[Arquivado] Laptop fica desligando sozinho a cada 10 min

[LityAlves 0]

O lap já fez isso a muito tempo atrás, foi resolvido aki e agora voltou a fazer.

Obrigada!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:49:47, on 31/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Vista Drive Icon\DrvIcon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LClock\LClock.exe

C:\Program Files\ViStart\ViStart.exe

C:\Program Files\ViOrb\ViOrb.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\My Documents\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F0C3CBDB-05E1-4947-A3C3-3323403E940C}A3C3-3323403E940C} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"

O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] "carpserv.exe"

O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe

O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7261 bytes

[Power Max 54]

:) Oi LityAlves!

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O2 - BHO: (no name) - {F0C3CBDB-05E1-4947-A3C3-3323403E940C}A3C3-3323403E940C} - (no file)

__________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

__________________________________

 

:seta: Baixe e execute o programa no link abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

__________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

[LityAlves 0]

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

2/2/2010 1:29:10 AM

mbam-log-2010-02-02 (01-29-10).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 164919

Time elapsed: 1 hour(s), 20 minute(s), 57 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

-----------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:37:20, on 2/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\HijackThis.exe

C:\WINDOWS\System32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5807 bytes

-------------------------------------------------------------------------------------------------

 

Segui todas as orientações, mas o lap continua desligando sozinho...

[Power Max 54]

:seta: Configure seu antivirus Avira Antivir seguindo as dicas dos tutoriais abaixo:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 9 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois de configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

 

Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.

_______________________________________________________________

 

:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.

 

Ficamos no aguardo de sua resposta.

[LityAlves 0]

Não consigo fazer o scan nem de um jeito nem de outro, na metade do scan ele apaga! E agora.

[Power Max 54]

Não consigo fazer o scan nem de um jeito nem de outro, na metade do scan ele apaga! E agora.

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[LityAlves 0]

ComboFix 10-02-03.01 - Lity Freitas 03/02/2010 15:17:41.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.447.239 [GMT -2:00]

Executando de: c:\documents and settings\Marcelo\My Documents\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

.

ADS - drivers: deleted 270 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Mstecf.dat

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-03 to 2010-02-03 ))))))))))))))))))))))))))))

.

 

2010-02-02 02:07 . 2010-02-02 02:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-02-02 00:13 . 2009-08-03 15:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-02 00:13 . 2009-08-03 15:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-02 00:13 . 2010-02-02 00:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-30 19:17 . 2010-01-30 19:17 -------- d-----w- C:\c6b5208f3ada25589862f0b722c8cf

2010-01-30 17:55 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-01-30 17:51 . 2010-01-30 17:52 -------- d-----w- C:\f6ed0acd7f9feaa12a9d597d17a9aa

2010-01-26 02:51 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-26 02:51 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-26 02:51 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-26 02:50 . 2010-01-26 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-01-13 17:38 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-03 17:28 . 2007-04-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GbPlugin

2010-02-03 17:26 . 2006-08-18 04:09 12 -c--a-w- c:\windows\bthservsdp.dat

2010-02-02 03:37 . 2009-08-21 18:33 -------- d-----w- c:\program files\VisualTooltip

2010-02-02 03:37 . 2009-05-01 04:21 -------- d-----w- c:\program files\VS Revo Group

2010-02-02 03:32 . 2009-08-21 18:33 -------- d-----w- c:\program files\ViStart

2010-01-31 03:19 . 2009-09-05 04:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-27 02:53 . 2009-08-21 04:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-26 02:50 . 2009-08-21 04:24 -------- d-----w- c:\program files\Avira

2010-01-22 15:05 . 2009-06-26 06:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-06 02:56 . 2009-08-04 03:15 -------- d-----w- c:\program files\QuickTime

2010-01-05 03:17 . 2008-04-13 03:55 -------- d-----w- c:\program files\Messenger Plus! Live

2010-01-05 03:14 . 2009-07-25 06:17 -------- d-----w- c:\program files\PokerStars

2010-01-05 03:08 . 2008-03-21 01:30 -------- d-----w- c:\program files\Common Files\Apple

2009-12-26 02:36 . 2009-12-26 02:36 -------- d-----w- c:\documents and settings\Marcelo\Application Data\teamspeak2

2009-12-26 02:27 . 2009-12-25 23:08 -------- d-----w- c:\program files\TeamSpeak 3 Client

2009-12-25 23:22 . 2009-12-25 23:09 -------- d-----w- c:\documents and settings\Marcelo\Application Data\TS3Client

2009-12-21 20:43 . 2007-10-03 02:18 -------- d-----w- c:\program files\iTunes

2009-12-21 20:41 . 2009-12-21 20:41 -------- d-----w- c:\program files\iPod

2009-12-21 20:31 . 2009-12-21 20:31 -------- d-----w- c:\program files\Bonjour

2009-12-21 20:06 . 2009-12-21 20:06 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-12-21 19:14 . 2006-06-23 14:33 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-16 16:42 . 2009-12-22 15:09 872960 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2009-12-16 16:42 . 2009-12-22 15:09 43008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-12-16 16:42 . 2009-12-22 15:09 340480 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-12-16 16:41 . 2009-12-22 15:09 346624 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-11-21 15:51 . 2002-08-29 02:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll

2008-04-14 00:12 . 2006-08-16 05:33 60416 -csha-w- c:\windows\ServicePackFiles\i386\msimn.exe

2008-10-25 06:37 . 2008-10-22 23:13 428064 -csha-w- c:\windows\system32\drivers\fidbox.dat

2008-10-25 06:37 . 2008-10-22 23:13 12832 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . DC7C3534CF32C669705016AAE6D8A334 . 1423872 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 . 99028E42C7C95A13DFDB7F52FE1C722F . 1551360 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]

"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-09-24 19:15 313224 ----a-w- c:\progra~1\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcelo^Start Menu^Programs^Startup^Light Mule.lnk]

backup=c:\windows\pss\Light Mule.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7300 Series

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7300 Series (Copy 1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 14:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 18:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 06:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]

2003-05-21 18:35 4608 -c--a-w- c:\windows\system32\carpserv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2003-02-27 00:25 180316 -c--a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 -c----w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]

2002-08-15 14:26 45056 -c--a-w- c:\program files\HPQ\Notebook Utilities\hptasks.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

2008-04-13 22:39 49152 -c--a-w- c:\program files\Vista Drive Icon\DrvIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 18:18 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-06-25 14:24 49152 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-11-05 18:51 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 18:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

2004-09-20 04:27 65536 -c--a-w- c:\program files\LClock\LClock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 19:44 3883840 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 01:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]

2001-07-24 21:34 36864 -c--a-w- c:\cpqs\scom\srmclean.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-05 04:29 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

2007-04-25 12:45 956928 -c--a-w- c:\program files\VisualTooltip\VisualToolTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-03 01:32 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires\\age3y.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [21/3/2009 01:18 30344]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [8/9/2009 00:28 704384]

R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [8/9/2009 00:25 1195008]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/1/2010 00:51 108289]

R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [18/4/2007 23:35 53640]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [8/9/2009 00:25 31128]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [8/9/2009 00:28 257432]

R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [24/3/2003 18:42 26112]

R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [24/3/2003 18:45 292352]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [24/3/2003 18:45 273536]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [24/3/2003 18:42 16512]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]

S3 ZSMC302;LG webpro2 Camera;c:\windows\system32\drivers\usbvm302.sys [28/9/2006 20:02 91271]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:34]

 

2010-02-03 c:\windows\Tasks\User_Feed_Synchronization-{D3A41332-C717-4D5B-BC4F-12F89911049E}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

 

2010-02-03 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-02 01:18]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.windowsxlive.net

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\4virql8q.default\

FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

.

------- Associação de arquivos/ficheiros -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-03 15:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(508)

c:\progra~1\GBPLUGIN\gbieh.dll

c:\windows\system32\klogon.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'explorer.exe'(1820)

c:\windows\system32\WININET.dll

c:\windows\system32\SETUPAPI.dll

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\windows\system32\HPConfig.exe

c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-03 15:42:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-03 17:42

 

Pré-execução: 29.440.557.056 bytes free

Pós execução: 29.312.217.088 bytes free

 

- - End Of File - - 12A8C7DCC4CE9D6FD9723C4D7CF8AE8E

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:47:42, on 3/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5783 bytes

 

Lento ele aida está, descobrirei se está desligando dentro de alguns minutos...

 

Agora não consigo fazer downloads com o firefox, aparece a seguinte mensagem: C:\DOCUME~1\Marcelo\LOCALS~1\Temp não pôde ser salvo porque você não pode alterar o conteúdo da pasta.

 

Tente salvar em outro local ou modifique as propriedades da pasta e tente de novo.

 

(os downloads estão programados para serem salvos em uma pasta nos documentos).

 

Continua desligando e tentei entrar em modo seguro pra fazer o scan do avira, mas antes mesmo do login ele já desligou.

 

Agora não consigo fazer downloads com o firefox, aparece a seguinte mensagem: C:\DOCUME~1\Marcelo\LOCALS~1\Temp não pôde ser salvo porque você não pode alterar o conteúdo da pasta.

 

Tente salvar em outro local ou modifique as propriedades da pasta e tente de novo.

 

(os downloads estão programados para serem salvos em uma pasta nos documentos).

 

Esse problema já foi resolvido!!!

 

Mas o pc continua desligando, principalmente quando estou em uma app do orkut, quando tento fazer o scan do avira ou se tento iniciar o pc em modo seguro.

Quando estou fazendo outras coisas ele tbm desliga mas demora mais tempo, nas coisas citadas acima é quase automático.

[LityAlves 0]

Avira AntiVir Personal

Report file date: Friday, February 05, 2010 23:38

 

Scanning for 1730331 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : LITIERI-ALVES

 

Version information:

BUILD.DAT : 9.0.0.419 21701 Bytes 22/1/2010 18:29:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 13:26:33

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 12:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 13:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 12:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:35:52

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 02:55:37

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 02:55:53

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 02:53:40

VBASE004.VDF : 7.10.3.76 2048 Bytes 26/1/2010 02:53:41

VBASE005.VDF : 7.10.3.77 2048 Bytes 26/1/2010 02:53:41

VBASE006.VDF : 7.10.3.78 2048 Bytes 26/1/2010 02:53:42

VBASE007.VDF : 7.10.3.79 2048 Bytes 26/1/2010 02:53:42

VBASE008.VDF : 7.10.3.80 2048 Bytes 26/1/2010 02:53:42

VBASE009.VDF : 7.10.3.81 2048 Bytes 26/1/2010 02:53:42

VBASE010.VDF : 7.10.3.82 2048 Bytes 26/1/2010 02:53:43

VBASE011.VDF : 7.10.3.83 2048 Bytes 26/1/2010 02:53:43

VBASE012.VDF : 7.10.3.84 2048 Bytes 26/1/2010 02:53:43

VBASE013.VDF : 7.10.3.85 2048 Bytes 26/1/2010 02:53:44

VBASE014.VDF : 7.10.3.122 172544 Bytes 29/1/2010 02:53:45

VBASE015.VDF : 7.10.3.149 79872 Bytes 1/2/2010 15:12:09

VBASE016.VDF : 7.10.3.174 68608 Bytes 3/2/2010 15:12:23

VBASE017.VDF : 7.10.3.199 76800 Bytes 4/2/2010 16:14:30

VBASE018.VDF : 7.10.3.200 2048 Bytes 4/2/2010 16:14:31

VBASE019.VDF : 7.10.3.201 2048 Bytes 4/2/2010 16:14:32

VBASE020.VDF : 7.10.3.202 2048 Bytes 4/2/2010 16:14:32

VBASE021.VDF : 7.10.3.203 2048 Bytes 4/2/2010 16:14:33

VBASE022.VDF : 7.10.3.204 2048 Bytes 4/2/2010 16:14:34

VBASE023.VDF : 7.10.3.205 2048 Bytes 4/2/2010 16:14:35

VBASE024.VDF : 7.10.3.206 2048 Bytes 4/2/2010 16:14:36

VBASE025.VDF : 7.10.3.207 2048 Bytes 4/2/2010 16:14:36

VBASE026.VDF : 7.10.3.208 2048 Bytes 4/2/2010 16:14:37

VBASE027.VDF : 7.10.3.209 2048 Bytes 4/2/2010 16:14:38

VBASE028.VDF : 7.10.3.210 2048 Bytes 4/2/2010 16:14:39

VBASE029.VDF : 7.10.3.211 2048 Bytes 4/2/2010 16:14:40

VBASE030.VDF : 7.10.3.212 2048 Bytes 4/2/2010 16:14:41

VBASE031.VDF : 7.10.3.218 53760 Bytes 5/2/2010 16:14:43

Engineversion : 8.2.1.158

AEVDF.DLL : 8.1.1.3 106868 Bytes 26/1/2010 02:56:25

AESCRIPT.DLL : 8.1.3.13 823674 Bytes 2/2/2010 15:12:34

AESCN.DLL : 8.1.4.0 127348 Bytes 28/1/2010 02:53:46

AESBX.DLL : 8.1.1.1 246132 Bytes 8/11/2009 09:38:44

AERDL.DLL : 8.1.3.4 479605 Bytes 26/1/2010 02:56:20

AEPACK.DLL : 8.2.0.5 422262 Bytes 26/1/2010 02:56:18

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8/11/2009 09:38:38

AEHEUR.DLL : 8.1.1.4 2326899 Bytes 3/2/2010 15:13:10

AEHELP.DLL : 8.1.10.0 237942 Bytes 26/1/2010 02:56:10

AEGEN.DLL : 8.1.1.86 369012 Bytes 2/2/2010 15:12:28

AEEMU.DLL : 8.1.1.0 393587 Bytes 8/11/2009 09:38:26

AECORE.DLL : 8.1.11.1 184694 Bytes 2/2/2010 15:12:25

AEBB.DLL : 8.1.0.3 53618 Bytes 8/11/2009 09:38:20

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 10:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 26/8/2009 17:14:02

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 16:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 12:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 17:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 12:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 17:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 10:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 12:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 17:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 14:25:47

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: delete

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Start of the scan: Friday, February 05, 2010 23:38

 

Starting search for hidden objects.

'56563' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'op_mon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SeaPort.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned

Scan process 'HPConfig.exe' - '1' Module(s) have been scanned

Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'acs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'gbpsv.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

31 processes with 31 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '54' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\SwSetup\works7\REDIST\IE6\TEMPFILE.CAB

[0] Archive type: CAB (Microsoft)

--> msoe.hlp

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\temp\FixEngine\{5EF6B690-42BB-4F02-8454-504C510FEDC2}\ddeinstall.fab

[0] Archive type: CAB (Microsoft)

--> DDEInstall.msi

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

 

 

End of the scan: Saturday, February 06, 2010 01:10

Used time: 1:31:20 Hour(s)

 

The scan has been done completely.

 

9802 Scanned directories

305565 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

305563 Files not concerned

3065 Archives were scanned

6 Warnings

2 Notes

56563 Objects were scanned with rootkit scan

0 Hidden objects were found

[Power Max 54]

Oi LityAlves! Desculpe-me pela demora, é que estive muito ocupado nestes dias com a escola e com o trabalho.

___________________________________

 

:seta: Selecione todo o texto destacado em vermelho abaixo e copie para o Bloco de notas. Salve-o na área de trabalho (Desktop) como CFScript.txt

 

Dirlook::

C:\c6b5208f3ada25589862f0b722c8cf

C:\f6ed0acd7f9feaa12a9d597d17a9aa

File::

c:\windows\Tasks\WGASetup.job

c:\windows\system32\KB905474\wgasetup.exe

 

Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

 

 

Se solicitado pressione "Enter" para iniciar o processo de remoção;

 

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt

 

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

_____________________________________

 

:seta: No seu log está constando indícios do Kaspersky Anti-Virus e do Norton AntiVirus em seu PC. Seria muito importante desinstalá-los e deixar só o Avira Antivir, pois mais de um antivírus pode gerar conflito entre eles e prejudicar o funcionamento de seu PC.

_____________________________________

 

:seta: Na sua próxima resposta poste o log que estará em C:\ComboFix.txt junto com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[LityAlves 0]

_____________________________________

 

:seta: No seu log está constando indícios do Kaspersky Anti-Virus e do Norton AntiVirus em seu PC. Seria muito importante desinstalá-los e deixar só o Avira Antivir, pois mais de um antivírus pode gerar conflito entre eles e prejudicar o funcionamento de seu PC.

 

Os dois antivirus já foram desinstaládos mas ficaram esse resíduos que não sei como remover, mas eles não estão mais como programas instalados, como removo esses restos, principalmente do Kaspersky que detonou me PC e causou vários problemas.

 

Os relatórios eu posto amanhã.

 

obrigada!

 

_____________________________________

 

ComboFix 10-02-03.01 - Lity Freitas 10/02/2010 1:11:30.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.447.206 [GMT -2:00]

Executando de: C:\Documents and Settings\Marcelo\My Documents\Downloads\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Marcelo\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

 

FILE ::

"c:\windows\system32\KB905474\wgasetup.exe"

"c:\windows\Tasks\WGASetup.job"

.

ADS - drivers: deleted 158 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\KB905474\wgasetup.exe

c:\windows\Tasks\WGASetup.job

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-10 to 2010-02-10 ))))))))))))))))))))))))))))

.

 

2010-02-10 03:03:50 . 2010-02-10 03:03:50 -------- d-----w- C:\WINDOWS\LastGood

2010-02-02 02:07:44 . 2010-02-02 02:07:44 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2010-02-02 00:13:07 . 2009-08-03 15:36:28 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-02-02 00:13:03 . 2009-08-03 15:36:06 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-02-02 00:13:02 . 2010-02-02 00:13:33 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-30 19:17:35 . 2010-01-30 19:17:49 -------- d-----w- C:\c6b5208f3ada25589862f0b722c8cf

2010-01-30 17:55:31 . 2009-12-11 08:38:55 69120 ------w- C:\WINDOWS\system32\dllcache\iecompat.dll

2010-01-30 17:51:46 . 2010-01-30 17:52:07 -------- d-----w- C:\f6ed0acd7f9feaa12a9d597d17a9aa

2010-01-26 02:51:04 . 2009-03-30 11:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

2010-01-26 02:51:04 . 2009-02-13 13:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys

2010-01-26 02:51:04 . 2009-02-13 13:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys

2010-01-26 02:50:57 . 2010-01-26 02:50:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira

2010-01-13 17:38:04 . 2009-11-21 15:51:04 471552 ------w- C:\WINDOWS\system32\dllcache\aclayers.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-10 01:37:51 . 2007-04-19 01:34:59 -------- d-----w- C:\Documents and Settings\All Users\Application Data\GbPlugin

2010-02-09 05:10:40 . 2006-08-18 04:09:24 12 -c--a-w- C:\WINDOWS\bthservsdp.dat

2010-02-03 23:38:19 . 2007-04-19 01:35:07 -------- d-----w- C:\Program Files\GbPlugin

2010-02-02 03:37:56 . 2009-08-21 18:33:05 -------- d-----w- C:\Program Files\VisualTooltip

2010-02-02 03:37:10 . 2009-05-01 04:21:16 -------- d-----w- C:\Program Files\VS Revo Group

2010-02-02 03:32:13 . 2009-08-21 18:33:05 -------- d-----w- C:\Program Files\ViStart

2010-01-31 03:19:31 . 2009-09-05 04:36:05 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP

2010-01-27 02:53:51 . 2009-08-21 04:24:23 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys

2010-01-26 02:50:57 . 2009-08-21 04:24:16 -------- d-----w- C:\Program Files\Avira

2010-01-22 15:05:59 . 2009-06-26 06:36:05 -------- d-----w- C:\Program Files\Microsoft Silverlight

2010-01-06 02:56:58 . 2009-08-04 03:15:29 -------- d-----w- C:\Program Files\QuickTime

2010-01-05 03:17:23 . 2008-04-13 03:55:25 -------- d-----w- C:\Program Files\Messenger Plus! Live

2010-01-05 03:14:51 . 2009-07-25 06:17:40 -------- d-----w- C:\Program Files\PokerStars

2010-01-05 03:08:03 . 2008-03-21 01:30:23 -------- d-----w- C:\Program Files\Common Files\Apple

2009-12-30 12:59:36 . 2009-03-21 03:18:36 30752 ----a-w- C:\WINDOWS\system32\drivers\GbpKm.sys

2009-12-26 02:36:04 . 2009-12-26 02:36:00 -------- d-----w- C:\Documents and Settings\Marcelo\Application Data\teamspeak2

2009-12-26 02:27:15 . 2009-12-25 23:08:34 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2009-12-25 23:22:36 . 2009-12-25 23:09:19 -------- d-----w- C:\Documents and Settings\Marcelo\Application Data\TS3Client

2009-12-21 20:43:25 . 2007-10-03 02:18:58 -------- d-----w- C:\Program Files\iTunes

2009-12-21 20:41:19 . 2009-12-21 20:41:19 -------- d-----w- C:\Program Files\iPod

2009-12-21 20:31:35 . 2009-12-21 20:31:34 -------- d-----w- C:\Program Files\Bonjour

2009-12-21 20:06:07 . 2009-12-21 20:06:07 79144 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-12-21 19:14:05 . 2006-06-23 14:33:58 916480 ------w- C:\WINDOWS\system32\wininet.dll

2009-12-16 16:42:34 . 2009-12-22 15:09:27 872960 -c--a-w- C:\Documents and Settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2009-12-16 16:42:20 . 2009-12-22 15:09:28 43008 -c--a-w- C:\Documents and Settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-12-16 16:42:18 . 2009-12-22 15:09:28 340480 -c--a-w- C:\Documents and Settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-12-16 16:41:54 . 2009-12-22 15:09:27 346624 -c--a-w- C:\Documents and Settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-11-21 15:51:04 . 2002-08-29 02:00:00 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll

2008-10-19 09:58:22 . 2008-10-19 09:58:22 49152 -c--a-w- C:\Program Files\mozilla firefox\components\SiteVacuumXPCOM.dll

2008-04-14 00:12:28 . 2006-08-16 05:33:32 60416 -csha-w- C:\WINDOWS\ServicePackFiles\i386\msimn.exe

2008-10-25 06:37:21 . 2008-10-22 23:13:31 428064 -csha-w- C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-25 06:37:23 . 2008-10-22 23:13:31 12832 -csha-w- C:\WINDOWS\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\c6b5208f3ada25589862f0b722c8cf ----

 

2010-01-30 19:17:49 . 2010-01-30 19:17:49 788 ---ha-w- C:\c6b5208f3ada25589862f0b722c8cf\$shtdwn$.req

2009-03-08 16:25:18 . 2009-03-08 16:25:18 10416 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\update.ver

2009-03-08 16:23:58 . 2009-03-08 16:23:58 47422 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\ie8.cat

2009-03-08 16:23:50 . 2009-03-08 16:23:50 58464 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\iecustom.dll

2009-03-08 16:23:48 . 2009-03-08 16:23:48 1113696 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\iesetup.exe

2009-03-08 16:23:48 . 2009-03-08 16:23:48 141408 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\sqmapi.dll

2009-03-08 16:22:50 . 2009-03-08 16:22:50 36864 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iedvtool.dll.mui

2009-03-08 16:22:48 . 2009-03-08 16:22:48 12288 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshtml.dll.mui

2009-03-08 16:22:46 . 2009-03-08 16:22:46 1241088 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieframe.dll.mui

2009-03-08 16:22:34 . 2009-03-08 16:22:34 3584 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inseng.dll.mui

2009-03-08 16:22:32 . 2009-03-08 16:22:32 5120 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iernonce.dll.mui

2009-03-08 16:22:32 . 2009-03-08 16:22:32 2560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsdebuggeride.dll.mui

2009-03-08 16:22:30 . 2009-03-08 16:22:30 7168 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieakeng.dll.mui

2009-03-08 16:22:30 . 2009-03-08 16:22:30 49152 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msrating.dll.mui

2009-03-08 16:22:28 . 2009-03-08 16:22:28 2560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iertutil.dll.mui

2009-03-08 16:22:26 . 2009-03-08 16:22:26 11264 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\vbscript.dll.mui

2009-03-08 16:22:24 . 2009-03-08 16:22:24 2560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsprofilercore.dll.mui

2009-03-08 16:22:24 . 2009-03-08 16:22:24 40960 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\webcheck.dll.mui

2009-03-08 16:22:22 . 2009-03-08 16:22:22 6144 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\winfxdocobj.exe.mui

2009-03-08 16:22:18 . 2009-03-08 16:22:18 3584 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieui.dll.mui

2009-03-08 16:22:18 . 2009-03-08 16:22:18 2560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshta.exe.mui

2009-03-08 16:22:14 . 2009-03-08 16:22:14 20480 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsdbgui.dll.mui

2009-03-08 16:22:06 . 2009-03-08 16:22:06 12288 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\hmmapi.dll.mui

2009-03-08 16:22:06 . 2009-03-08 16:22:06 77824 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iesetup.dll.mui

2009-03-08 16:22:04 . 2009-03-08 16:22:04 122880 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inetcpl.cpl.mui

2009-03-08 16:22:00 . 2009-03-08 16:22:00 3584 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\admparse.dll.mui

2009-03-08 16:21:54 . 2009-03-08 16:21:54 53248 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\wininet.dll.mui

2009-03-08 16:21:44 . 2009-03-08 16:21:44 12288 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iexplore.exe.mui

2009-03-08 16:21:44 . 2009-03-08 16:21:44 20480 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\occache.dll.mui

2009-03-08 16:21:28 . 2009-03-08 16:21:28 57344 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshtmler.dll.mui

2009-03-08 16:21:26 . 2009-03-08 16:21:26 4608 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iepeers.dll.mui

2009-03-08 16:21:22 . 2009-03-08 16:21:22 2771706 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inetres.adm

2009-03-08 16:21:20 . 2009-03-08 16:21:20 40960 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\urlmon.dll.mui

2009-03-08 16:21:18 . 2009-03-08 16:21:18 13460 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inetcorp.iem

2009-03-08 16:21:12 . 2009-03-08 16:21:12 40960 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieaksie.dll.mui

2009-03-08 16:21:12 . 2009-03-08 16:21:12 2560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msfeedsbs.dll.mui

2009-03-08 16:21:08 . 2009-03-08 16:21:08 4096 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\licmgr10.dll.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 10240 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\advpack.dll.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 4096 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ie4uinit.exe.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 118784 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieakui.dll.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 13312 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jscript.dll.mui

2009-03-08 16:21:02 . 2009-03-08 16:21:02 37836 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inetset.iem

2009-03-08 16:20:56 . 2009-03-08 16:20:56 8704 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\icardie.dll.mui

2009-03-08 16:20:54 . 2009-03-08 16:20:54 81920 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iedkcs32.dll.mui

2009-03-08 16:20:52 . 2009-03-08 16:20:52 16384 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsprofilerui.dll.mui

2009-03-08 16:20:50 . 2009-03-08 16:20:50 10752 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\html.iec.mui

2009-03-08 16:09:26 . 2009-03-08 16:09:26 391536 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iedkcs32.dll

2009-03-08 16:09:26 . 2009-03-08 16:09:26 638816 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iexplore.exe

2009-03-08 16:08:54 . 2009-03-08 16:08:54 1474411 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\update.inf

2009-03-08 06:41:16 . 2009-03-08 06:41:16 5937152 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshtml.dll

2009-03-08 06:39:48 . 2009-03-08 06:39:48 11063808 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieframe.dll

2009-03-08 06:35:32 . 2009-03-08 06:35:32 742912 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iedvtool.dll

2009-03-08 06:35:12 . 2009-03-08 06:35:12 233984 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsprofilerui.dll

2009-03-08 06:35:10 . 2009-03-08 06:35:10 385024 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\html.iec

2009-03-08 06:35:04 . 2009-03-08 06:35:04 144384 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\extexport.exe

2009-03-08 06:35:04 . 2009-03-08 06:35:04 2048 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iecompat.dll

2009-03-08 06:35:04 . 2009-03-08 06:35:04 118272 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsprofilercore.dll

2009-03-08 06:35:02 . 2009-03-08 06:35:02 521216 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsdbgui.dll

2009-03-08 06:35:02 . 2009-03-08 06:35:02 121344 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsdebuggeride.dll

2009-03-08 06:34:58 . 2009-03-08 06:34:58 914944 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\wininet.dll

2009-03-08 06:34:56 . 2009-03-08 06:34:56 1206784 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\urlmon.dll

2009-03-08 06:34:52 . 2009-03-08 06:34:52 1469440 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inetcpl.cpl

2009-03-08 06:34:48 . 2009-03-08 06:34:48 236544 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\webcheck.dll

2009-03-08 06:34:48 . 2009-03-08 06:34:48 208384 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\winfxdocobj.exe

2009-03-08 06:34:30 . 2009-03-08 06:34:30 43008 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\licmgr10.dll

2009-03-08 06:34:28 . 2009-03-08 06:34:28 105984 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\url.dll

2009-03-08 06:34:18 . 2009-03-08 06:34:18 193536 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msrating.dll

2009-03-08 06:34:18 . 2009-03-08 06:34:18 109568 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\occache.dll

2009-03-08 06:33:50 . 2009-03-08 06:33:50 246784 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieproxy.dll

2009-03-08 06:33:48 . 2009-03-08 06:33:48 759296 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\vgx.dll

2009-03-08 06:33:40 . 2009-03-08 06:33:40 18944 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\corpol.dll

2009-03-08 06:33:26 . 2009-03-08 06:33:26 25600 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jsproxy.dll

2009-03-08 06:33:18 . 2009-03-08 06:33:18 12288 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\xpshims.dll

2009-03-08 06:33:16 . 2009-03-08 06:33:16 726528 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\jscript.dll

2009-03-08 06:33:08 . 2009-03-08 06:33:08 229376 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieaksie.dll

2009-03-08 06:33:06 . 2009-03-08 06:33:06 420352 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\vbscript.dll

2009-03-08 06:33:02 . 2009-03-08 06:33:02 125952 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieakeng.dll

2009-03-08 06:32:56 . 2009-03-08 06:32:56 72704 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\admparse.dll

2009-03-08 06:32:54 . 2009-03-08 06:32:54 173056 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ie4uinit.exe

2009-03-08 06:32:52 . 2009-03-08 06:32:52 163840 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieakui.dll

2009-03-08 06:32:52 . 2009-03-08 06:32:52 36864 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieudinit.exe

2009-03-08 06:32:50 . 2009-03-08 06:32:50 55808 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iernonce.dll

2009-03-08 06:32:50 . 2009-03-08 06:32:50 71680 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iesetup.dll

2009-03-08 06:32:50 . 2009-03-08 06:32:50 3072 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieudinit.exe.mui

2009-03-08 06:32:48 . 2009-03-08 06:32:48 128512 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\advpack.dll

2009-03-08 06:32:46 . 2009-03-08 06:32:46 94720 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\inseng.dll

2009-03-08 06:32:26 . 2009-03-08 06:32:26 594432 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msfeeds.dll

2009-03-08 06:32:22 . 2009-03-08 06:32:22 1985024 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iertutil.dll

2009-03-08 06:32:04 . 2009-03-08 06:32:04 611840 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mstime.dll

2009-03-08 06:31:56 . 2009-03-08 06:31:56 183808 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iepeers.dll

2009-03-08 06:31:54 . 2009-03-08 06:31:54 13312 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msfeedssync.exe

2009-03-08 06:31:52 . 2009-03-08 06:31:52 59904 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\icardie.dll

2009-03-08 06:31:52 . 2009-03-08 06:31:52 55296 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msfeedsbs.dll

2009-03-08 06:31:44 . 2009-03-08 06:31:44 348160 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\dxtmsft.dll

2009-03-08 06:31:38 . 2009-03-08 06:31:38 216064 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\dxtrans.dll

2009-03-08 06:31:38 . 2009-03-08 06:31:38 34816 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\imgutil.dll

2009-03-08 06:31:36 . 2009-03-08 06:31:36 46592 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\pngfilt.dll

2009-03-08 06:31:26 . 2009-03-08 06:31:26 66560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshtmled.dll

2009-03-08 06:31:18 . 2009-03-08 06:31:18 48128 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshtmler.dll

2009-03-08 06:31:02 . 2009-03-08 06:31:02 45568 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshta.exe

2009-03-08 06:31:02 . 2009-03-08 06:31:02 1638912 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\mshtml.tlb

2009-03-08 06:30:56 . 2009-03-08 06:30:56 66560 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\tdc.ocx

2009-03-08 06:24:28 . 2009-03-08 06:24:28 68608 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\hmmapi.dll

2009-03-08 06:22:46 . 2009-03-08 06:22:46 164352 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieui.dll

2009-03-08 06:22:38 . 2009-03-08 06:22:38 156160 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msls31.dll

2009-03-08 06:15:06 . 2009-03-08 06:15:06 57667 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieuinit.inf

2009-03-08 06:11:12 . 2009-03-08 06:11:12 445952 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieapfltr.dll

2009-03-08 05:45:00 . 2009-03-08 05:45:00 460 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\install.ins

2009-02-21 03:21:24 . 2009-02-21 03:21:24 529818 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iexplore.chm

2009-02-13 00:20:42 . 2009-02-13 00:20:42 5630 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\eula.rtf

2009-02-06 23:07:58 . 2009-02-06 23:07:58 3698584 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieapfltr.dat

2009-01-11 23:05:26 . 2009-01-11 23:05:26 2649 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ie8props.propdesc

2009-01-11 23:05:26 . 2009-01-11 23:05:26 12593 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieeula.chm

2009-01-11 23:05:26 . 2009-01-11 23:05:26 13874 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\iesupp.chm

2009-01-07 20:21:50 . 2009-01-07 20:21:50 781 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\update.exe.manifest

2009-01-07 20:21:46 . 2009-01-07 20:21:46 1876 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msfeeds.mof

2009-01-07 20:21:46 . 2009-01-07 20:21:46 1938 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msfeedsbs.mof

2009-01-07 20:21:04 . 2009-01-07 20:21:04 121856 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\xmllite.dll

2009-01-07 20:21:02 . 2009-01-07 20:21:02 755744 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\update.exe

2009-01-07 20:21:02 . 2009-01-07 20:21:02 382496 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\update\updspapi.dll

2009-01-07 20:21:00 . 2009-01-07 20:21:00 26144 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\spupdsvc.exe

2009-01-07 20:20:58 . 2009-01-07 20:20:58 16928 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\spmsg.dll

2009-01-07 20:20:58 . 2009-01-07 20:20:58 231456 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\spuninst.exe

2009-01-07 20:20:54 . 2009-01-07 20:20:54 134144 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\sqmapi.dll

2009-01-07 20:20:52 . 2009-01-07 20:20:52 1022976 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\browseui.dll

2009-01-07 20:20:52 . 2009-01-07 20:20:52 1497088 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\shdocvw.dll

2009-01-07 20:20:52 . 2009-01-07 20:20:52 474112 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\shlwapi.dll

2009-01-07 20:20:38 . 2009-01-07 20:20:38 24576 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\nlsdl.dll

2009-01-07 20:20:36 . 2009-01-07 20:20:36 26112 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\idndl.dll

2009-01-07 20:20:36 . 2009-01-07 20:20:36 23552 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\normaliz.dll

2009-01-07 20:20:36 . 2009-01-07 20:20:36 59342 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\normidna.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 45794 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\normnfc.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 39284 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\normnfd.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 66384 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\normnfkc.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 60294 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\support\normnfkd.nls

2009-01-07 20:20:26 . 2009-01-07 20:20:26 19884 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\feeddisc.wav

2009-01-07 20:20:26 . 2009-01-07 20:20:26 23308 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\infobar.wav

2009-01-07 20:20:26 . 2009-01-07 20:20:26 11340 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\navstart.wav

2009-01-07 20:20:26 . 2009-01-07 20:20:26 85548 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\popupblk.wav

2009-01-07 20:20:20 . 2009-01-07 20:20:20 8798 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\icrav03.rat

2009-01-07 20:20:20 . 2009-01-07 20:20:20 65 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\occache.ini

2009-01-07 20:20:20 . 2009-01-07 20:20:20 1988 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ticrf.rat

2009-01-07 20:20:20 . 2009-01-07 20:20:20 65 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\webcheck.ini

2009-01-07 20:20:18 . 2009-01-07 20:20:18 54279 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\ieakmmc.chm

2009-01-07 20:20:18 . 2009-01-07 20:20:18 265720 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\msdbg2.dll

2009-01-07 20:20:18 . 2009-01-07 20:20:18 355832 -c--a-w- C:\c6b5208f3ada25589862f0b722c8cf\pdm.dll

 

---- Directory of C:\f6ed0acd7f9feaa12a9d597d17a9aa ----

 

2010-01-30 17:52:07 . 2010-01-30 17:52:07 788 ---ha-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\$shtdwn$.req

2009-03-08 16:25:18 . 2009-03-08 16:25:18 10416 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\update.ver

2009-03-08 16:23:58 . 2009-03-08 16:23:58 47422 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\ie8.cat

2009-03-08 16:23:50 . 2009-03-08 16:23:50 58464 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\iecustom.dll

2009-03-08 16:23:48 . 2009-03-08 16:23:48 1113696 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\iesetup.exe

2009-03-08 16:23:48 . 2009-03-08 16:23:48 141408 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\sqmapi.dll

2009-03-08 16:22:50 . 2009-03-08 16:22:50 36864 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iedvtool.dll.mui

2009-03-08 16:22:48 . 2009-03-08 16:22:48 12288 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshtml.dll.mui

2009-03-08 16:22:46 . 2009-03-08 16:22:46 1241088 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieframe.dll.mui

2009-03-08 16:22:34 . 2009-03-08 16:22:34 3584 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inseng.dll.mui

2009-03-08 16:22:32 . 2009-03-08 16:22:32 5120 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iernonce.dll.mui

2009-03-08 16:22:32 . 2009-03-08 16:22:32 2560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsdebuggeride.dll.mui

2009-03-08 16:22:30 . 2009-03-08 16:22:30 7168 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieakeng.dll.mui

2009-03-08 16:22:30 . 2009-03-08 16:22:30 49152 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msrating.dll.mui

2009-03-08 16:22:28 . 2009-03-08 16:22:28 2560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iertutil.dll.mui

2009-03-08 16:22:26 . 2009-03-08 16:22:26 11264 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\vbscript.dll.mui

2009-03-08 16:22:24 . 2009-03-08 16:22:24 2560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsprofilercore.dll.mui

2009-03-08 16:22:24 . 2009-03-08 16:22:24 40960 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\webcheck.dll.mui

2009-03-08 16:22:22 . 2009-03-08 16:22:22 6144 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\winfxdocobj.exe.mui

2009-03-08 16:22:18 . 2009-03-08 16:22:18 3584 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieui.dll.mui

2009-03-08 16:22:18 . 2009-03-08 16:22:18 2560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshta.exe.mui

2009-03-08 16:22:14 . 2009-03-08 16:22:14 20480 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsdbgui.dll.mui

2009-03-08 16:22:06 . 2009-03-08 16:22:06 12288 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\hmmapi.dll.mui

2009-03-08 16:22:06 . 2009-03-08 16:22:06 77824 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iesetup.dll.mui

2009-03-08 16:22:04 . 2009-03-08 16:22:04 122880 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inetcpl.cpl.mui

2009-03-08 16:22:00 . 2009-03-08 16:22:00 3584 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\admparse.dll.mui

2009-03-08 16:21:54 . 2009-03-08 16:21:54 53248 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\wininet.dll.mui

2009-03-08 16:21:44 . 2009-03-08 16:21:44 12288 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iexplore.exe.mui

2009-03-08 16:21:44 . 2009-03-08 16:21:44 20480 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\occache.dll.mui

2009-03-08 16:21:28 . 2009-03-08 16:21:28 57344 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshtmler.dll.mui

2009-03-08 16:21:26 . 2009-03-08 16:21:26 4608 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iepeers.dll.mui

2009-03-08 16:21:22 . 2009-03-08 16:21:22 2771706 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inetres.adm

2009-03-08 16:21:20 . 2009-03-08 16:21:20 40960 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\urlmon.dll.mui

2009-03-08 16:21:18 . 2009-03-08 16:21:18 13460 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inetcorp.iem

2009-03-08 16:21:12 . 2009-03-08 16:21:12 40960 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieaksie.dll.mui

2009-03-08 16:21:12 . 2009-03-08 16:21:12 2560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msfeedsbs.dll.mui

2009-03-08 16:21:08 . 2009-03-08 16:21:08 4096 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\licmgr10.dll.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 10240 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\advpack.dll.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 4096 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ie4uinit.exe.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 118784 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieakui.dll.mui

2009-03-08 16:21:06 . 2009-03-08 16:21:06 13312 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jscript.dll.mui

2009-03-08 16:21:02 . 2009-03-08 16:21:02 37836 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inetset.iem

2009-03-08 16:20:56 . 2009-03-08 16:20:56 8704 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\icardie.dll.mui

2009-03-08 16:20:54 . 2009-03-08 16:20:54 81920 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iedkcs32.dll.mui

2009-03-08 16:20:52 . 2009-03-08 16:20:52 16384 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsprofilerui.dll.mui

2009-03-08 16:20:50 . 2009-03-08 16:20:50 10752 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\html.iec.mui

2009-03-08 16:09:26 . 2009-03-08 16:09:26 391536 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iedkcs32.dll

2009-03-08 16:09:26 . 2009-03-08 16:09:26 638816 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iexplore.exe

2009-03-08 16:08:54 . 2009-03-08 16:08:54 1474411 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\update.inf

2009-03-08 06:41:16 . 2009-03-08 06:41:16 5937152 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshtml.dll

2009-03-08 06:39:48 . 2009-03-08 06:39:48 11063808 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieframe.dll

2009-03-08 06:35:32 . 2009-03-08 06:35:32 742912 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iedvtool.dll

2009-03-08 06:35:12 . 2009-03-08 06:35:12 233984 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsprofilerui.dll

2009-03-08 06:35:10 . 2009-03-08 06:35:10 385024 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\html.iec

2009-03-08 06:35:04 . 2009-03-08 06:35:04 144384 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\extexport.exe

2009-03-08 06:35:04 . 2009-03-08 06:35:04 2048 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iecompat.dll

2009-03-08 06:35:04 . 2009-03-08 06:35:04 118272 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsprofilercore.dll

2009-03-08 06:35:02 . 2009-03-08 06:35:02 521216 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsdbgui.dll

2009-03-08 06:35:02 . 2009-03-08 06:35:02 121344 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsdebuggeride.dll

2009-03-08 06:34:58 . 2009-03-08 06:34:58 914944 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\wininet.dll

2009-03-08 06:34:56 . 2009-03-08 06:34:56 1206784 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\urlmon.dll

2009-03-08 06:34:52 . 2009-03-08 06:34:52 1469440 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inetcpl.cpl

2009-03-08 06:34:48 . 2009-03-08 06:34:48 236544 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\webcheck.dll

2009-03-08 06:34:48 . 2009-03-08 06:34:48 208384 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\winfxdocobj.exe

2009-03-08 06:34:30 . 2009-03-08 06:34:30 43008 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\licmgr10.dll

2009-03-08 06:34:28 . 2009-03-08 06:34:28 105984 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\url.dll

2009-03-08 06:34:18 . 2009-03-08 06:34:18 193536 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msrating.dll

2009-03-08 06:34:18 . 2009-03-08 06:34:18 109568 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\occache.dll

2009-03-08 06:33:50 . 2009-03-08 06:33:50 246784 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieproxy.dll

2009-03-08 06:33:48 . 2009-03-08 06:33:48 759296 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\vgx.dll

2009-03-08 06:33:40 . 2009-03-08 06:33:40 18944 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\corpol.dll

2009-03-08 06:33:26 . 2009-03-08 06:33:26 25600 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jsproxy.dll

2009-03-08 06:33:18 . 2009-03-08 06:33:18 12288 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\xpshims.dll

2009-03-08 06:33:16 . 2009-03-08 06:33:16 726528 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\jscript.dll

2009-03-08 06:33:08 . 2009-03-08 06:33:08 229376 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieaksie.dll

2009-03-08 06:33:06 . 2009-03-08 06:33:06 420352 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\vbscript.dll

2009-03-08 06:33:02 . 2009-03-08 06:33:02 125952 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieakeng.dll

2009-03-08 06:32:56 . 2009-03-08 06:32:56 72704 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\admparse.dll

2009-03-08 06:32:54 . 2009-03-08 06:32:54 173056 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ie4uinit.exe

2009-03-08 06:32:52 . 2009-03-08 06:32:52 163840 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieakui.dll

2009-03-08 06:32:52 . 2009-03-08 06:32:52 36864 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieudinit.exe

2009-03-08 06:32:50 . 2009-03-08 06:32:50 55808 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iernonce.dll

2009-03-08 06:32:50 . 2009-03-08 06:32:50 71680 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iesetup.dll

2009-03-08 06:32:50 . 2009-03-08 06:32:50 3072 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieudinit.exe.mui

2009-03-08 06:32:48 . 2009-03-08 06:32:48 128512 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\advpack.dll

2009-03-08 06:32:46 . 2009-03-08 06:32:46 94720 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\inseng.dll

2009-03-08 06:32:26 . 2009-03-08 06:32:26 594432 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msfeeds.dll

2009-03-08 06:32:22 . 2009-03-08 06:32:22 1985024 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iertutil.dll

2009-03-08 06:32:04 . 2009-03-08 06:32:04 611840 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mstime.dll

2009-03-08 06:31:56 . 2009-03-08 06:31:56 183808 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iepeers.dll

2009-03-08 06:31:54 . 2009-03-08 06:31:54 13312 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msfeedssync.exe

2009-03-08 06:31:52 . 2009-03-08 06:31:52 59904 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\icardie.dll

2009-03-08 06:31:52 . 2009-03-08 06:31:52 55296 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msfeedsbs.dll

2009-03-08 06:31:44 . 2009-03-08 06:31:44 348160 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\dxtmsft.dll

2009-03-08 06:31:38 . 2009-03-08 06:31:38 216064 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\dxtrans.dll

2009-03-08 06:31:38 . 2009-03-08 06:31:38 34816 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\imgutil.dll

2009-03-08 06:31:36 . 2009-03-08 06:31:36 46592 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\pngfilt.dll

2009-03-08 06:31:26 . 2009-03-08 06:31:26 66560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshtmled.dll

2009-03-08 06:31:18 . 2009-03-08 06:31:18 48128 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshtmler.dll

2009-03-08 06:31:02 . 2009-03-08 06:31:02 45568 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshta.exe

2009-03-08 06:31:02 . 2009-03-08 06:31:02 1638912 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\mshtml.tlb

2009-03-08 06:30:56 . 2009-03-08 06:30:56 66560 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\tdc.ocx

2009-03-08 06:24:28 . 2009-03-08 06:24:28 68608 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\hmmapi.dll

2009-03-08 06:22:46 . 2009-03-08 06:22:46 164352 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieui.dll

2009-03-08 06:22:38 . 2009-03-08 06:22:38 156160 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msls31.dll

2009-03-08 06:15:06 . 2009-03-08 06:15:06 57667 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieuinit.inf

2009-03-08 06:11:12 . 2009-03-08 06:11:12 445952 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieapfltr.dll

2009-03-08 05:45:00 . 2009-03-08 05:45:00 460 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\install.ins

2009-02-21 03:21:24 . 2009-02-21 03:21:24 529818 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iexplore.chm

2009-02-13 00:20:42 . 2009-02-13 00:20:42 5630 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\eula.rtf

2009-02-06 23:07:58 . 2009-02-06 23:07:58 3698584 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieapfltr.dat

2009-01-11 23:05:26 . 2009-01-11 23:05:26 2649 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ie8props.propdesc

2009-01-11 23:05:26 . 2009-01-11 23:05:26 12593 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieeula.chm

2009-01-11 23:05:26 . 2009-01-11 23:05:26 13874 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\iesupp.chm

2009-01-07 20:21:50 . 2009-01-07 20:21:50 781 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\update.exe.manifest

2009-01-07 20:21:46 . 2009-01-07 20:21:46 1876 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msfeeds.mof

2009-01-07 20:21:46 . 2009-01-07 20:21:46 1938 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msfeedsbs.mof

2009-01-07 20:21:04 . 2009-01-07 20:21:04 121856 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\xmllite.dll

2009-01-07 20:21:02 . 2009-01-07 20:21:02 755744 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\update.exe

2009-01-07 20:21:02 . 2009-01-07 20:21:02 382496 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\update\updspapi.dll

2009-01-07 20:21:00 . 2009-01-07 20:21:00 26144 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\spupdsvc.exe

2009-01-07 20:20:58 . 2009-01-07 20:20:58 16928 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\spmsg.dll

2009-01-07 20:20:58 . 2009-01-07 20:20:58 231456 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\spuninst.exe

2009-01-07 20:20:54 . 2009-01-07 20:20:54 134144 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\sqmapi.dll

2009-01-07 20:20:52 . 2009-01-07 20:20:52 1022976 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\browseui.dll

2009-01-07 20:20:52 . 2009-01-07 20:20:52 1497088 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\shdocvw.dll

2009-01-07 20:20:52 . 2009-01-07 20:20:52 474112 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\shlwapi.dll

2009-01-07 20:20:38 . 2009-01-07 20:20:38 24576 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\nlsdl.dll

2009-01-07 20:20:36 . 2009-01-07 20:20:36 26112 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\idndl.dll

2009-01-07 20:20:36 . 2009-01-07 20:20:36 23552 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\normaliz.dll

2009-01-07 20:20:36 . 2009-01-07 20:20:36 59342 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\normidna.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 45794 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\normnfc.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 39284 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\normnfd.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 66384 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\normnfkc.nls

2009-01-07 20:20:36 . 2009-01-07 20:20:36 60294 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\support\normnfkd.nls

2009-01-07 20:20:26 . 2009-01-07 20:20:26 19884 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\feeddisc.wav

2009-01-07 20:20:26 . 2009-01-07 20:20:26 23308 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\infobar.wav

2009-01-07 20:20:26 . 2009-01-07 20:20:26 11340 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\navstart.wav

2009-01-07 20:20:26 . 2009-01-07 20:20:26 85548 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\popupblk.wav

2009-01-07 20:20:20 . 2009-01-07 20:20:20 8798 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\icrav03.rat

2009-01-07 20:20:20 . 2009-01-07 20:20:20 65 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\occache.ini

2009-01-07 20:20:20 . 2009-01-07 20:20:20 1988 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ticrf.rat

2009-01-07 20:20:20 . 2009-01-07 20:20:20 65 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\webcheck.ini

2009-01-07 20:20:18 . 2009-01-07 20:20:18 54279 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\ieakmmc.chm

2009-01-07 20:20:18 . 2009-01-07 20:20:18 265720 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\msdbg2.dll

2009-01-07 20:20:18 . 2009-01-07 20:20:18 355832 -c--a-w- C:\f6ed0acd7f9feaa12a9d597d17a9aa\pdm.dll

 

 

------- Sigcheck -------

 

[-] 2008-04-14 00:12:20 . DC7C3534CF32C669705016AAE6D8A334 . 1423872 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe

[7] 2008-04-14 00:12:20 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\VITrans\explorer.exe

[7] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[7] 2008-04-14 00:12:19 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\explorer.exe

[-] 2007-06-13 11:26:03 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] . . C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 10:23:07 . 99028E42C7C95A13DFDB7F52FE1C722F . 1551360 . . [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] . . C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 07:56:49 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 14:33:12 2374464]

"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 13:04:56 428032]

"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 14:08:47 209153]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58:48 318240 ----a-w- C:\PROGRA~1\GbPlugin\gbieh.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcelo^Start Menu^Programs^Startup^Light Mule.lnk]

backup=C:\WINDOWS\pss\Light Mule.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 14:08:30 935288 -c--a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 18:09:06 63712 -c--a-w- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 06:08:38 35696 -c--a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]

2003-05-21 18:35:50 4608 -c--a-w- C:\WINDOWS\system32\carpserv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2003-02-27 00:25:26 180316 -c--a-w- C:\Program Files\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12:16 15360 -c----w- C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]

2002-08-15 14:26:10 45056 -c--a-w- C:\Program Files\HPQ\Notebook Utilities\hptasks.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

2008-04-13 22:39:20 49152 -c--a-w- C:\Program Files\Vista Drive Icon\DrvIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 18:18:56 241664 -c--a-w- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-06-25 14:24:48 49152 -c--a-w- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2002-11-05 18:51:35 188416 -c--a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 18:33:10 141600 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

2004-09-20 04:27:46 65536 -c--a-w- C:\Program Files\LClock\LClock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 19:44:26 3883840 -c--a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 01:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]

2001-07-24 21:34:25 36864 -c--a-w- C:\cpqs\scom\srmclean.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-05 04:29:01 149280 -c--a-w- C:\Program Files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

2007-04-25 12:45:44 956928 -c--a-w- C:\Program Files\VisualTooltip\VisualToolTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-03 01:32:06 204288 -c----w- C:\Program Files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\mshta.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires\\age3y.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\GbpKm.sys [21/3/2009 01:18:36 30752]

R1 SandBox;SandBox;C:\WINDOWS\system32\drivers\SandBox.sys [8/9/2009 00:28:47 704384]

R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [8/9/2009 00:25:45 1195008]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [26/1/2010 00:51:03 108289]

R2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [18/4/2007 23:35:07 54048]

R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\drivers\afw.sys [8/9/2009 00:25:56 31128]

R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [8/9/2009 00:28:15 257432]

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\drivers\aliirda.sys [24/3/2003 18:42:37 26112]

R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys [24/3/2003 18:45:53 292352]

R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [24/3/2003 18:45:53 273536]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\drivers\DP83815.sys [24/3/2003 18:42:32 16512]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [13/12/2007 13:28:40 24592]

S3 ZSMC302;LG webpro2 Camera;C:\WINDOWS\system32\drivers\usbvm302.sys [28/9/2006 20:02:46 91271]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:57:52 . 2008-07-30 15:34:12]

 

2010-02-10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3A41332-C717-4D5B-BC4F-12F89911049E}.job

- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58:32 . 2009-03-08 07:31:54]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.windowsxlive.net

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath - C:\Documents and Settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\4virql8q.default\

FF - component: C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll

FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-10 01:21:46

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(848)

C:\PROGRA~1\GBPLUGIN\gbieh.dll

C:\WINDOWS\system32\klogon.dll

C:\WINDOWS\system32\cscui.dll

.

Tempo para conclusão: 2010-02-10 01:26:38

ComboFix-quarantined-files.txt 2010-02-10 03:26:32

ComboFix2.txt 2010-02-03 17:42:58

 

Pré-execução: 29.080.612.864 bytes free

Pós execução: 29.062.148.096 bytes free

 

- - End Of File - - 1E3DB3E07A17D576C72A245633C476A0

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:03:07, on 10/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5825 bytes

 

O PC ainda está um pouco lento, a frequencia com que ele desliga diminuiu mas ele ainda apaga derrepente as vezes.

se você pudesse me passar uma lista de tudo que posso remover para deixá-lo mais rápido sem prejudicar o funcionamento do pc eu agradeceria muito.

Toda semana eu uso os programas q você mesmo me indicou da ultima vez: Spywareblaster, MV antispy, MV regclean e ccleaner

mais uma vez Obrigada!

[Power Max 54]

Os dois antivirus já foram desinstaládos mas ficaram esse resíduos que não sei como remover, mas eles não estão mais como programas instalados, como removo esses restos, principalmente do Kaspersky que detonou me PC e causou vários problemas.

:seta: Desculpe-me pela demora. Baixe e execute estes desinstaladores disponíveis nos endereços abaixo para desinstalar os resíduos do Norton e Kaspersky:

http://www.baixaki.com.br/download/norton-removal-tool.htm

http://www.baixaki.com.br/download/kaspersky-remover-tool.htm

______________________________________

 

:seta: Depois disto nos diga, por gentileza, como está seu PC.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.