-05-18 23:14 . 2009-05-18 23:14 -------- d-----w- c:\program files\KONAMI

2009-05-14 23:20 . 2009-05-14 23:20 8673792 ----a-w- c:\programdata\atscie.msi

2009-04-30 00:09 . 2009-04-29 23:53 13431880 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\en\Installers\SetupGamesClient.exe

2009-04-23 12:43 . 2009-06-10 10:50 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 10:52 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-12 15:14 2033152 ----a-w- c:\windows\system32\win32k.sys

2008-12-11 18:57 . 2008-12-02 15:24 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys

2008-12-01 17:39 . 2008-12-01 17:39 14 --sh--r- c:\windows\System32\drivers\fbd.sys

2008-12-01 23:29 . 2008-12-01 23:29 4 --sh--r- c:\windows\System32\drivers\taishop.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-13_14.28.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-07-14 17:10 66758 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-07-14 11:25 89776 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-12-01 17:40 . 2009-07-14 11:25 10406 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2352159997-3132578469-318617820-1000_UserData.bin

+ 2008-12-01 17:34 . 2009-07-14 17:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-01 17:34 . 2009-07-13 13:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-01 17:34 . 2009-07-13 13:49 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-01 17:34 . 2009-07-14 17:25 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-01 17:34 . 2009-07-13 13:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-01 17:34 . 2009-07-14 17:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-13 18:58 . 2009-07-13 18:58 9560 c:\windows\System32\networklist\icons\{1728FDBB-42E4-4D51-BBB8-CBB1E9C0B200}_48.bin

+ 2009-07-13 18:58 . 2009-07-13 18:58 4280 c:\windows\System32\networklist\icons\{1728FDBB-42E4-4D51-BBB8-CBB1E9C0B200}_32.bin

+ 2009-07-13 18:58 . 2009-07-13 18:58 2456 c:\windows\System32\networklist\icons\{1728FDBB-42E4-4D51-BBB8-CBB1E9C0B200}_24.bin

- 2009-07-13 13:43 . 2009-07-13 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-07-14 17:08 . 2009-07-14 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-07-13 13:43 . 2009-07-13 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 17:08 . 2009-07-14 17:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 10:33 . 2009-07-14 17:15 590082 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-09 18:06 590082 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-09 18:06 102094 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-07-14 17:15 102094 c:\windows\System32\perfc009.dat

+ 2009-03-09 16:24 . 2009-07-14 17:11 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-03-09 16:24 . 2009-07-13 04:15 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2008-12-01 23:28 . 2009-07-14 13:24 5094184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2008-12-01 23:28 . 2009-07-13 05:13 5094184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

"Wireless Manager"="c:\program files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe" [2008-10-25 32768]

"Google Update"="c:\users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-09 133104]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-02-28 1700864]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-06-25 2811392]

"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-06-25 2823784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

"NDSTray.exe"="NDSTray.exe" [bU]

 

c:\users\Vinicius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-12-2 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-25 14:32 271152 ----a-w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{39E286C0-F338-42C2-8096-366C0D324443}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8AB76158-F7DF-46E9-AD2E-0261C555F20B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1FDCC7BA-3230-47D9-B398-2695B9039EB6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{D49A0262-F74C-457C-80B2-628F188E17B9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{83458225-31EF-4C4D-A674-D8E88A71A672}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"TCP Query User{2409A81D-2E57-454A-B40F-F9AC36F69360}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{2AC88F61-CF9E-4B59-AB62-DA713228B07D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"{38899FF4-F9EA-409F-971E-F5B91C3E7648}"= UDP:3703:Adobe Version Cue CS3 Server

"{28FDC7C1-53D0-4599-9C8C-21BD06965211}"= UDP:3704:Adobe Version Cue CS3 Server

"{99149815-B1B2-436E-89B8-73F118C9DB65}"= UDP:50900:Adobe Version Cue CS3 Server

"{141AF415-42E8-40E3-BE4E-14E8139759F4}"= UDP:50901:Adobe Version Cue CS3 Server

"{C55959B7-AEB5-43B0-964C-B05168311854}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{C275096C-B17C-4350-8F71-9D424255DAEA}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"TCP Query User{362E03C2-CE57-490A-9EF6-F8677238340E}c:\\program files\\mozilla firefox 3.1 beta 1\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 1\firefox.exe:Firefox

"UDP Query User{E385F43E-809E-454F-BB59-27082643A7F5}c:\\program files\\mozilla firefox 3.1 beta 1\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 1\firefox.exe:Firefox

"{EC579774-28B7-49CF-B9B9-AB9C9F4A6711}"= TCP:67:0.0.0.0:DHCP Discovery Service

"{4D397852-83EF-4A47-98CA-E2083989F4B8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"TCP Query User{D8427433-9EEE-48A1-8AE4-3F8B28716D98}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{135AAFF6-DFD9-4A0F-807D-5E7360834712}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{F04E00A1-591A-48F2-B926-57DBB90F18A8}c:\\users\\vinicius\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\vinicius\appdata\local\google\chrome\application\chrome.exe:chrome.exe

"UDP Query User{4C5C31D8-5D6D-4CED-859C-64CCAD517563}c:\\users\\vinicius\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\vinicius\appdata\local\google\chrome\application\chrome.exe:chrome.exe

"TCP Query User{B71C9729-6742-42E9-AC38-A7CC9BAE368C}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service

"UDP Query User{EB4CA64E-FB06-4E55-B341-5F5612B39CBC}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service

"TCP Query User{69C64ADC-94DB-4E0B-842B-1A59CEACB54D}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)

"UDP Query User{C2254B08-42EB-489E-B93D-747564365441}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

 

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/12/2008 20:15 20384]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/05/2009 13:50 108289]

R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 04:19 40960]

R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [04/02/2009 10:56 52560]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [03/12/2007 22:03 126976]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]

R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [05/05/2008 15:06 7168]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [24/04/2008 23:35 73728]

R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\System32\drivers\sesc.sys [26/01/2009 20:35 12672]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [17/03/2009 13:42 13224]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [01/12/2008 20:15 954368]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [02/11/2007 10:47 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [02/11/2007 10:47 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [02/11/2007 10:47 109992]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [17/03/2009 13:23 100008]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\System32\drivers\sembbus.sys [26/01/2009 20:35 260992]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\System32\drivers\sembcard.sys [26/01/2009 20:35 337408]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\System32\drivers\sembmdfl2.sys [26/01/2009 20:35 14976]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\System32\drivers\sembmdm2.sys [26/01/2009 20:35 380672]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\System32\drivers\sembmgmt.sys [26/01/2009 20:35 343680]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\System32\drivers\sembnd5.sys [26/01/2009 20:35 24960]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\System32\drivers\sembunic.sys [26/01/2009 20:35 344064]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\System32\drivers\sembwwan.sys [26/01/2009 20:35 337408]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\System32\drivers\semcreserved.sys [26/01/2009 20:35 17408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-14 c:\windows\Tasks\SpeedOptimizer Startup.job

- c:\progra~1\speedo~1\SPO.exe [2009-06-28 06:14]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.speedbit.com/

mWindow Title =

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: netzero.com

Trusted Zone: netzero.net

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\users\Vinicius\AppData\Roaming\Mozilla\Firefox\Profiles\0uds1d14.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-14 14:34

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tempo para conclusão: 2009-07-14 14:36

ComboFix-quarantined-files.txt 2009-07-14 17:36

ComboFix2.txt 2009-07-13 14:30

 

Pré-execução: 109.285.543.936 bytes free

Pós execução: 109.261.594.624 bytes free

 

372 --- E O F --- 2009-07-13 18:00

Log HiJackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:39:49, on 14/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\DAP\DAP.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Explorer.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Vinicius\AppData\Local\Temp\Rar$EX00.919\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Wireless Manager] "C:\Program Files\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Vinicius\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www2.bancobrasil.com.br

O15 - Trusted Zone: *.netzero.com

O15 - Trusted Zone: *.netzero.net

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

 

--

End of file - 13049 bytes

[PedroN 1]

Poderia dizer a localização do vírus?

[vs. bastos 0]

Oglá, PedroN.

 

Então a localização que aparece aqui quando o avira acusa é: C:\Program Files\GbPlugin\gbieh.dll

 

Fui na pasta que ele se encontra e visualizei (não executei) os seguintes arquivos:

- bb.gpc

- gbieh.dll

- gbieh.gmd

- gbpsv.exe

 

Cara, estou achando que este trojan está começando a afetar o funcionamento do meu pc. Não sei se tem a ver, mas ontem a noite ele não ligou corretamente. Deu um "fatal error" durante a inicialização e escolhi uma opção "windows repair" recomendada. Ele reiniciou sozinho e ficou fazendo um barulho agudo apitando durante um tempo. Depois de muita peloja, inicializou. Será que isso tem a ver?

 

Agradeço a sua ajuda.

[PedroN 1]

Cara, estou achando que este trojan está começando a afetar o funcionamento do meu pc. Não sei se tem a ver, mas ontem a noite ele não ligou corretamente. Deu um "fatal error" durante a inicialização e escolhi uma opção "windows repair" recomendada. Ele reiniciou sozinho e ficou fazendo um barulho agudo apitando durante um tempo. Depois de muita peloja, inicializou. Será que isso tem a ver?

 

Não.

 

Então a localização que aparece aqui quando o avira acusa é: C:\Program Files\GbPlugin\gbieh.dll

 

Se trata de um falso positivo do seu Avira. O arquivo é legitimo, é apenas um plugin bancário. Tente atualizar o seu antivírus Avira. Esse falso positivo já foi consertado pela Avira.

 

Um abraço.

[vs. bastos 0]

Olá, Pedro.

 

Cara, muito muito obrigado pela sua ajuda. É muito bom poder contar com profissionais para estes casos, eu sozinho certamente não teria conseguido resolver.

 

Hoje, até agora, o avira não acusou o Banker. Fiz minha ultima atualização ontem a noite, então tá tudo resolvido.

 

Abraço.

 

Valeu!!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.