Lord C 0 Denunciar post Postado Dezembro 22, 2009 segue o log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39:17, on 22/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\DOCUME~1\user\CONFIG~1\Temp\fxprf.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [473587591] "C:\Documents and Settings\All Users\Application Data\592675694\473587591.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\ARQUIV~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h O4 - HKLM\..\Run: [eSnips] "C:\Arquivos de programas\eSnips\ClientGW.exe" O4 - HKLM\..\Run: [Downsys] C:\Documents and Settings\All Users\Dados de aplicativos\Windwnx32.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\user\CONFIG~1\Temp\E5.tmp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Phone Remote Control.lnk = C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232074950484 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CE7B716B-C53E-47D4-9343-C2B1358BC420}: NameServer = 189.28.0.1,189.28.0.6 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing) O23 - Service: Application Updater - Unknown owner - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing) O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14108 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Dezembro 22, 2009 :) Olá! :seta: Siga primeiramente as dicas deste tutorial: Tutorial do Findykill ______________________________ :seta: Depois de seguir o tutorial acima, sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos); 3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar. 4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura. Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente. Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA. Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”. Clique sobre “SIM” para continuar a varredura. 5) O ComboFix iniciará o AUTOSCAN (aguarde). ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco). Ao término do processo a máquina será reiniciada para a emissão do relatório. 6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt. 7) Reabilite o seu anti-vírus; OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo! Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento; OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB. * Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N". * Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar"; Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log do Findykill que estará em C:\FindyKill.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Lord C 0 Denunciar post Postado Dezembro 23, 2009 segue o log do combofix ComboFix 09-12-22.06 - ICM 23/12/2009 11:09:31.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1671 [GMT -2:00] Executando de: c:\documents and settings\user\Desktop\ComboFix.exe . ADS - system32: deleted 2 bytes in 1 streams. ADS - drivers: deleted 204 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\Dealio Toolbar c:\arquivos de programas\Dealio Toolbar\FF\chrome.manifest c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\chevron.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\chevron.xul c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\login.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\login.xul c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\parser.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\searchbox.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\arquivos de programas\Dealio Toolbar\FF\chrome\content\widgiui.js c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\arquivos de programas\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\apple.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\macys.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\separator.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\target.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\arquivos de programas\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\arquivos de programas\Dealio Toolbar\FF\components\config.ini c:\arquivos de programas\Dealio Toolbar\FF\components\dealioToolbarFF.dll c:\arquivos de programas\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\arquivos de programas\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\arquivos de programas\Dealio Toolbar\FF\install.rdf c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\config.ini c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll c:\arquivos de programas\Dealio Toolbar\Res\amazon.gif c:\arquivos de programas\Dealio Toolbar\Res\apple.gif c:\arquivos de programas\Dealio Toolbar\Res\barnes.gif c:\arquivos de programas\Dealio Toolbar\Res\bestbuy.gif c:\arquivos de programas\Dealio Toolbar\Res\dealio_logo.gif c:\arquivos de programas\Dealio Toolbar\Res\dealio_logo_hover.gif c:\arquivos de programas\Dealio Toolbar\Res\ebay.gif c:\arquivos de programas\Dealio Toolbar\Res\icon_settings.gif c:\arquivos de programas\Dealio Toolbar\Res\macys.gif c:\arquivos de programas\Dealio Toolbar\Res\newegg.gif c:\arquivos de programas\Dealio Toolbar\Res\overstock.gif c:\arquivos de programas\Dealio Toolbar\Res\search-button-hover.gif c:\arquivos de programas\Dealio Toolbar\Res\search-button.gif c:\arquivos de programas\Dealio Toolbar\Res\search-chevron-hover.gif c:\arquivos de programas\Dealio Toolbar\Res\search-chevron.gif c:\arquivos de programas\Dealio Toolbar\Res\search_amazon.gif c:\arquivos de programas\Dealio Toolbar\Res\search_dealio.gif c:\arquivos de programas\Dealio Toolbar\Res\search_ebay.gif c:\arquivos de programas\Dealio Toolbar\Res\search_yahoo.gif c:\arquivos de programas\Dealio Toolbar\Res\target.gif c:\arquivos de programas\Dealio Toolbar\Res\walmart.gif c:\arquivos de programas\Dealio Toolbar\Res\widgets.xml c:\arquivos de programas\Dealio Toolbar\WidgiHelper.exe c:\arquivos de programas\FunWebProducts c:\arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\arquivos de programas\MyWebSearch c:\arquivos de programas\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\arquivos de programas\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3DTactl.dll c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HKSTUB.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\arquivos de programas\MyWebSearch\bar\1.bin\F3REGHK.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SCrctr.dll c:\arquivos de programas\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\arquivos de programas\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\arquivos de programas\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\arquivos de programas\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\arquivos de programas\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\M3HTml.dll c:\arquivos de programas\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\M3MSG.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\arquivos de programas\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\arquivos de programas\MyWebSearch\bar\1.bin\M3OUtlcn.dll c:\arquivos de programas\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSSrcas.dll c:\arquivos de programas\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\arquivos de programas\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\avatar.htm c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\bgfader.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\common-x.css c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\common.css c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\ext_def.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\include.js c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\index.htm c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\loader.htm c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\loading.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\logo.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\max_def.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\max_roll.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\min_def.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\min_roll.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\noflash.htm c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\res_def.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\res_roll.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\spacer.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\spacer.swf c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\topgrad.gif c:\arquivos de programas\MyWebSearch\bar\Avatar\COMMON\window.ico c:\arquivos de programas\MyWebSearch\bar\Cache\000510B1.bin c:\arquivos de programas\MyWebSearch\bar\Cache\0005240A.bin c:\arquivos de programas\MyWebSearch\bar\Cache\0005389B.bin c:\arquivos de programas\MyWebSearch\bar\Cache\0006A0A7 c:\arquivos de programas\MyWebSearch\bar\Cache\0012E3B1.bin c:\arquivos de programas\MyWebSearch\bar\Cache\0012E7D8.bin c:\arquivos de programas\MyWebSearch\bar\Cache\00208570 c:\arquivos de programas\MyWebSearch\bar\Cache\014627E9.bin c:\arquivos de programas\MyWebSearch\bar\Cache\files.ini c:\arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S c:\arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S c:\arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S c:\arquivos de programas\MyWebSearch\bar\History\search3 c:\arquivos de programas\MyWebSearch\bar\icons\CM.ICO c:\arquivos de programas\MyWebSearch\bar\icons\MFC.ICO c:\arquivos de programas\MyWebSearch\bar\icons\PSS.ICO c:\arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO c:\arquivos de programas\MyWebSearch\bar\icons\WB.ICO c:\arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO c:\arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\ask_logo.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.htm c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\center.htm c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\index.htm c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\mid_dots.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\mws_logo.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\protect.htm c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\shocked.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\stop.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\systray.htm c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\systrayp.htm c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\tp_grad.gif c:\arquivos de programas\MyWebSearch\bar\Message\COMMON\warn.gif c:\arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S c:\arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm c:\arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat c:\arquivos de programas\Search Settings c:\arquivos de programas\Search Settings\FF\chrome.manifest c:\arquivos de programas\Search Settings\FF\chrome\content\plugin.js c:\arquivos de programas\Search Settings\FF\chrome\content\plugin.xul c:\arquivos de programas\Search Settings\FF\chrome\content\protection.js c:\arquivos de programas\Search Settings\FF\chrome\content\utils.js c:\arquivos de programas\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd c:\arquivos de programas\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties c:\arquivos de programas\Search Settings\FF\components\IFBHOSearch.xpt c:\arquivos de programas\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt c:\arquivos de programas\Search Settings\FF\components\IFHelperPreferences.xpt c:\arquivos de programas\Search Settings\FF\components\SearchSettingsFF.dll c:\arquivos de programas\Search Settings\FF\install.rdf c:\arquivos de programas\Search Settings\SeARchsettings.dll c:\arquivos de programas\Search Settings\SearchSettingsRes409.dll c:\arquivos de programas\SpeedBit Toolbar\Toolbar\tbhelper.dll c:\documents and settings\All Users\Dados de aplicativos\CrucialSoft Ltd c:\documents and settings\All Users\Dados de aplicativos\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090127200637250.log c:\documents and settings\jbc\Menu Iniciar\Programas\System Security c:\documents and settings\jbc\Menu Iniciar\Programas\System Security\System Security.lnk C:\InfoSat.txt c:\profec~1.exe\PROFec~1.exe c:\windows\shnomes.inf c:\windows\system32\f3PSSavr.scr c:\windows\system32\Ld63NpcC.exe.a_a c:\windows\system32\upd c:\windows\system32\wins.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DAC970NT -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_TDSSserv.sys -------\Service_dac970nt -------\Service_MyWebSearchService -------\Service_TDSSserv.sys (((((((((((((((( Arquivos/Ficheiros criados de 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))) . 2009-12-23 12:56 . 2009-12-23 12:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited 2009-12-23 12:56 . 2009-12-23 12:56 -------- d-----w- c:\arquivos de programas\CDBurnerXP 2009-12-23 12:56 . 2009-09-28 22:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-12-23 12:26 . 2009-12-23 12:26 -------- d-----w- c:\arquivos de programas\Alcohol Soft 2009-12-23 12:17 . 2001-07-09 12:50 229376 ----a-w- c:\windows\system32\NeroCheck.exe 2009-12-22 21:35 . 2009-12-22 21:35 479544 ----a-w- C:\HiJackThis.exe 2009-12-22 19:11 . 2009-12-22 19:24 -------- d-----w- C:\FindyKill 2009-12-22 18:53 . 2009-12-22 18:53 -------- d-----w- C:\VundoFix Backups 2009-12-21 11:23 . 2009-12-22 14:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9 2009-12-20 19:06 . 2009-12-21 00:39 -------- d-----w- c:\arquivos de programas\Mr. Palavras Cruzadas 6.0 2009-12-20 12:56 . 2009-12-20 12:56 -------- d-----w- c:\arquivos de programas\Palavras-Cruzadas 8.0 2009-12-19 20:29 . 2009-12-19 20:29 166658 ----a-w- c:\documents and settings\ICM\gbas.dll 2009-12-19 20:27 . 2009-01-13 19:42 113968 ----a-w- c:\documents and settings\jbc\Dados de aplicativos\Mozilla\Firefox\Profiles\u3ltnn0t.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll 2009-12-19 18:38 . 2009-12-19 18:38 -------- d-----w- c:\documents and settings\jbc\Dados de aplicativos\Search Settings 2009-12-19 18:38 . 2009-12-19 18:39 -------- d-----w- c:\documents and settings\jbc\Dados de aplicativos\Dealio 2009-12-19 11:50 . 2009-12-23 11:20 -------- d-----w- c:\documents and settings\izq\Meus documentos 2009-12-19 11:50 . 2009-12-19 11:50 -------- d-----w- c:\documents and settings\izq 2009-12-18 23:05 . 2009-12-19 20:25 152576 ----a-w- c:\documents and settings\ICM\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 21:39 . 2009-01-13 19:42 113968 ----a-w- c:\documents and settings\ICM\Dados de aplicativos\Mozilla\Firefox\Profiles\y1ld5rq0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll 2009-12-18 21:37 . 2009-12-10 17:54 1646472 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe 2009-12-18 21:01 . 2009-12-18 21:01 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Search Settings 2009-12-18 20:59 . 2009-12-18 20:59 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Dealio 2009-12-17 21:30 . 2009-12-17 21:30 -------- d-----w- c:\arquivos de programas\Application Updater 2009-12-16 20:41 . 2009-12-16 20:41 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-12-16 20:12 . 2009-12-19 20:21 79488 ----a-w- c:\documents and settings\ICM\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-16 18:58 . 2009-12-16 18:58 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2009-12-16 18:58 . 2009-12-16 18:58 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector 2009-12-16 18:02 . 2009-12-23 11:28 -------- d-----w- c:\documents and settings\ICM\Tracing 2009-12-15 15:48 . 2009-12-15 15:48 -------- d-----w- c:\windows\system32\NtmsData 2009-12-08 13:59 . 2009-12-08 13:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\KONAMI 2009-12-07 22:35 . 2009-12-07 22:35 -------- d-----w- c:\documents and settings\ICM\WINDOWS 2009-12-04 18:40 . 2009-12-04 18:40 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Media Player Classic 2009-11-27 17:48 . 2009-11-27 17:48 45056 ----a-w- c:\windows\NCUNINST.EXE 2009-11-27 17:45 . 2009-11-27 17:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio 2009-11-27 15:57 . 2009-11-28 12:09 -------- d-----w- C:\book digital 2009-11-24 22:41 . 2009-11-24 22:41 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\PhoneRemoteControl . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-23 13:16 . 2009-04-13 15:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-12-23 12:22 . 2009-01-18 12:27 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-22 19:33 . 2001-10-28 14:07 79660 ----a-w- c:\windows\system32\perfc016.dat 2009-12-22 19:33 . 2001-10-28 14:07 471610 ----a-w- c:\windows\system32\perfh016.dat 2009-12-22 00:44 . 2009-06-10 21:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-12-21 21:06 . 2009-01-31 16:09 -------- d-----w- c:\arquivos de programas\AVI MPEG WMV RM to MP3 Converter 2009-12-21 11:39 . 2009-01-24 17:30 -------- d-----w- c:\arquivos de programas\Winamp 2009-12-21 11:39 . 2009-01-21 11:48 -------- d-----w- c:\arquivos de programas\iTunes 2009-12-21 11:31 . 2007-04-19 04:26 1703936 ----a-w- c:\windows\system32\nwiz.exe 2009-12-21 11:31 . 2004-07-02 18:27 200704 ----a-w- c:\windows\system32\igfxpers.exe 2009-12-20 10:36 . 2009-02-25 00:17 -------- d-----w- c:\arquivos de programas\GbPlugin 2009-12-19 20:26 . 2009-02-25 00:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-19 20:26 . 2009-01-20 19:27 -------- d-----w- c:\arquivos de programas\Java 2009-12-19 20:17 . 2009-12-19 20:17 0 ----a-w- c:\windows\system32\REN49.tmp 2009-12-19 20:17 . 2009-12-19 20:17 0 ----a-w- c:\windows\system32\REN48.tmp 2009-12-19 20:17 . 2009-12-19 20:17 0 ----a-w- c:\windows\system32\REN47.tmp 2009-12-19 16:29 . 2009-01-30 15:02 -------- d-----w- c:\arquivos de programas\Allok RM RMVB to AVI MPEG DVD Converter 2009-12-19 11:59 . 2009-01-21 11:48 -------- d-----w- c:\arquivos de programas\QuickTime 2009-12-19 11:50 . 2009-01-18 12:30 -------- d-----w- c:\arquivos de programas\DAEMON Tools 2009-12-18 22:00 . 2004-07-02 19:10 -------- d-----w- c:\arquivos de programas\Windows Live 2009-12-18 21:43 . 2009-02-25 00:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-12-18 20:13 . 2009-09-27 14:48 -------- d-----w- c:\arquivos de programas\Outcast 2009-12-18 15:29 . 2009-01-23 15:42 -------- d-----w- c:\arquivos de programas\Real Alternative 2009-12-17 21:28 . 2009-12-17 21:28 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\FreeAudioPack 2009-12-17 21:28 . 2009-12-17 21:28 -------- d-----w- c:\arquivos de programas\Free Audio Pack 2009-12-16 12:53 . 2004-07-02 18:25 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-12-16 12:31 . 2009-01-18 12:09 -------- d-----w- c:\arquivos de programas\Microsoft Games 2009-12-16 12:22 . 2009-01-16 23:53 -------- d-----w- c:\arquivos de programas\DDD Pool 1.2 2009-12-07 17:30 . 2009-02-25 00:17 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2009-12-04 01:55 . 2009-05-18 21:23 1536 ----a-w- c:\windows\system32\TrueSoft.dat 2009-11-27 15:56 . 2009-01-16 17:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-11-23 10:00 . 2009-11-23 10:00 -------- d-----w- c:\arquivos de programas\Phone Remote Control 2009-11-17 22:04 . 2009-03-20 13:30 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2009-11-17 22:04 . 2009-03-20 13:30 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2009-11-17 22:04 . 2009-11-17 22:04 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Corel 2009-11-10 15:32 . 2009-11-10 15:32 -------- d-----w- c:\arquivos de programas\directx 2009-11-08 13:22 . 2009-11-08 13:22 -------- d-----w- c:\arquivos de programas\ReadManiac 2009-11-04 17:30 . 2009-11-04 17:29 -------- d-----w- c:\documents and settings\ICM\Dados de aplicativos\Winamp 2009-11-02 13:07 . 2009-11-02 13:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-11-02 13:07 . 2009-11-02 13:07 -------- d-----w- c:\arquivos de programas\DVDVideoSoft 2009-10-30 19:40 . 2009-10-30 19:39 -------- d-----w- c:\arquivos de programas\MP3 Player Utilities 4.15 2009-10-30 19:39 . 2009-10-30 19:39 -------- d-----w- c:\arquivos de programas\LRC Editor 4 2009-10-28 22:47 . 2009-08-27 20:03 4 ----a-w- C:\timeStmp.tmp 2009-10-24 18:30 . 2009-10-24 18:30 -------- d-----w- c:\arquivos de programas\Eidos Interactive . ------- Sigcheck ------- [-] 2008-04-24 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-10 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2009-06-10 21:43 66912 ----a-w- c:\arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-06-10 2598896] [HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}] [HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-06-10 2598896] [HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}] [HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3] [HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}] [HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-21 200704] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "nwiz"="nwiz.exe" [2009-12-21 1703936] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "DAEMON Tools"="c:\arquivos de programas\DAEMON Tools\daemon.exe" [2005-11-08 128920] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-12-21 284672] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-12-21 24064] "PCTVOICE"="pctspk.exe" [2001-09-06 86016] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2009-12-21 49152] "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-12-21 36352] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-12-19 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\jbc\Menu Iniciar\Programas\Inicializar\ Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 173568] Registration-PCTV.lnk - c:\arquivos de programas\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe [2009-7-28 315392] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-12-21 241664] Inicializa‡Æo r pida do HP Image Zone.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 126976] Phone Remote Control.lnk - c:\arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2009-12-07 17:31 318240 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\ARQUIV~1\\MICROS~2\\Office12\\OIS.EXE"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\Arquivos de programas\\HP\\hpcoretech\\comp\\hptskmgr.exe"= "c:\\Arquivos de programas\\Winamp\\winampa.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Arquivos de programas\\DAEMON Tools\\daemon.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\Arquivos de programas\\iTunes\\iTunesHelper.exe"= "c:\\Arquivos de programas\\QuickTime\\QuickTimePlayer.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\jucheck.exe"= "c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GrooveMonitor.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\EA SPORTS\\FIFA 07\\fifa07.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTEM.EXE"= "c:\\Arquivos de programas\\Phone Remote Control\\PhoneRemoteControl.exe"= "c:\\DOCUME~1\\user\\CONFIG~1\\Temp\\winljrh.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/2/2009 22:17 30752] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/1/2009 10:27 685816] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/2/2009 22:17 54048] S2 Application Updater;Application Updater;"c:\arquivos de programas\Application Updater\ApplicationUpdater.exe" --> c:\arquivos de programas\Application Updater\ApplicationUpdater.exe [?] S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?] S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [15/2/2007 15:48 26624] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - DAC970NT [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d30179c-c57a-11de-8c2f-001e90e32006}] \SHeLl\autopLAy\CommANd - J:\klhio.exe \SHeLl\AutoRun\command - J:\klhio.exe \SHeLl\expLoRE\CommAnD - J:\klhio.exe \SHeLl\open\coMmanD - J:\klhio.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d30179d-c57a-11de-8c2f-001e90e32006}] \sHeLl\AutOplaY\COmmAND - K:\ffmba.exe \sHeLl\AutoRun\command - K:\ffmba.exe \sHeLl\exPLOre\CoMmand - K:\ffmba.exe \sHeLl\opEN\commanD - K:\ffmba.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51d192e6-5bde-11de-8aa9-001e90e32006}] \Shell\AutoRun\command - e.com \Shell\explore\Command - e.com \Shell\open\Command - e.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b76963e-e6e6-11dd-ac68-001e90e32006}] \Shell\AutoRun\command - e.com \Shell\explore\Command - e.com \Shell\open\Command - e.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc78c20f-55a6-11de-8a94-001e90e32006}] \Shell\AutoRun\command - J:\npee.com \Shell\open\Command - J:\npee.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebec783-f44e-11dd-8937-001e90e32006}] \Shell\AutoRun\command - J:\a2h2.com \Shell\open\Command - J:\a2h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db086b90-bcdd-11de-8c0d-001e90e32006}] \ShEll\AUToplaY\command - eiqjs.exe \ShEll\AutoRun\command - eiqjs.exe \ShEll\ExpLoRe\CoMmanD - eiqjs.exe \ShEll\oPEN\CoMmand - eiqjs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db086b91-bcdd-11de-8c0d-001e90e32006}] \shEll\AuTOplAY\cOmmAnd - K:\wtsux.pif \shEll\AutoRun\command - K:\wtsux.pif \shEll\EXploRE\ComMand - K:\wtsux.pif \shEll\oPEN\CoMmaND - K:\wtsux.pif . ------- Scan Suplementar ------- . uStart Page = hxxp://search.speedbit.com/ IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 IE: Add to AMV Converter... - c:\arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html FF - ProfilePath - c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\m2asbpou.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p= FF - component: c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\m2asbpou.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\user\Dados de aplicativos\Mozilla\Firefox\Profiles\m2asbpou.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-MSMSGS - c:\arquivos de programas\Messenger\msmsgs.exe HKCU-Run-Cognac - c:\docume~1\user\CONFIG~1\Temp\E5.tmp.exe HKLM-Run-Emurayden PSX Emulator - (no file) HKLM-Run-ArcSoft Connection Service - c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe HKLM-Run-MyWebSearch Plugin - c:\arquiv~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\arquiv~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe HKLM-Run-ClientGW - (no file) HKLM-Run-eSnips - c:\arquivos de programas\eSnips\ClientGW.exe HKLM-Run-Downsys - c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe AddRemove-18 Wheels of Steel: Haulin' - c:\arquivos de programas\18 Wheels of Steel Haulin\uninst.exe AddRemove-A Bíblia Sagrada Versão Digital 6.0 Freeware_is1 - c:\arquivos de programas\ABSVD\unins000.exe AddRemove-Adobe_719d6f144d0c086a0dfa7ff76bb9ac1 - c:\arquivos de programas\Arquivos comuns\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe AddRemove-Adobe_b741c3c52d3108664cedeb2b76f6d96 - c:\arquivos de programas\Arquivos comuns\Adobe\Installers\b741c3c52d3108664cedeb2b76f6d96\Setup.exe AddRemove-Allok RM RMVB to AVI MPEG DVD Converter_is1 - c:\arquivos de programas\Allok RM RMVB to AVI MPEG DVD Converter\unins000.exe AddRemove-ENTERPRISE - c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe AddRemove-HijackThis - c:\documents and settings\user\Meus documentos\Downloads\HijackThis.exe AddRemove-InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} - c:\arquiv~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe AddRemove-MSN Toolbar - c:\arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\mtbs.exe AddRemove-Tradução Adobe Photoshop CS4_is1 - c:\arquivos de programas\Adobe\Adobe Photoshop CS4\Required\unins000.exe AddRemove-Uninstall_is1 - c:\arquivos de programas\Arquivos comuns\DVDVideoSoft\unins000.exe AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\izq\Dados de aplicativos\Mozilla\Firefox\Profiles\17vsjakb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-23 11:17 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B9F1E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3 \Driver\ACPI -> ACPI.sys @ 0xf74accb8 \Driver\atapi -> 0x89b9f1e8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe ParseProcedure -> ntoskrnl.exe @ 0x80570a6e \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe ParseProcedure -> ntoskrnl.exe @ 0x80570a6e NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7a20ba0 PacketIndicateHandler -> NDIS.sys @ 0xf7a2db21 SendHandler -> NDIS.sys @ 0xf7a0b87b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(800) c:\arquivos de programas\GBPLUGIN\gbieh.dll - - - - - - - > 'explorer.exe'(3608) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\arquivos de programas\GBPLUGIN\gbieh.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\msiexec.exe c:\windows\system32\wscntfy.exe c:\windows\system32\MsiExec.exe c:\windows\system32\RUNDLL32.EXE c:\arquivos de programas\iPod\bin\iPodService.exe c:\docume~1\user\CONFIG~1\Temp\winljrh.exe . ************************************************************************** . Tempo para conclusão: 2009-12-23 11:23:14 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-12-23 13:23 Pré-execução: 23 pasta(s) 76.724.736.000 bytes disponíveis Pós execução: 26 pasta(s) 77.434.105.856 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot Loader] Timeout=2 Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [Operating Systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 3F555CF1E9DD14B44D0CFF335ABF34B6 Compartilhar este post Link para o post Compartilhar em outros sites
Lord C 0 Denunciar post Postado Dezembro 23, 2009 segue o novo log do hijackthis como pediu.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:32, on 23/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\DAEMON Tools\daemon.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\DOCUME~1\user\CONFIG~1\Temp\winljrh.exe C:\WINDOWS\explorer.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\en-us\msntb.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Arquivos de programas\SpeedBit Toolbar\Toolbar\SpeedBit.dll O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Phone Remote Control.lnk = C:\Arquivos de programas\Phone Remote Control\PhoneRemoteControl.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232074950484 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CE7B716B-C53E-47D4-9343-C2B1358BC420}: NameServer = 189.28.0.1,189.28.0.6 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing) O23 - Service: Application Updater - Unknown owner - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing) O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing) O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11859 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Dezembro 23, 2009 :) Vários problemas foram removidos pelo Combofix. _________________________________ :!: Faltou você executar o Findykill e postar o log dele que estará em C:\FindyKill.txt Compartilhar este post Link para o post Compartilhar em outros sites
Lord C 0 Denunciar post Postado Dezembro 23, 2009 rsrsrs tinha me esquecido desse...mais ai esta. ############################## | FindyKill V5.021 | # User : user (Administradores) # USER-E65B94EEE3 # Update on 10/12/2009 by Chiquitine29 # Start at: 17:14:37 | 22/12/2009 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : FindyKill.Contact@gmail.com # Processador Intel Pentium II # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2 # Internet Explorer 7.0.5730.13 # Windows Firewall Status : Enabled # A:\ # Unidade de disquete de 3 1/2 polegadas # C:\ # Disco fixo local # 232,88 Go (61,74 Go free) # NTFS # D:\ # Disco CD-ROM # E:\ # Disco CD-ROM # F:\ # Disco CD-ROM # G:\ # Disco CD-ROM # H:\ # Disco CD-ROM # I:\ # Disco CD-ROM ############################## | Processos ativos | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\IDT\ECSXPV_5762_010208\WDM\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## | C: | ################## | C:\WINDOWS | ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\user\Dados de aplicativos | ################## | Supressão Outros ... | ################## | Temporary Internet Files | ################## | Registro / Chaves infeciosas | Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify" Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusOverride" Supprimido ! [HKLM\software\microsoft\security center] "FirewallDisableNotify" Supprimido ! [HKLM\software\microsoft\security center] "FirewallOverride" Supprimido ! [HKLM\software\microsoft\security center] "UacDisableNotify" Supprimido ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify" Supprimido ! [HKLM\software\microsoft\security center\Svc] "AntiVirusDisableNotify" Supprimido ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride" Supprimido ! [HKLM\software\microsoft\security center\Svc] "FirewallDisableNotify" Supprimido ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride" Supprimido ! [HKLM\software\microsoft\security center\Svc] "UacDisableNotify" Supprimido ! [HKLM\software\microsoft\security center\Svc] "UpdatesDisableNotify" Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr" ################## | Estado / Serviços / Informações | # Safe mode : OK # Affichagem dos arquivos ocultos : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | PEH ... | ################## | Cracks / Keygens / Serials | "C:\Archivos de Programa\The Sims 2 - Expan‡äes\THE SIMS 2 OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe" 15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492 "C:\Arquivos de programas\EA GAMES\THE SIMS 2 - OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe" 15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492 "C:\Arquivos de programas\Hide-IP-Browser\crack.exe" 10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650 "C:\Documents and Settings\ICM\Meus documentos\Meus documentos\Programas\Hide-Ip-Browser v1.0\Hide-Ip-Browser v1.0\Crack\crack.exe" 10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650 ################## | ! Fim do relatório # FindyKill V5.021 ! | Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Dezembro 23, 2009 :) Vários problemas foram removidos pelo Findykill. ________________________________ ################## | Cracks / Keygens / Serials | "C:\Archivos de Programa\The Sims 2 - Expan‡äes\THE SIMS 2 OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe" 15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492 "C:\Arquivos de programas\EA GAMES\THE SIMS 2 - OPEN FOR BUSINESS\!!! Crack\Sims2EP3.exe" 15/03/2006 18:15 |Size 15515648 |Crc32 94591d69 |Md5 8d7ce33546d172489dcbd921a844a492 "C:\Arquivos de programas\Hide-IP-Browser\crack.exe" 10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650 "C:\Documents and Settings\ICM\Meus documentos\Meus documentos\Programas\Hide-Ip-Browser v1.0\Hide-Ip-Browser v1.0\Crack\crack.exe" 10/04/2008 23:53 |Size 35328 |Crc32 080ff98f |Md5 8f2b6691912ab5a870e6bbcaea24e650 :!: É muito importante desinstalar programas crackeados e/ou pirateados que existam em seu PC, pois a maioria deles traz virus e malwares embutidos. ______________________________________ :seta: Siga também as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware Na sua próxima resposta poste este log do Malwarebytes juntamente com o log do Usbfix que estará em C:\UsbFix.txt e um novo log do Hijackthis e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Janeiro 24, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites