Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Lord C

[Arquivado] nao consigo instalar nenhum antivirus no meu pc

Recommended Posts

segue o log...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39:17, on 22/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\DOCUME~1\user\CONFIG~1\Temp\fxprf.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [473587591] "C:\Documents and Settings\All Users\Application Data\592675694\473587591.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [HP Software Update] "c:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [eSnips] "C:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [Downsys] C:\Documents and Settings\All Users\Dados de aplicativos\Windwnx32.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\user\CONFIG~1\Temp\E5.tmp.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Phone Remote Control.lnk = C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232074950484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE7B716B-C53E-47D4-9343-C2B1358BC420}: NameServer = 189.28.0.1,189.28.0.6

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)

O23 - Service: Application Updater - Unknown owner - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)

O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 14108 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá!

 

:seta: Siga primeiramente as dicas deste tutorial:

 

Tutorial do Findykill

______________________________

 

:seta: Depois de seguir o tutorial acima, sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Findykill que estará em C:\FindyKill.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o log do combofix

 

ComboFix 09-12-22.06 - ICM 23/12/2009 11:09:31.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1671 [GMT -2:00]

Executando de: c:\documents and settings\user\Desktop\ComboFix.exe

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Dealio Toolbar

c:\arquivos de programas\Dealio Toolbar\FF\chrome.manifest

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\chevron.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\chevron.xul

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\login.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\login.xul

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\parser.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\searchbox.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\searchbox.xul

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgichevron.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgicomm.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgihandling.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgilisteners.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul

c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgiui.js

c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd

c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd

c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties

c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\amazon.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\apple.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\barnes.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\bestbuy.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\chevron.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\ebay.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\icon_settings.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\macys.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\newegg.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\overstock.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-button.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-chevron.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_amazon.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_dealio.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_ebay.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\searchbox.css

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\separator.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\target.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\walmart.gif

c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css

c:\arquivos de programas\Dealio Toolbar\FF\components\config.ini

c:\arquivos de programas\Dealio Toolbar\FF\components\dealioToolbarFF.dll

c:\arquivos de programas\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt

c:\arquivos de programas\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt

c:\arquivos de programas\Dealio Toolbar\FF\install.rdf

c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\config.ini

c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

c:\arquivos de programas\Dealio Toolbar\Res\amazon.gif

c:\arquivos de programas\Dealio Toolbar\Res\apple.gif

c:\arquivos de programas\Dealio Toolbar\Res\barnes.gif

c:\arquivos de programas\Dealio Toolbar\Res\bestbuy.gif

c:\arquivos de programas\Dealio Toolbar\Res\dealio_logo.gif

c:\arquivos de programas\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\arquivos de programas\Dealio Toolbar\Res\ebay.gif

c:\arquivos de programas\Dealio Toolbar\Res\icon_settings.gif

c:\arquivos de programas\Dealio Toolbar\Res\macys.gif

c:\arquivos de programas\Dealio Toolbar\Res\newegg.gif

c:\arquivos de programas\Dealio Toolbar\Res\overstock.gif

c:\arquivos de programas\Dealio Toolbar\Res\search-button-hover.gif

c:\arquivos de programas\Dealio Toolbar\Res\search-button.gif

c:\arquivos de programas\Dealio Toolbar\Res\search-chevron-hover.gif

c:\arquivos de programas\Dealio Toolbar\Res\search-chevron.gif

c:\arquivos de programas\Dealio Toolbar\Res\search_amazon.gif

c:\arquivos de programas\Dealio Toolbar\Res\search_dealio.gif

c:\arquivos de programas\Dealio Toolbar\Res\search_ebay.gif

c:\arquivos de programas\Dealio Toolbar\Res\search_yahoo.gif

c:\arquivos de programas\Dealio Toolbar\Res\target.gif

c:\arquivos de programas\Dealio Toolbar\Res\walmart.gif

c:\arquivos de programas\Dealio Toolbar\Res\widgets.xml

c:\arquivos de programas\Dealio Toolbar\WidgiHelper.exe

c:\arquivos de programas\FunWebProducts

c:\arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\arquivos de programas\MyWebSearch

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3BKGERR.JPG

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3CJPEG.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3DTactl.dll

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HKSTUB.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3REGHK.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SCrctr.dll

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SPACER.WMV

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3WALLPP.DAT

c:\arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3HTml.dll

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3MEDINT.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3MSG.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3OUtlcn.dll

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL

c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSSrcas.dll

c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSSVC.EXE

c:\arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\avatar.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\common-x.css

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\common.css

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\ext_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\include.js

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\index.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\loader.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\loading.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\logo.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\max_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\max_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\min_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\min_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\noflash.htm

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\res_def.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\res_roll.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\spacer.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\spacer.swf

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\topgrad.gif

c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\window.ico

c:\arquivos de programas\MyWebSearch\bar\Cache\000510B1.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\0005240A.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\0005389B.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\0006A0A7

c:\arquivos de programas\MyWebSearch\bar\Cache\0012E3B1.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\0012E7D8.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\00208570

c:\arquivos de programas\MyWebSearch\bar\Cache\014627E9.bin

c:\arquivos de programas\MyWebSearch\bar\Cache\files.ini

c:\arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S

c:\arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S

c:\arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S

c:\arquivos de programas\MyWebSearch\bar\History\search3

c:\arquivos de programas\MyWebSearch\bar\icons\CM.ICO

c:\arquivos de programas\MyWebSearch\bar\icons\MFC.ICO

c:\arquivos de programas\MyWebSearch\bar\icons\PSS.ICO

c:\arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO

c:\arquivos de programas\MyWebSearch\bar\icons\WB.ICO

c:\arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\ask_logo.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\center.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\index.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\mid_dots.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\mws_logo.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\protect.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\shocked.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\stop.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\systray.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\systrayp.htm

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\tp_grad.gif

c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\warn.gif

c:\arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S

c:\arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm

c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat

c:\arquivos de programas\Search Settings

c:\arquivos de programas\Search Settings\FF\chrome.manifest

c:\arquivos de programas\Search Settings\FF\chrome\content\plugin.js

c:\arquivos de programas\Search Settings\FF\chrome\content\plugin.xul

c:\arquivos de programas\Search Settings\FF\chrome\content\protection.js

c:\arquivos de programas\Search Settings\FF\chrome\content\utils.js

c:\arquivos de programas\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd

c:\arquivos de programas\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties

c:\arquivos de programas\Search Settings\FF\components\IFBHOSearch.xpt

c:\arquivos de programas\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt

c:\arquivos de programas\Search Settings\FF\components\IFHelperPreferences.xpt

c:\arquivos de programas\Search Settings\FF\components\SearchSettingsFF.dll

c:\arquivos de programas\Search Settings\FF\install.rdf

c:\arquivos de programas\Search Settings\SeARchsettings.dll

c:\arquivos de programas\Search Settings\SearchSettingsRes409.dll

c:\arquivos de programas\SpeedBit Toolbar\Toolbar\tbhelper.dll

c:\documents and settings\All Users\Dados de aplicativos\CrucialSoft Ltd

c:\documents and settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090127200637250.log

c:\documents and settings\jbc\Menu Iniciar\Programas\System Security

c:\documents and settings\jbc\Menu Iniciar\Programas\System Security\System Security.lnk

C:\InfoSat.txt

c:\profec~1.exe\PROFec~1.exe

c:\windows\shnomes.inf

c:\windows\system32\f3PSSavr.scr

c:\windows\system32\Ld63NpcC.exe.a_a

c:\windows\system32\upd

c:\windows\system32\wins.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_TDSSserv.sys

-------\Service_dac970nt

-------\Service_MyWebSearchService

-------\Service_TDSSserv.sys

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-23 to 2009-12-23 ))))))))))))))))))))))))))))

.

 

2009-12-23 12:56 . 2009-12-23 12:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2009-12-23 12:56 . 2009-12-23 12:56 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2009-12-23 12:56 . 2009-09-28 22:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-12-23 12:26 . 2009-12-23 12:26 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2009-12-23 12:17 . 2001-07-09 12:50 229376 ----a-w- c:\windows\system32\NeroCheck.exe

2009-12-22 21:35 . 2009-12-22 21:35 479544 ----a-w- C:\HiJackThis.exe

2009-12-22 19:11 . 2009-12-22 19:24 -------- d-----w- C:\FindyKill

2009-12-22 18:53 . 2009-12-22 18:53 -------- d-----w- C:\VundoFix Backups

2009-12-21 11:23 . 2009-12-22 14:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2009-12-20 19:06 . 2009-12-21 00:39 -------- d-----w- c:\arquivos de programas\Mr. Palavras Cruzadas 6.0

2009-12-20 12:56 . 2009-12-20 12:56 -------- d-----w- c:\arquivos de programas\Palavras-Cruzadas 8.0

2009-12-19 20:29 . 2009-12-19 20:29 166658 ----a-w- c:\documents and settings\ICM\gbas.dll

2009-12-19 20:27 . 2009-01-13 19:42 113968 ----a-w- c:\documents and settings\jbc\Dados de aplicativos\Mozilla\Firefox\Profiles\u3ltnn0t.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-12-19 18:38 . 2009-12-19 18:38 -------- d-----w- c:\documents and settings\jbc\Dados de aplicativos\Search Settings

2009-12-19 18:38 . 2009-12-19 18:39 -------- d-----w- c:\documents and settings\jbc\Dados de aplicativos\Dealio

2009-12-19 11:50 . 2009-12-23 11:20 -------- d-----w- c:\documents and settings\izq\Meus documentos

2009-12-19 11:50 . 2009-12-19 11:50 -------- d-----w- c:\documents and settings\izq

2009-12-18 23:05 . 2009-12-19 20:25 152576 ----a-w- c:\documents and settings\ICM\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-18 21:39 . 2009-01-13 19:42 113968 ----a-w- c:\documents and settings\ICM\Dados de aplicativos\Mozilla\Firefox\Profiles\y1ld5rq0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-12-18 21:37 . 2009-12-10 17:54 1646472 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe

2009-12-18 21:01 . 2009-12-18 21:01 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Search Settings

2009-12-18 20:59 . 2009-12-18 20:59 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Dealio

2009-12-17 21:30 . 2009-12-17 21:30 -------- d-----w- c:\arquivos de programas\Application Updater

2009-12-16 20:41 . 2009-12-16 20:41 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-16 20:12 . 2009-12-19 20:21 79488 ----a-w- c:\documents and settings\ICM\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-16 18:58 . 2009-12-16 18:58 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-12-16 18:58 . 2009-12-16 18:58 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-12-16 18:02 . 2009-12-23 11:28 -------- d-----w- c:\documents and settings\ICM\Tracing

2009-12-15 15:48 . 2009-12-15 15:48 -------- d-----w- c:\windows\system32\NtmsData

2009-12-08 13:59 . 2009-12-08 13:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI

2009-12-07 22:35 . 2009-12-07 22:35 -------- d-----w- c:\documents and settings\ICM\WINDOWS

2009-12-04 18:40 . 2009-12-04 18:40 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Media Player Classic

2009-11-27 17:48 . 2009-11-27 17:48 45056 ----a-w- c:\windows\NCUNINST.EXE

2009-11-27 17:45 . 2009-11-27 17:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio

2009-11-27 15:57 . 2009-11-28 12:09 -------- d-----w- C:\book digital

2009-11-24 22:41 . 2009-11-24 22:41 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\PhoneRemoteControl

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-23 13:16 . 2009-04-13 15:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-23 12:22 . 2009-01-18 12:27 685816 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-22 19:33 . 2001-10-28 14:07 79660 ----a-w- c:\windows\system32\perfc016.dat

2009-12-22 19:33 . 2001-10-28 14:07 471610 ----a-w- c:\windows\system32\perfh016.dat

2009-12-22 00:44 . 2009-06-10 21:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-12-21 21:06 . 2009-01-31 16:09 -------- d-----w- c:\arquivos de programas\AVI MPEG WMV RM to MP3 Converter

2009-12-21 11:39 . 2009-01-24 17:30 -------- d-----w- c:\arquivos de programas\Winamp

2009-12-21 11:39 . 2009-01-21 11:48 -------- d-----w- c:\arquivos de programas\iTunes

2009-12-21 11:31 . 2007-04-19 04:26 1703936 ----a-w- c:\windows\system32\nwiz.exe

2009-12-21 11:31 . 2004-07-02 18:27 200704 ----a-w- c:\windows\system32\igfxpers.exe

2009-12-20 10:36 . 2009-02-25 00:17 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-19 20:26 . 2009-02-25 00:33 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-19 20:26 . 2009-01-20 19:27 -------- d-----w- c:\arquivos de programas\Java

2009-12-19 20:17 . 2009-12-19 20:17 0 ----a-w- c:\windows\system32\REN49.tmp

2009-12-19 20:17 . 2009-12-19 20:17 0 ----a-w- c:\windows\system32\REN48.tmp

2009-12-19 20:17 . 2009-12-19 20:17 0 ----a-w- c:\windows\system32\REN47.tmp

2009-12-19 16:29 . 2009-01-30 15:02 -------- d-----w- c:\arquivos de programas\Allok RM RMVB to AVI MPEG DVD Converter

2009-12-19 11:59 . 2009-01-21 11:48 -------- d-----w- c:\arquivos de programas\QuickTime

2009-12-19 11:50 . 2009-01-18 12:30 -------- d-----w- c:\arquivos de programas\DAEMON Tools

2009-12-18 22:00 . 2004-07-02 19:10 -------- d-----w- c:\arquivos de programas\Windows Live

2009-12-18 21:43 . 2009-02-25 00:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-12-18 20:13 . 2009-09-27 14:48 -------- d-----w- c:\arquivos de programas\Outcast

2009-12-18 15:29 . 2009-01-23 15:42 -------- d-----w- c:\arquivos de programas\Real Alternative

2009-12-17 21:28 . 2009-12-17 21:28 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\FreeAudioPack

2009-12-17 21:28 . 2009-12-17 21:28 -------- d-----w- c:\arquivos de programas\Free Audio Pack

2009-12-16 12:53 . 2004-07-02 18:25 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-16 12:31 . 2009-01-18 12:09 -------- d-----w- c:\arquivos de programas\Microsoft Games

2009-12-16 12:22 . 2009-01-16 23:53 -------- d-----w- c:\arquivos de programas\DDD Pool 1.2

2009-12-07 17:30 . 2009-02-25 00:17 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-12-04 01:55 . 2009-05-18 21:23 1536 ----a-w- c:\windows\system32\TrueSoft.dat

2009-11-27 15:56 . 2009-01-16 17:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-11-23 10:00 . 2009-11-23 10:00 -------- d-----w- c:\arquivos de programas\Phone Remote Control

2009-11-17 22:04 . 2009-03-20 13:30 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-11-17 22:04 . 2009-03-20 13:30 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-11-17 22:04 . 2009-11-17 22:04 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Corel

2009-11-10 15:32 . 2009-11-10 15:32 -------- d-----w- c:\arquivos de programas\directx

2009-11-08 13:22 . 2009-11-08 13:22 -------- d-----w- c:\arquivos de programas\ReadManiac

2009-11-04 17:30 . 2009-11-04 17:29 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Winamp

2009-11-02 13:07 . 2009-11-02 13:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2009-11-02 13:07 . 2009-11-02 13:07 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2009-10-30 19:40 . 2009-10-30 19:39 -------- d-----w- c:\arquivos de programas\MP3 Player Utilities 4.15

2009-10-30 19:39 . 2009-10-30 19:39 -------- d-----w- c:\arquivos de programas\LRC Editor 4

2009-10-28 22:47 . 2009-08-27 20:03 4 ----a-w- C:\timeStmp.tmp

2009-10-24 18:30 . 2009-10-24 18:30 -------- d-----w- c:\arquivos de programas\Eidos Interactive

.

 

------- Sigcheck -------

 

[-] 2008-04-24 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-10 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2009-06-10 21:43 66912 ----a-w- c:\arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-06-10 2598896]

 

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]

[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-06-10 2598896]

 

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]

[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-21 200704]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"nwiz"="nwiz.exe" [2009-12-21 1703936]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]

"DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 128920]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-12-21 284672]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-12-21 24064]

"PCTVOICE"="pctspk.exe" [2001-09-06 86016]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2009-12-21 49152]

"WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-12-21 36352]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-12-19 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\jbc\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 173568]

Registration-PCTV.lnk - c:\arquivos de programas\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe [2009-7-28 315392]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-12-21 241664]

Inicializa‡Æo r pida do HP Image Zone.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 126976]

Phone Remote Control.lnk - c:\arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-07 17:31 318240 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\ARQUIV~1\\MICROS~2\\Office12\\OIS.EXE"=

"c:\\WINDOWS\\system32\\nwiz.exe"=

"c:\\Arquivos de programas\\HP\\hpcoretech\\comp\\hptskmgr.exe"=

"c:\\Arquivos de programas\\Winamp\\winampa.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\DAEMON Tools\\daemon.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunesHelper.exe"=

"c:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jucheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\EA SPORTS\\FIFA 07\\fifa07.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTEM.EXE"=

"c:\\Arquivos de programas\\Phone Remote Control\\PhoneRemoteControl.exe"=

"c:\\DOCUME~1\\user\\CONFIG~1\\Temp\\winljrh.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/2/2009 22:17 30752]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/1/2009 10:27 685816]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/2/2009 22:17 54048]

S2 Application Updater;Application Updater;"c:\arquivos de programas\Application Updater\ApplicationUpdater.exe" --> c:\arquivos de programas\Application Updater\ApplicationUpdater.exe [?]

S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [15/2/2007 15:48 26624]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - DAC970NT

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d30179c-c57a-11de-8c2f-001e90e32006}]

\SHeLl\autopLAy\CommANd - J:\klhio.exe

\SHeLl\AutoRun\command - J:\klhio.exe

\SHeLl\expLoRE\CommAnD - J:\klhio.exe

\SHeLl\open\coMmanD - J:\klhio.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d30179d-c57a-11de-8c2f-001e90e32006}]

\sHeLl\AutOplaY\COmmAND - K:\ffmba.exe

\sHeLl\AutoRun\command - K:\ffmba.exe

\sHeLl\exPLOre\CoMmand - K:\ffmba.exe

\sHeLl\opEN\commanD - K:\ffmba.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51d192e6-5bde-11de-8aa9-001e90e32006}]

\Shell\AutoRun\command - e.com

\Shell\explore\Command - e.com

\Shell\open\Command - e.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b76963e-e6e6-11dd-ac68-001e90e32006}]

\Shell\AutoRun\command - e.com

\Shell\explore\Command - e.com

\Shell\open\Command - e.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc78c20f-55a6-11de-8a94-001e90e32006}]

\Shell\AutoRun\command - J:\npee.com

\Shell\open\Command - J:\npee.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebec783-f44e-11dd-8937-001e90e32006}]

\Shell\AutoRun\command - J:\a2h2.com

\Shell\open\Command - J:\a2h2.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db086b90-bcdd-11de-8c0d-001e90e32006}]

\ShEll\AUToplaY\command - eiqjs.exe

\ShEll\AutoRun\command - eiqjs.exe

\ShEll\ExpLoRe\CoMmanD - eiqjs.exe

\ShEll\oPEN\CoMmand - eiqjs.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db086b91-bcdd-11de-8c0d-001e90e32006}]

\shEll\AuTOplAY\cOmmAnd - K:\wtsux.pif

\shEll\AutoRun\command - K:\wtsux.pif

\shEll\EXploRE\ComMand - K:\wtsux.pif

\shEll\oPEN\CoMmaND - K:\wtsux.pif

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.speedbit.com/

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

FF - ProfilePath - c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\m2asbpou.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - component: c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\m2asbpou.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\m2asbpou.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-MSMSGS - c:\arquivos de programas\Messenger\msmsgs.exe

HKCU-Run-Cognac - c:\docume~1\user\CONFIG~1\Temp\E5.tmp.exe

HKLM-Run-Emurayden PSX Emulator - (no file)

HKLM-Run-ArcSoft Connection Service - c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

HKLM-Run-MyWebSearch Plugin - c:\arquiv~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL

HKLM-Run-My Web Search Bar Search Scope Monitor - c:\arquiv~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

HKLM-Run-ClientGW - (no file)

HKLM-Run-eSnips - c:\arquivos de programas\eSnips\ClientGW.exe

HKLM-Run-Downsys - c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe

AddRemove-18 Wheels of Steel: Haulin' - c:\arquivos de programas\18 Wheels of Steel Haulin\uninst.exe

AddRemove-A Bíblia Sagrada Versão Digital 6.0 Freeware_is1 - c:\arquivos de programas\ABSVD\unins000.exe

AddRemove-Adobe_719d6f144d0c086a0dfa7ff76bb9ac1 - c:\arquivos de programas\Arquivos comuns\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe

AddRemove-Adobe_b741c3c52d3108664cedeb2b76f6d96 - c:\arquivos de programas\Arquivos comuns\Adobe\Installers\b741c3c52d3108664cedeb2b76f6d96\Setup.exe

AddRemove-Allok RM RMVB to AVI MPEG DVD Converter_is1 - c:\arquivos de programas\Allok RM RMVB to AVI MPEG DVD Converter\unins000.exe

AddRemove-ENTERPRISE - c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe

AddRemove-HijackThis - c:\documents and settings\user\Meus documentos\Downloads\HijackThis.exe

AddRemove-InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} - c:\arquiv~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe

AddRemove-MSN Toolbar - c:\arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\mtbs.exe

AddRemove-Tradução Adobe Photoshop CS4_is1 - c:\arquivos de programas\Adobe\Adobe Photoshop CS4\Required\unins000.exe

AddRemove-Uninstall_is1 - c:\arquivos de programas\Arquivos comuns\DVDVideoSoft\unins000.exe

AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\izq\Dados de aplicativos\Mozilla\Firefox\Profiles\17vsjakb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-23 11:17

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B9F1E8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3

\Driver\ACPI -> ACPI.sys @ 0xf74accb8

\Driver\atapi -> 0x89b9f1e8

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe

ParseProcedure -> ntoskrnl.exe @ 0x80570a6e

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe

ParseProcedure -> ntoskrnl.exe @ 0x80570a6e

NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7a20ba0

PacketIndicateHandler -> NDIS.sys @ 0xf7a2db21

SendHandler -> NDIS.sys @ 0xf7a0b87b

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(800)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

 

- - - - - - - > 'explorer.exe'(3608)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\MsiExec.exe

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\docume~1\user\CONFIG~1\Temp\winljrh.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-23 11:23:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-23 13:23

 

Pré-execução: 23 pasta(s) 76.724.736.000 bytes disponíveis

Pós execução: 26 pasta(s) 77.434.105.856 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot Loader]

Timeout=2

Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 3F555CF1E9DD14B44D0CFF335ABF34B6

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o novo log do hijackthis como pediu....

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:32, on 23/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\DOCUME~1\user\CONFIG~1\Temp\winljrh.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [HP Software Update] "c:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Phone Remote Control.lnk = C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232074950484

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE7B716B-C53E-47D4-9343-C2B1358BC420}: NameServer = 189.28.0.1,189.28.0.6

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)

O23 - Service: Application Updater - Unknown owner - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)

O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 11859 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Combofix.

_________________________________

 

:!: Faltou você executar o Findykill e postar o log dele que estará em C:\FindyKill.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

rsrsrs tinha me esquecido desse...mais ai esta.

 

 

############################## | FindyKill V5.021 |

 

# User : user (Administradores) # USER-E65B94EEE3

# Update on 10/12/2009 by Chiquitine29

# Start at: 17:14:37 | 22/12/2009

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Processador Intel Pentium II

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

# Internet Explorer 7.0.5730.13

# Windows Firewall Status : Enabled

 

# A:\ # Unidade de disquete de 3 1/2 polegadas

# C:\ # Disco fixo local # 232,88 Go (61,74 Go free) # NTFS

# D:\ # Disco CD-ROM

# E:\ # Disco CD-ROM

# F:\ # Disco CD-ROM

# G:\ # Disco CD-ROM

# H:\ # Disco CD-ROM

# I:\ # Disco CD-ROM

 

############################## | Processos ativos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | C: |

 

 

################## | C:\WINDOWS |

 

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\user\Dados de aplicativos |

 

 

################## | Supressão Outros ... |

 

################## | Temporary Internet Files |

 

 

################## | Registro / Chaves infeciosas |

 

Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusOverride"

Supprimido ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "FirewallOverride"

Supprimido ! [HKLM\software\microsoft\security center] "UacDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center\Svc] "AntiVirusDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"

Supprimido ! [HKLM\software\microsoft\security center\Svc] "FirewallDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"

Supprimido ! [HKLM\software\microsoft\security center\Svc] "UacDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center\Svc] "UpdatesDisableNotify"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

 

################## | Estado / Serviços / Informações |

 

# Safe mode : OK

 

 

# Affichagem dos arquivos ocultos : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | PEH ... |

 

 

################## | Cracks / Keygens / Serials |

 

"C:\Archivos de Programa\The Sims 2 - Expan‡äes\THE SIMS 2 OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe"

15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492

 

"C:\Arquivos de programas\EA GAMES\THE SIMS 2 - OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe"

15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492

 

"C:\Arquivos de programas\Hide-IP-Browser\crack.exe"

10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650

 

"C:\Documents and Settings\ICM\Meus documentos\Meus documentos\Programas\Hide-Ip-Browser v1.0\Hide-Ip-Browser v1.0\Crack\crack.exe"

10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650

 

 

################## | ! Fim do relatório # FindyKill V5.021 ! |

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários problemas foram removidos pelo Findykill.

________________________________

 

################## | Cracks / Keygens / Serials |

 

"C:\Archivos de Programa\The Sims 2 - Expan‡äes\THE SIMS 2 OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe"

15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492

 

"C:\Arquivos de programas\EA GAMES\THE SIMS 2 - OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe"

15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492

 

"C:\Arquivos de programas\Hide-IP-Browser\crack.exe"

10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650

 

"C:\Documents and Settings\ICM\Meus documentos\Meus documentos\Programas\Hide-Ip-Browser v1.0\Hide-Ip-Browser v1.0\Crack\crack.exe"

10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650

:!: É muito importante desinstalar programas crackeados e/ou pirateados que existam em seu PC, pois a maioria deles traz virus e malwares embutidos.

______________________________________

 

:seta: Siga também as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com o log do Usbfix que estará em C:\UsbFix.txt e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.