[Resolvido!] Problemas com malwares e virus

May-chan · Outubro 2, 2009

Oi! Estou com uns probleminhas aqui e gostaria de saber se poderiam me ajudar...

Ontem meu antivirus (avast) detectou duas infecções nos arquivos "C:\t2hjo0.exe" e "C:\9jyhdim8.exe", e disse ter removido os mesmos.Até então eu não havia tido nenhum problema com o pc, estava rodando normalmente, mas a partir daí o windows live messenger começou a desconectar sozinho. Ele não fechava o processo do msn, só desconectava da minha conta. Isso foi o que mais me incomodou, pois até agora não consigo ficar logada nem por 5 min no msn.

Entao fui na pasta meu computador e tentei entrar na unidade C:\, o que aconteceu foi que a unidade abriu em uma outra janela, mas a configuração estava para abrir na mesma, entao comecei a estranhar. Tambem reparei que a barra de endereços já nao mostrava mais "C:\documents and settings\Administrador" ou "C:\arquivos de programas" por exemplo, mostrava apenas "documents and settings","administrador" ou "arquivos de programas"... sei que não deveria ser assim então logo deduzi que a tal infecção nao tinha sido removida. ah e tambem não consigo exibir os arquivos e pastas ocultos.

Bem, eu executei novamente o antivirus avast, e ele não detectou nada, depois usei o Malwarebytes' Anti-Malware e ele encontrou 1 módulo de memória infectado, 18 chaves do registro infectadas, 2 valores do registro infectados, 2 itens de registro infectados e 5 arquivos infectados. Os problemas foram ditos resolvidos e movidos para quarentena.

Módulos de Memória Infectados:
C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> Delete on reboot.

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\-----\Configurações locais\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\Documents and Settings\-----\Configurações locais\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\-----\Configurações locais\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Reiniciei o Pc, e consegui visualizar os arquivos ocultos, porem ao tentar entrar no C: pelo meu computador nao abria outra janela, mas abria aquela janela do windows "Abri com:" (para o usuario decidir qual melhor programa para abrir o arquivo).

Executei o Dr. Web CureIt que encontrou mais dois arquivos infectados com "Trojan.PWS.Wsgame.12661", arquivos "C:\9jyhdim8.exe"(o mesmo que o avast disse ter excluido) e "C:\rg9g9bgq.exe". O programa disse ter eliminado os arquivos infectados, mas ao reiniciar não houveram diferenças. Então usei o Findykill e no final do processo o C:\ voltou a ser aberto em outra janela quando pelo "meu computador" e os arquivos e pastas ocultos voltaram a nao querer aparecer mais.

Executei novamente o Malwarebyte, que encontrou mais 1 chaves de registro infectada, 1 valor de Registro infectado, 1 item de registro infectado e 3 arquivos infectados.

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue

(Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\Documents and Settings\----\Configurações locais\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\Documents and Settings\----\Configurações locais\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\----\Configurações locais\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Reiniciei o windows e continuava tudo igual. Limpei o pc com o CCleaner e executei o Glary Utilities, que encontrou e corrigiu, ou disse ter corrigido, mais 13 problemas no registro. Mas ainda assim nada resolveu. O avast detectou novamente os mesmos arquivos ditos excluidos "C:\t2hjo0.exe" e "C:\9jyhdim8.exe".

Pensei em restaurar o sistema, mas pelo que estou vendo não adiantaria nada entao nao o fiz. Já não sei o que fazer, entao vim para o fórum =/ .

Está ai o log do hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:40, on 1/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\FAMILI~1\CONFIG~1\Temp\herss.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 8479 bytes

Seria muito bom se alguem pudesse me dar uma ajudinha, não gostaria de formatar o hd duas vezes em 3 meses, rsrs...

Desde já agradeço.

Mil Beijos =***

DigRam · Outubro 2, 2009

Boa Noite! May-chan

<@> Baixe: < > ( ...by sUBs )

<!> Link-2 --> < ForoSpyware >

<!> Link-3 --> < GeeksToGo >

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

May-chan · Outubro 2, 2009

Muitissimo obrigada DigRam! Graças a sua ajuda os problemas foram resolvidos!

abaixo o log do Combofix e do hijack para confirmar.

Combofix:

ComboFix 09-10-01.01 - Administrador 01/10/2009 23:17.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.648 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091001-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\AskSearch\bin\DeFAultsearch.dll

C:\autorun.inf

c:\docume~1\FAMILI~1\CONFIG~1\Temp\cvasds0.dll

C:\t2hjo0.exe

D:\9jyhdim8.exe

D:\Autorun.inf

D:\rg9g9bgq.exe

D:\t2hjo0.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-02 to 2009-10-02 ))))))))))))))))))))))))))))

.

2009-10-01 23:25 . 2009-10-01 23:28 -------- d-----w- C:\SDFix

2009-10-01 23:17 . 2009-10-01 23:27 -------- d-----w- C:\LinhaDefensiva

2009-10-01 21:41 . 2009-10-01 23:39 -------- d-----w- C:\Hijack

2009-10-01 15:15 . 2009-10-01 16:53 -------- d-----w- C:\FindyKill

2009-10-01 01:39 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-01 01:39 . 2009-10-01 01:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-10-01 01:39 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-01 01:39 . 2009-10-01 01:40 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-30 14:04 . 2009-10-02 01:29 -------- d-----w- C:\TEMP

2009-09-28 23:06 . 2009-09-29 18:25 -------- d-----w- c:\arquivos de programas\Y

2009-09-26 00:05 . 2009-09-26 00:05 -------- d-----w- c:\arquivos de programas\Free PDF to Word Doc Converter

2009-09-25 16:47 . 2009-09-25 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2009-09-25 16:47 . 2009-09-25 16:47 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2009-09-25 14:54 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-09-25 14:37 . 2009-09-25 14:52 -------- d-----w- c:\windows\system32\XPSViewer

2009-09-25 14:34 . 2009-09-25 14:34 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-09-25 14:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-09-25 14:24 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-25 14:24 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-25 14:24 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-25 14:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-09-25 14:23 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-09-25 14:23 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-09-25 01:13 . 2009-09-27 00:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-09-22 15:27 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-22 15:27 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-22 15:27 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-09-22 15:27 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-22 15:27 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-09-22 15:27 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-09-22 15:27 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-22 15:27 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-22 15:24 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-22 15:24 . 2009-09-22 15:24 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-09-22 15:14 . 2008-02-07 20:10 -------- d-----w- C:\ckis

2009-09-22 13:24 . 2009-09-22 13:24 -------- d-----w- C:\found.000

2009-09-20 19:46 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-09-20 19:46 . 2008-04-13 22:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-09-19 17:54 . 2009-09-19 17:54 -------- d-----w- c:\arquivos de programas\Overland

2009-09-19 17:15 . 2009-09-19 17:27 103509 ----a-w- c:\windows\hpoins04.dat

2009-09-19 17:15 . 2004-06-22 16:09 17176 ------w- c:\windows\hpomdl04.dat

2009-09-19 17:14 . 2004-06-22 16:09 90112 ----a-w- c:\windows\system32\hpovst08.dll

2009-09-19 17:14 . 2004-06-22 16:09 180315 ----a-w- c:\windows\system32\hpzsnt10.dll

2009-09-19 17:14 . 2004-06-22 16:09 196608 ----a-w- c:\windows\system32\hpzcoi10.dll

2009-09-19 17:14 . 2004-06-22 16:09 344064 ----a-w- c:\windows\system32\hpzcon10.dll

2009-09-19 15:27 . 2009-09-19 15:27 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS

2009-09-18 16:47 . 2009-09-18 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2009-09-18 09:32 . 2009-09-29 19:04 2068 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-17 23:47 . 2009-09-17 23:47 -------- d--h--w- c:\windows\PIF

2009-09-16 16:02 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-09-16 16:02 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-09-16 16:02 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-09-16 16:02 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-09-16 16:02 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-09-16 12:10 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-09-16 12:09 . 2009-09-16 12:09 -------- d-----w- c:\windows\ie8updates

2009-09-16 12:08 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-09-16 12:08 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-09-16 12:08 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-09-16 12:08 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-09-16 12:08 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-09-16 12:08 . 2009-07-19 21:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-09-16 12:03 . 2009-09-16 12:07 -------- dc-h--w- c:\windows\ie8

2009-09-15 18:30 . 2008-04-25 21:41 218624 ----a-w- c:\windows\system32\uxtheme.dll

2009-09-14 20:49 . 2008-04-13 22:20 39936 ------w- c:\windows\system32\dimsroam.dll

2009-09-14 16:52 . 2009-09-14 16:53 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-09-14 13:52 . 2009-09-14 13:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-09-14 13:52 . 2009-09-14 14:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-09-14 13:52 . 2009-09-14 13:52 -------- d-----w- c:\arquivos de programas\Nero

2009-09-14 02:07 . 2009-09-28 16:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-09-14 00:05 . 2009-09-14 00:06 -------- d-----w- c:\arquivos de programas\Project64 1.6

2009-09-13 22:35 . 2009-09-14 20:38 -------- d-----w- c:\windows\ServicePackFiles

2009-09-13 22:27 . 2009-09-13 22:27 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-09-13 19:09 . 2009-09-13 19:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-09-13 16:38 . 2009-09-13 16:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-09-13 16:33 . 2009-09-13 16:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-09-13 16:33 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-09-13 16:33 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-09-13 16:03 . 2003-12-11 14:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll

2009-09-13 16:03 . 2003-12-11 14:15 44544 ----a-r- c:\windows\system32\MSXML4a.dll

2009-09-13 16:03 . 2003-12-11 14:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll

2009-09-13 16:03 . 2003-12-11 14:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll

2009-09-13 16:02 . 2009-09-13 16:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-09-13 15:50 . 2009-09-13 15:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-09-13 15:43 . 2009-09-13 15:46 -------- d-----w- c:\windows\system32\URTTemp

2009-09-13 15:37 . 2004-06-22 16:09 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys

2009-09-13 15:37 . 2004-06-22 16:09 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys

2009-09-13 15:36 . 2004-06-22 16:09 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys

2009-09-13 15:36 . 2008-04-13 14:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-09-13 15:36 . 2008-04-13 14:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-09-13 15:18 . 2009-09-19 18:05 -------- d-----w- c:\arquivos de programas\HP

2009-09-13 15:14 . 2009-09-13 16:11 29367 ----a-w- c:\windows\hpoins03.dat

2009-09-13 15:14 . 2004-02-26 06:17 38868 ------w- c:\windows\hpomdl03.dat

2009-09-13 15:05 . 2009-09-13 15:05 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2009-09-13 14:58 . 2009-09-13 14:58 639224 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-09-13 14:52 . 2006-10-26 22:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-09-13 14:42 . 2009-09-13 14:42 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-09-13 14:41 . 2009-09-25 14:36 -------- d-----w- c:\arquivos de programas\MSBuild

2009-09-13 14:16 . 2009-09-13 14:38 -------- d-----w- c:\windows\SHELLNEW

2009-09-13 14:15 . 2009-09-13 22:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-09-13 14:13 . 2009-09-13 14:13 -------- d-----r- C:\MSOCache

2009-09-13 13:32 . 2009-09-25 00:53 -------- d-----w- c:\arquivos de programas\Notepad++

2009-09-13 13:00 . 2009-09-13 19:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-09-13 12:56 . 2003-08-11 13:07 14604 ----a-w- c:\windows\system32\drivers\pfc.sys

2009-09-13 12:56 . 2003-08-11 13:13 344064 ----a-r- c:\windows\system32\msvcr70.dll

2009-09-13 12:53 . 2009-09-13 12:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-13 11:11 . 2009-09-13 11:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-13 02:08 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-09-13 01:15 . 2009-09-13 01:15 -------- d-----w- c:\arquivos de programas\Crcle Developement

2009-09-13 01:15 . 2009-09-13 01:15 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-13 01:08 . 2009-09-13 01:08 -------- d-----w- c:\arquivos de programas\Microsoft

2009-09-13 01:07 . 2009-09-13 01:07 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-13 01:06 . 2009-09-13 01:08 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-13 00:47 . 2009-09-13 00:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-13 00:46 . 2009-09-13 00:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2009-09-13 00:46 . 2009-09-13 00:47 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-09-13 00:23 . 2009-09-13 00:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-09-13 00:23 . 2009-09-13 00:23 -------- d-----r- c:\arquivos de programas\Skype

2009-09-13 00:22 . 2009-09-13 00:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-09-13 00:19 . 2009-09-13 00:19 -------- d-----w- c:\arquivos de programas\Video Encoder

2009-09-13 00:16 . 2009-09-13 00:17 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-09-13 00:15 . 2009-09-13 00:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-09-13 00:14 . 2007-03-18 23:37 65602 ----a-w- c:\windows\system32\cook3260.dll

2009-09-13 00:14 . 2006-09-29 15:26 176165 ----a-w- c:\windows\system32\drv23260.dll

2009-09-13 00:14 . 2006-09-29 15:25 208935 ----a-w- c:\windows\system32\drv33260.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-01 17:01 . 2001-10-28 12:07 476876 ----a-w- c:\windows\system32\perfh016.dat

2009-10-01 17:01 . 2001-10-28 12:07 82770 ----a-w- c:\windows\system32\perfc016.dat

2009-09-12 15:12 . 2009-09-12 14:23 22980 ----a-w- c:\windows\system32\emptyregdb.dat

2009-09-12 14:33 . 2009-09-12 14:33 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-12 14:27 . 2009-09-12 14:27 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-09-12 14:26 . 2009-09-12 14:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2006-06-05 19:58 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:36 . 2006-06-05 19:58 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-07-17 20:20 279944 ----a-w- c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlpo_01"="md" [X]

"nlpo_02"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

"nlpo_03"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"C-Media Mixer"=Mixer.exe /startup

"PCTVOICE"=pctspk.exe

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe"

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"NeroFilterCheck"=c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/9/2009 12:27 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/9/2009 12:27 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-10-01 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-09-12 22:27]

.

.

------- Scan Suplementar -------

.

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\dfvzz7nv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-01 23:28

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-10-02 23:34

ComboFix-quarantined-files.txt 2009-10-02 02:33

Pré-execução: 5.592.383.488 bytes disponíveis

Pós execução: 5.557.813.248 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

264 --- E O F --- 2009-09-28 16:47

hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59:49, on 1/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 8163 bytes

Valew mesmo hein!!!

beijos _o/

DigRam · Outubro 2, 2009

Bom Dia! May-chan

<@> Abra o HijackThis --> Clique: Do a system scan only

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...68&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.c...&gct=&gc=1&q=%s

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

<@> Marque,àcima,estas entradas! --> Clique em Fix checked --> Sim!

<><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

File::
c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

Folder::

c:\arquivos de programas\AskBarDis\bar\bin

c:\arquivos de programas\AskBarDis\bar

c:\arquivos de programas\AskBarDis

C:\LinhaDefensiva

C:\found.000

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

May-chan · Outubro 2, 2009

Boa tarde!

Ai o log do Combofix e Hijack atualizado

Combofix:

ComboFix 09-10-01.01 - Administrador 02/10/2009 16:26.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.698 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::

"c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\AskBarDis

c:\arquivos de programas\AskBarDis\bar\bin\askPopStp.dll

c:\arquivos de programas\AskBarDis\bar\bin\psvince.dll

c:\arquivos de programas\AskBarDis\bar\Cache\000F2A7F.bin

c:\arquivos de programas\AskBarDis\bar\Cache\000F2F58.bin

c:\arquivos de programas\AskBarDis\bar\Cache\000F31F7.bin

c:\arquivos de programas\AskBarDis\bar\Cache\000F343C.bin

c:\arquivos de programas\AskBarDis\bar\Cache\000F3627.bin

c:\arquivos de programas\AskBarDis\bar\Cache\000F383A.bin

c:\arquivos de programas\AskBarDis\bar\Cache\files.ini

c:\arquivos de programas\AskBarDis\bar\History\search

c:\arquivos de programas\AskBarDis\bar\Settings\config.dat

c:\arquivos de programas\AskBarDis\bar\Settings\config.dat.bak

c:\arquivos de programas\AskBarDis\bar\Settings\prevcfg.htm

c:\arquivos de programas\AskBarDis\unins000.dat

c:\arquivos de programas\AskBarDis\unins000.exe

C:\found.000

c:\found.000\dir0000.chk\cch~11f6096d4.htp

c:\found.000\dir0000.chk\cch~11f673b53.htp

c:\found.000\dir0000.chk\cch~11feec0c3.htp

c:\found.000\dir0000.chk\cch~11ff17637.htp

c:\found.000\dir0000.chk\cch~120f283d6.htp

c:\found.000\dir0000.chk\cch~120f2ad9e.htp

c:\found.000\dir0000.chk\cch~120f9ca68.htp

c:\found.000\dir0000.chk\cch~120fe90e5.htp

c:\found.000\dir0000.chk\cch~1210df180.htp

c:\found.000\dir0000.chk\cch~121125ebe.htp

c:\found.000\dir0000.chk\cch~12125c37e.htp

c:\found.000\dir0000.chk\cch~12125eb7c.htp

c:\found.000\dir0000.chk\cch~12132803d.htp

c:\found.000\dir0000.chk\cch~12138c553.htp

c:\found.000\dir0000.chk\cch~121a61293.htp

c:\found.000\dir0000.chk\cch~121a90e17.htp

c:\found.000\dir0000.chk\cch~1239a782a.htp

c:\found.000\dir0000.chk\cch~1239f5b9f.htp

c:\found.000\dir0000.chk\cch~1352c8752.htp

c:\found.000\dir0000.chk\cch~1352e44b4.htp

c:\found.000\dir0000.chk\cch~1356dfa78.htp

c:\found.000\dir0000.chk\cch~1356e878d.htp

c:\found.000\dir0000.chk\cch~1371437c3.htp

c:\found.000\dir0000.chk\cch~137192431.htp

c:\found.000\dir0000.chk\cch~13726458c.htp

c:\found.000\dir0000.chk\cch~1372bf31d.htp

c:\found.000\dir0000.chk\cch~138c7d7f6.htp

c:\found.000\dir0000.chk\cch~138c97dbb.htp

c:\found.000\dir0000.chk\cch~13a0f560e.htp

c:\found.000\dir0000.chk\cch~13a1300b7.htp

c:\found.000\dir0000.chk\cch~14f55c1da.htp

c:\found.000\dir0000.chk\cch~14f5bd50e.htp

c:\found.000\dir0000.chk\cch~15d5fb26d.htp

c:\found.000\dir0000.chk\cch~15d5ffc1a.htp

c:\found.000\dir0000.chk\cch~16eb078ce.htp

c:\found.000\dir0000.chk\cch~16eb0af9e.htp

c:\found.000\dir0000.chk\cch~17ab85f1e.htp

c:\found.000\dir0000.chk\cch~17abc696a.htp

c:\found.000\dir0000.chk\cch~17b218b59.htp

c:\found.000\dir0000.chk\cch~17b21e1f5.htp

c:\found.000\dir0000.chk\cch~181c41cc8.htp

c:\found.000\dir0000.chk\cch~181cacf37.htp

c:\found.000\dir0000.chk\cch~181ea96b0.htp

c:\found.000\dir0000.chk\cch~181eccbb9.htp

c:\found.000\dir0000.chk\cch~181f6b5af.htp

c:\found.000\dir0000.chk\cch~182008912.htp

c:\found.000\dir0000.chk\cch~1820dabb5.htp

c:\found.000\dir0000.chk\cch~18210122e.htp

c:\found.000\dir0000.chk\cch~18215f066.htp

c:\found.000\dir0000.chk\cch~18217dde0.htp

c:\found.000\dir0000.chk\cch~18250621e.htp

c:\found.000\dir0000.chk\cch~18250cc32.htp

c:\found.000\dir0000.chk\cch~1827ffcbd.htp

c:\found.000\dir0000.chk\cch~182803596.htp

c:\found.000\dir0000.chk\cch~182e3d4d1.htp

c:\found.000\dir0000.chk\cch~182e6027c.htp

c:\found.000\dir0000.chk\cch~183384d8a.htp

c:\found.000\dir0000.chk\cch~1833a2118.htp

c:\found.000\dir0000.chk\cch~1836899d8.htp

c:\found.000\dir0000.chk\cch~183696e4b.htp

c:\found.000\dir0000.chk\cch~1839ccfe2.htp

c:\found.000\dir0000.chk\cch~183a6cbbf.htp

c:\found.000\dir0000.chk\cch~18748c089.htp

c:\found.000\dir0000.chk\cch~1874b34c6.htp

c:\found.000\dir0000.chk\cch~194b4216c.htp

c:\found.000\dir0000.chk\cch~194bc3353.htp

c:\found.000\dir0000.chk\cch~194c9a2bb.htp

c:\found.000\dir0000.chk\cch~194cfed10.htp

c:\found.000\dir0000.chk\cch~194e4c071.htp

c:\found.000\dir0000.chk\cch~194eb7f91.htp

c:\found.000\dir0000.chk\cch~19502cbd5.htp

c:\found.000\dir0000.chk\cch~195048f54.htp

c:\found.000\dir0000.chk\cch~19533b636.htp

c:\found.000\dir0000.chk\cch~1953a848d.htp

c:\found.000\dir0000.chk\cch~19da2f8b2.htp

c:\found.000\dir0000.chk\cch~19da747a9.htp

c:\found.000\dir0000.chk\cch~19daf1919.htp

c:\found.000\dir0000.chk\cch~19db2993c.htp

c:\found.000\dir0000.chk\cch~19dbf25eb.htp

c:\found.000\dir0000.chk\cch~19dc2944a.htp

c:\found.000\dir0000.chk\cch~19e0aa3cb.htp

c:\found.000\dir0000.chk\cch~19e0ad127.htp

c:\found.000\dir0000.chk\cch~19e70dd8e.htp

c:\found.000\dir0000.chk\cch~19e7478c2.htp

c:\found.000\dir0000.chk\cch~19e82c60d.htp

c:\found.000\dir0000.chk\cch~19e874b96.htp

c:\found.000\dir0000.chk\cch~1a3ba8f22.htp

c:\found.000\dir0000.chk\cch~1a3be0ff1.htp

c:\found.000\dir0000.chk\cch~1a3cb94e9.htp

c:\found.000\dir0000.chk\cch~1a3cbc7e5.htp

c:\found.000\dir0000.chk\cch~1a41386be.htp

c:\found.000\dir0000.chk\cch~1a41702e3.htp

c:\found.000\dir0000.chk\cch~1ac86b5ef.htp

c:\found.000\dir0000.chk\cch~1ac86dea6.htp

c:\found.000\dir0000.chk\cch~1ac91e685.htp

c:\found.000\dir0000.chk\cch~1ac987b83.htp

c:\found.000\dir0000.chk\cch~1aca29486.htp

c:\found.000\dir0000.chk\cch~1aca8c470.htp

c:\found.000\dir0000.chk\cch~1acb5eb34.htp

c:\found.000\dir0000.chk\cch~1acb97ef3.htp

c:\found.000\dir0000.chk\cch~1acc17b07.htp

c:\found.000\dir0000.chk\cch~1acc60434.htp

c:\found.000\dir0000.chk\cch~1accf5d40.htp

c:\found.000\dir0000.chk\cch~1accff3e9.htp

c:\found.000\dir0000.chk\cch~1b057a4dc.htp

c:\found.000\dir0000.chk\cch~1b057d04b.htp

c:\found.000\dir0000.chk\cch~1b0906d32.htp

c:\found.000\dir0000.chk\cch~1b09098c5.htp

c:\found.000\dir0000.chk\cch~1b155f6d9.htp

c:\found.000\dir0000.chk\cch~1b1684fa3.htp

c:\found.000\dir0000.chk\cch~1c151f651.htp

c:\found.000\dir0000.chk\cch~1c1558efb.htp

c:\found.000\dir0000.chk\cch~1f449dda0.htp

c:\found.000\dir0000.chk\cch~1f450c0dd.htp

c:\found.000\dir0000.chk\cch~22602f985.htp

c:\found.000\dir0000.chk\cch~226044a88.htp

c:\found.000\dir0000.chk\cch~2326b4eb2.htp

c:\found.000\dir0000.chk\cch~2326c9f0f.htp

c:\found.000\dir0000.chk\cch~47e2e14c.htp

c:\found.000\dir0000.chk\cch~47e3c1df.htp

c:\found.000\dir0000.chk\cch~4a3aac9b7.htp

c:\found.000\dir0000.chk\cch~4a3af7587.htp

c:\found.000\dir0000.chk\cch~4dc6ef93.htp

c:\found.000\dir0000.chk\cch~4dc7fbcf.htp

c:\found.000\dir0000.chk\cch~4dce113b.htp

c:\found.000\dir0000.chk\cch~4dcf14b0.htp

c:\found.000\dir0000.chk\cch~4e0864b6.htp

c:\found.000\dir0000.chk\cch~4e088cb6.htp

c:\found.000\dir0000.chk\cch~4ecdfc57.htp

c:\found.000\dir0000.chk\cch~4ed13ea1.htp

c:\found.000\dir0000.chk\cch~4ee01e1b.htp

c:\found.000\dir0000.chk\cch~4ee12801.htp

c:\found.000\dir0000.chk\cch~4f2f0264.htp

c:\found.000\dir0000.chk\cch~4f304d25.htp

c:\found.000\dir0000.chk\cch~4fb1e517.htp

c:\found.000\dir0000.chk\cch~4fb440af.htp

c:\found.000\dir0000.chk\cch~4fc2f4f2.htp

c:\found.000\dir0000.chk\cch~4fcc3b1d.htp

c:\found.000\dir0000.chk\cch~5516c6d0.htp

c:\found.000\dir0000.chk\cch~551757f9.htp

c:\found.000\dir0000.chk\cch~55284e2d.htp

c:\found.000\dir0000.chk\cch~5528774f.htp

c:\found.000\dir0000.chk\cch~5532b4aa.htp

c:\found.000\dir0000.chk\cch~553eca4b.htp

c:\found.000\dir0000.chk\cch~63410cfa.htp

c:\found.000\dir0000.chk\cch~634138d7.htp

c:\found.000\dir0000.chk\cch~67211de54.htp

c:\found.000\dir0000.chk\cch~67216c320.htp

c:\found.000\dir0000.chk\cch~6861ce2c7.htp

c:\found.000\dir0000.chk\cch~6861d11c6.htp

c:\found.000\dir0000.chk\cch~68a74180b.htp

c:\found.000\dir0000.chk\cch~68a7448ea.htp

c:\found.000\dir0000.chk\cch~68cfaeb2d.htp

c:\found.000\dir0000.chk\cch~68cfb194f.htp

c:\found.000\dir0000.chk\cch~68d9a7cb9.htp

c:\found.000\dir0000.chk\cch~68da38852.htp

c:\found.000\dir0000.chk\cch~68db54138.htp

c:\found.000\dir0000.chk\cch~68dba37a3.htp

c:\found.000\dir0000.chk\cch~6c31f58a2.htp

c:\found.000\dir0000.chk\cch~6c323ad10.htp

c:\found.000\dir0000.chk\cch~6d6ee0c10.htp

c:\found.000\dir0000.chk\cch~6d6f05790.htp

c:\found.000\dir0000.chk\cch~6dae66d94.htp

c:\found.000\dir0000.chk\cch~6dae8df5e.htp

c:\found.000\dir0000.chk\cch~6dd3fb6ad.htp

c:\found.000\dir0000.chk\cch~6dd3fe557.htp

c:\found.000\dir0000.chk\cch~6e203fba4.htp

c:\found.000\dir0000.chk\cch~6e207512e.htp

c:\found.000\dir0000.chk\cch~6eaf2cec2.htp

c:\found.000\dir0000.chk\cch~6eaf784bd.htp

c:\found.000\dir0000.chk\cch~6f95c4bee.htp

c:\found.000\dir0000.chk\cch~6f9631a5e.htp

c:\found.000\dir0000.chk\cch~6f966cdbb.htp

c:\found.000\dir0000.chk\cch~6f96c7e16.htp

c:\found.000\dir0000.chk\cch~6fa61b58d.htp

c:\found.000\dir0000.chk\cch~6fa65ef4f.htp

c:\found.000\dir0000.chk\cch~701da7b30.htp

c:\found.000\dir0000.chk\cch~701dd3bc1.htp

c:\found.000\dir0000.chk\cch~75d8e6b0.htp

c:\found.000\dir0000.chk\cch~75e608fe.htp

c:\found.000\dir0000.chk\cch~a1c24561.htp

c:\found.000\dir0000.chk\cch~a1c9fd03.htp

c:\found.000\dir0000.chk\cch~b2f27797.htp

c:\found.000\dir0000.chk\cch~b2f36d1b.htp

c:\found.000\dir0000.chk\cch~b33e905c.htp

c:\found.000\dir0000.chk\cch~b3436c32.htp

c:\found.000\dir0000.chk\cch~c147af32.htp

c:\found.000\dir0000.chk\cch~c147ddc9.htp

c:\found.000\dir0000.chk\cch~c1541f28.htp

c:\found.000\dir0000.chk\cch~c1575a2b.htp

c:\found.000\dir0000.chk\cch~c83b6427.htp

c:\found.000\dir0000.chk\cch~c83b9773.htp

c:\found.000\dir0000.chk\cch~c849e6e5.htp

c:\found.000\dir0000.chk\cch~c84d947e.htp

c:\found.000\dir0000.chk\cch~cbc45a48.htp

c:\found.000\dir0000.chk\cch~cbc91a68.htp

c:\found.000\dir0000.chk\cch~cbd7a34a.htp

c:\found.000\dir0000.chk\cch~cbdcbdc3.htp

c:\found.000\dir0000.chk\cch~cbe4ffaf.htp

c:\found.000\dir0000.chk\cch~cbe993b0.htp

c:\found.000\dir0000.chk\cch~e2c99768.htp

c:\found.000\dir0000.chk\cch~e2cdc3e2.htp

c:\found.000\dir0000.chk\cch~e3afcf45.htp

c:\found.000\dir0000.chk\cch~e3b856e0.htp

c:\found.000\dir0000.chk\HP000000.IDX

c:\found.000\dir0000.chk\HP000001.PDL

c:\found.000\dir0000.chk\hpzcoi00.log

c:\found.000\dir0000.chk\hpzcoi01.log

c:\found.000\dir0000.chk\hpzcoi02.log

c:\found.000\dir0000.chk\hpzcoi03.log

c:\found.000\dir0000.chk\hpzcoi04.log

c:\found.000\dir0000.chk\hpzcoi05.log

c:\found.000\dir0000.chk\hpzcoi06.log

c:\found.000\dir0000.chk\hpzcoi07.log

c:\found.000\dir0000.chk\hpzcoi08.log

c:\found.000\dir0000.chk\hpzcoi09.log

c:\found.000\dir0000.chk\netfxsl.log

c:\found.000\dir0000.chk\NetFxUpdate_v1.1.4322.log

c:\found.000\dir0000.chk\Perflib_Perfdata_234.dat

c:\found.000\dir0000.chk\Perflib_Perfdata_748.dat

c:\found.000\dir0000.chk\Perflib_Perfdata_750.dat

c:\found.000\dir0000.chk\Perflib_Perfdata_754.dat

c:\found.000\dir0000.chk\Perflib_Perfdata_758.dat

c:\found.000\dir0000.chk\Perflib_Perfdata_75c.dat

c:\found.000\dir0000.chk\servic000.log

c:\found.000\dir0000.chk\servic001.log

c:\found.000\dir0000.chk\servic002.log

c:\found.000\dir0000.chk\servic003.log

c:\found.000\dir0001.chk\desktop.ini

c:\found.000\dir0001.chk\History.IE5\desktop.ini

c:\found.000\dir0001.chk\History.IE5\index.dat

c:\found.000\dir0001.chk\History.IE5\MSHist012009090720090914\index.dat

c:\found.000\dir0001.chk\History.IE5\MSHist012009091520090916\index.dat

c:\found.000\dir0002.chk\Media Player\CurrentDatabase_59R.wmdb

c:\found.000\dir0002.chk\Windows Media\9.0\WMSDKNS.DTD

c:\found.000\dir0002.chk\Windows Media\9.0\WMSDKNS.XML

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\QUA\backup.reg

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-appdata

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-md5

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-reg

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\reflist\reg-proxy

c:\linhadefensiva\RegKeys.txt

c:\linhadefensiva\regremove

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-02 to 2009-10-02 ))))))))))))))))))))))))))))

.

2009-10-02 19:09 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-10-02 19:09 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-10-02 19:09 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-10-02 19:09 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-10-02 19:09 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-10-02 19:09 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-10-02 19:09 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-10-02 19:09 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-10-02 19:08 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-02 13:24 . 2009-10-02 13:24 -------- d-----w- C:\$AVG8.VAULT$

2009-10-02 10:02 . 2009-10-02 10:02 -------- d-----w- c:\arquivos de programas\AVG

2009-10-02 10:02 . 2009-10-02 19:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-10-01 23:25 . 2009-10-01 23:28 -------- d-----w- C:\SDFix

2009-10-01 21:41 . 2009-10-02 19:19 -------- d-----w- C:\Hijack

2009-10-01 15:15 . 2009-10-01 16:53 -------- d-----w- C:\FindyKill

2009-10-01 01:39 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-01 01:39 . 2009-10-01 01:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-10-01 01:39 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-01 01:39 . 2009-10-01 01:40 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-30 14:04 . 2009-10-02 01:29 -------- d-----w- C:\TEMP

2009-09-28 23:06 . 2009-09-29 18:25 -------- d-----w- c:\arquivos de programas\Y

2009-09-26 00:05 . 2009-09-26 00:05 -------- d-----w- c:\arquivos de programas\Free PDF to Word Doc Converter

2009-09-25 16:47 . 2009-09-25 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2009-09-25 16:47 . 2009-09-25 16:47 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2009-09-25 14:54 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-09-25 14:37 . 2009-09-25 14:52 -------- d-----w- c:\windows\system32\XPSViewer

2009-09-25 14:34 . 2009-09-25 14:34 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-09-25 14:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-09-25 14:24 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-25 14:24 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-25 14:24 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-25 14:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-09-25 14:23 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-09-25 14:23 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-09-25 01:13 . 2009-09-27 00:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-09-22 15:24 . 2009-09-22 15:24 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-09-22 15:14 . 2008-02-07 20:10 -------- d-----w- C:\ckis

2009-09-20 19:46 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-09-20 19:46 . 2008-04-13 22:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-09-19 17:54 . 2009-09-19 17:54 -------- d-----w- c:\arquivos de programas\Overland

2009-09-19 17:15 . 2009-09-19 17:27 103509 ----a-w- c:\windows\hpoins04.dat

2009-09-19 17:15 . 2004-06-22 16:09 17176 ------w- c:\windows\hpomdl04.dat

2009-09-19 17:14 . 2004-06-22 16:09 90112 ----a-w- c:\windows\system32\hpovst08.dll

2009-09-19 17:14 . 2004-06-22 16:09 180315 ----a-w- c:\windows\system32\hpzsnt10.dll

2009-09-19 17:14 . 2004-06-22 16:09 196608 ----a-w- c:\windows\system32\hpzcoi10.dll

2009-09-19 17:14 . 2004-06-22 16:09 344064 ----a-w- c:\windows\system32\hpzcon10.dll

2009-09-19 15:27 . 2009-09-19 15:27 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS

2009-09-18 16:47 . 2009-09-18 16:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2009-09-18 09:32 . 2009-09-29 19:04 2068 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-17 23:47 . 2009-09-17 23:47 -------- d--h--w- c:\windows\PIF

2009-09-16 16:02 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-09-16 16:02 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-09-16 16:02 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-09-16 16:02 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-09-16 16:02 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-09-16 12:10 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-09-16 12:09 . 2009-09-16 12:09 -------- d-----w- c:\windows\ie8updates

2009-09-16 12:08 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-09-16 12:08 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-09-16 12:08 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-09-16 12:08 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-09-16 12:08 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-09-16 12:08 . 2009-07-19 21:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-09-16 12:03 . 2009-09-16 12:07 -------- dc-h--w- c:\windows\ie8

2009-09-15 18:30 . 2008-04-25 21:41 218624 ----a-w- c:\windows\system32\uxtheme.dll

2009-09-14 20:49 . 2008-04-13 22:20 39936 ------w- c:\windows\system32\dimsroam.dll

2009-09-14 16:52 . 2009-09-14 16:53 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-09-14 13:52 . 2009-09-14 13:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-09-14 13:52 . 2009-09-14 14:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-09-14 13:52 . 2009-09-14 13:52 -------- d-----w- c:\arquivos de programas\Nero

2009-09-14 02:07 . 2009-09-28 16:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-09-14 00:05 . 2009-09-14 00:06 -------- d-----w- c:\arquivos de programas\Project64 1.6

2009-09-13 22:35 . 2009-09-14 20:38 -------- d-----w- c:\windows\ServicePackFiles

2009-09-13 22:27 . 2009-09-13 22:27 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-09-13 19:09 . 2009-09-13 19:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-09-13 16:38 . 2009-09-13 16:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-09-13 16:33 . 2009-09-13 16:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-09-13 16:33 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-09-13 16:33 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-09-13 16:03 . 2003-12-11 14:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll

2009-09-13 16:03 . 2003-12-11 14:15 44544 ----a-r- c:\windows\system32\MSXML4a.dll

2009-09-13 16:03 . 2003-12-11 14:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll

2009-09-13 16:03 . 2003-12-11 14:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll

2009-09-13 16:02 . 2009-09-13 16:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-09-13 15:50 . 2009-09-13 15:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2009-09-13 15:43 . 2009-09-13 15:46 -------- d-----w- c:\windows\system32\URTTemp

2009-09-13 15:37 . 2004-06-22 16:09 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys

2009-09-13 15:37 . 2004-06-22 16:09 51088 ----a-w- c:\windows\system32\drivers\hpzid412.sys

2009-09-13 15:36 . 2004-06-22 16:09 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys

2009-09-13 15:36 . 2008-04-13 14:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-09-13 15:36 . 2008-04-13 14:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-09-13 15:18 . 2009-09-19 18:05 -------- d-----w- c:\arquivos de programas\HP

2009-09-13 15:14 . 2009-09-13 16:11 29367 ----a-w- c:\windows\hpoins03.dat

2009-09-13 15:14 . 2004-02-26 06:17 38868 ------w- c:\windows\hpomdl03.dat

2009-09-13 15:05 . 2009-09-13 15:05 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2009-09-13 14:58 . 2009-09-13 14:58 639224 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-09-13 14:52 . 2006-10-26 22:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-09-13 14:42 . 2009-09-13 14:42 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-09-13 14:41 . 2009-09-25 14:36 -------- d-----w- c:\arquivos de programas\MSBuild

2009-09-13 14:16 . 2009-09-13 14:38 -------- d-----w- c:\windows\SHELLNEW

2009-09-13 14:15 . 2009-09-13 22:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-09-13 14:13 . 2009-09-13 14:13 -------- d-----r- C:\MSOCache

2009-09-13 13:32 . 2009-09-25 00:53 -------- d-----w- c:\arquivos de programas\Notepad++

2009-09-13 13:00 . 2009-09-13 19:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-09-13 12:56 . 2003-08-11 13:07 14604 ----a-w- c:\windows\system32\drivers\pfc.sys

2009-09-13 12:56 . 2003-08-11 13:13 344064 ----a-r- c:\windows\system32\msvcr70.dll

2009-09-13 12:53 . 2009-09-13 12:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-13 11:11 . 2009-09-13 11:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-13 02:08 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-09-13 01:15 . 2009-09-13 01:15 -------- d-----w- c:\arquivos de programas\Crcle Developement

2009-09-13 01:15 . 2009-09-13 01:15 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-13 01:08 . 2009-09-13 01:08 -------- d-----w- c:\arquivos de programas\Microsoft

2009-09-13 01:07 . 2009-09-13 01:07 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-13 01:06 . 2009-09-13 01:08 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-13 00:47 . 2009-09-13 00:47 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-13 00:46 . 2009-09-13 00:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2009-09-13 00:46 . 2009-09-13 00:47 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-09-13 00:23 . 2009-09-13 00:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-09-13 00:23 . 2009-09-13 00:23 -------- d-----r- c:\arquivos de programas\Skype

2009-09-13 00:22 . 2009-09-13 00:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-09-13 00:19 . 2009-09-13 00:19 -------- d-----w- c:\arquivos de programas\Video Encoder

2009-09-13 00:16 . 2009-09-13 00:17 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-09-13 00:15 . 2009-09-13 00:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-09-13 00:14 . 2007-03-18 23:37 65602 ----a-w- c:\windows\system32\cook3260.dll

2009-09-13 00:14 . 2006-09-29 15:26 176165 ----a-w- c:\windows\system32\drv23260.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-01 17:01 . 2001-10-28 12:07 476876 ----a-w- c:\windows\system32\perfh016.dat

2009-10-01 17:01 . 2001-10-28 12:07 82770 ----a-w- c:\windows\system32\perfc016.dat

2009-09-12 15:12 . 2009-09-12 14:23 22980 ----a-w- c:\windows\system32\emptyregdb.dat

2009-09-12 14:33 . 2009-09-12 14:33 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-12 14:27 . 2009-09-12 14:27 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-09-12 14:26 . 2009-09-12 14:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2006-06-05 19:58 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:36 . 2006-06-05 19:58 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlpo_01"="md" [X]

"nlpo_02"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

"nlpo_03"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"C-Media Mixer"=Mixer.exe /startup

"PCTVOICE"=pctspk.exe

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe"

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"NeroFilterCheck"=c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\SpacialAudio\\SAMBC\\SAMBC.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]

S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - AvgLdx86

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-10-02 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-09-12 22:27]

.

.

------- Scan Suplementar -------

.

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\dfvzz7nv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-Ask Toolbar_is1 - c:\arquivos de programas\AskBarDis\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-02 16:39

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-10-02 16:45

ComboFix-quarantined-files.txt 2009-10-02 19:45

ComboFix2.txt 2009-10-02 03:00

Pré-execução: 5.385.342.976 bytes disponíveis

Pós execução: 5.353.852.928 bytes disponíveis

570 --- E O F --- 2009-09-28 16:47

E o log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:13, on 2/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 7737 bytes

:D valeeeww DigRam!

_o/

DigRam · Outubro 2, 2009

Boa Noite! May-chan

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

°°°°°°°°°°°°°°°°°°°°°

<@> Ps: A remoção,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\combofix" /u

<@> Clique OK.

°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < > CCleaner

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo backup. ( .reg )

<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

°°°°°°°°°°°°°°°°°°°°°

<!> Seu log está limpo! :thumbsup:

<!> Tudo Ok?

Abraços!

May-chan · Outubro 3, 2009

Ai DigRam, está tudo ok... muito obrigada mesmo!

Estou realmente agradecida pela ajuda que me deram aqui!

see ya!! _o/

DigRam · Outubro 3, 2009

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Entrar

Arquivado

[Resolvido!] Problemas com malwares e virus

Recommended Posts

May-chan 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

May-chan 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

May-chan 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

May-chan 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Este projeto é apoiado pelas empresas

Fóruns

Tempo Real

Informação importante