[Resolvido!] remover virus

[Italo16 0]

meu avg indentifico o virus cavalo de troia generic16.azlp

no arquivo C:\WINDOWS\system32\drivers\drive.sys

 

eu fiz o scaning no SUPERAntispyware

obs: nao pediu pra reiniciar.

e o resultado do log foi esse

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/17/2010 at 11:41 PM

 

Application Version : 4.33.1000

 

Core Rules Database Version : 4597

Trace Rules Database Version: 2409

 

Scan type : Complete Scan

Total Scan Time : 00:37:44

 

Memory items scanned : 576

Memory threats detected : 0

Registry items scanned : 4833

Registry threats detected : 0

File items scanned : 14789

File threats detected : 3

 

Adware.Tracking Cookie

C:\Documents and Settings\Vânia\Cookies\vânia@hitbox[1].txt

C:\Documents and Settings\Vânia\Cookies\vânia@ehg-eset.hitbox[1].txt

C:\Documents and Settings\Vânia\Cookies\vânia@atdmt[1].txt

 

 

depois fiz o log no HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:59:13, on 17/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\HiYo\bin\HiYo.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\DOCUME~1\VNIA~1\CONFIG~1\Temp\Rar$EX00.109\Midi.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\Midi.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\Midi.exe

C:\WINDOWS\system32\GbpSv.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe

C:\Arquivos de programas\Mozilla Firefox\Firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKLM\..\Run: [] C:\Windows\System32\avg.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7930 bytes

 

 

oq devo fazer agr?

 

meu avg continua mostrando que tem virus

[MGuitar 11]

1ª Etapa

 

Você instalou um adware contido na instalação do programa HiYo, o MyStart.

 

Desinstale o HiYo pelo Adicionar ou Remover Programas e mais tarde volte a instalá-lo, sem aceitar a instalação do MyStart. Veja nas imagens abaixo e configure de tal maneira:

 

 

 

 

2ª Etapa

 

- Faça o download do '>http://linhadefensiva.org/dl/bankerfix"]BankerFix e salve-o no desktop;

 

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;

● Dê um duplo clique em bankerfix.exe;

● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;

● Clique em OK > OK. Tecle Enter e aguarde o término do scan;

● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.

● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

 

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.

[Italo16 0]

meu mozila hj apareceu com um erro de nao encontrado arquivo xul.dll reiniciei o progama e ta pegando normalmente

 

VOLTANDO A O ASSUNTO fiz as duas etapas certas e ai estao os resultados

 

AI VAI O BANKERFIX

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-02-18 - 10:48

-------------------------------------------------------

Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\Gbpsv.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\avg.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

e o HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:55:08, on 18/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Windows\System32\cmd.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\HiYo\Bin\HiYo.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7459 bytes

[Italo16 0]

depois desse processo tbm fiz o scaneamento no superantispyware

e o log de resultado foi esse

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/18/2010 at 01:59 PM

 

Application Version : 4.33.1000

 

Core Rules Database Version : 4597

Trace Rules Database Version: 2409

 

Scan type : Complete Scan

Total Scan Time : 00:40:36

 

Memory items scanned : 490

Memory threats detected : 0

Registry items scanned : 4836

Registry threats detected : 0

File items scanned : 14882

File threats detected : 1

 

Adware.Tracking Cookie

C:\Documents and Settings\Vânia\Cookies\vânia@atdmt[2].txt

[MGuitar 11]

O que o SUPERAntiSpyware encontrou foi apenas um cookie. Sempre que você acessa a Internet, cookies são criados. Não tem que se preocupar com isso. Toda vez que fizer um scan com ele, o mesmo detectará esses cookies — considerando-os Tracking Cookies. Um software de limpeza, como o CCleaner, por exemplo, limpa tais arquivos.

 

- Faça o download do '>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

[Italo16 0]

A ta certo :D ja entendi valeu!

 

o log normal

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Vânia at 2010-02-19 19:51:31

Microsoft Windows XP Professional Service Pack 3

System drive C: has 27 GB (71%) free of 38 GB

Total RAM: 895 MB (28% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:52:16, on 19/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\HiYo\bin\HiYo.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\RSIT.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\Vânia.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7614 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\OGALogon.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-12-20 1111320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}]

Flash Video Decoder for FLV - C:\WINDOWS\system32\flash10flv.dll [2010-02-07 1307136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-12-20 2043160]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

"SMSERIAL"=C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

"Hiyo"=C:\Arquivos de programas\HiYo\bin\HiYo.exe [2010-02-18 230768]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

"PowerBar"= []

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-14 1695232]

"SUPERAntiSpyware"=C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-08-25 11952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe"="C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2010-02-19 19:51:31 ----D---- C:\rsit

2010-02-18 10:46:44 ----D---- C:\Documents and Settings\Vânia\Dados de aplicativos\HiYo

2010-02-18 10:46:29 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\HiYo

2010-02-18 10:35:07 ----D---- C:\Arquivos de programas\HiYo

2010-02-17 22:45:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-02-17 22:45:28 ----D---- C:\Documents and Settings\Vânia\Dados de aplicativos\SUPERAntiSpyware.com

2010-02-17 22:45:28 ----D---- C:\Arquivos de programas\SUPERAntiSpyware

2010-02-17 22:44:36 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-02-17 22:04:16 ----A---- C:\WINDOWS\cmd.ini

2010-02-11 18:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-11 18:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-11 18:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-11 15:21:37 ----A---- C:\WINDOWS\system32\flash10flv.dll

2010-02-11 09:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-11 09:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-11 09:28:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-11 09:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-11 09:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-07 00:10:32 ----A---- C:\WINDOWS\system32\eMpnbfDTiUBcONoX.exe

2010-02-01 20:34:29 ----D---- C:\Documents and Settings\Vânia\Dados de aplicativos\Foxit

2010-02-01 20:34:27 ----D---- C:\Arquivos de programas\Foxit Software

 

======List of files/folders modified in the last 1 months======

 

2010-02-19 19:51:40 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt

2010-02-19 19:45:50 ----D---- C:\WINDOWS\Temp

2010-02-19 19:43:59 ----RD---- C:\Arquivos de programas

2010-02-19 15:36:12 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-19 15:36:07 ----D---- C:\WINDOWS\system32\CatRoot2

2010-02-19 15:25:40 ----A---- C:\WINDOWS\NeroDigital.ini

2010-02-18 13:25:32 ----D---- C:\WINDOWS\system32\drivers

2010-02-18 13:25:31 ----HD---- C:\$AVG8.VAULT$

2010-02-18 10:48:15 ----D---- C:\WINDOWS\system32

2010-02-18 10:46:38 ----SHD---- C:\WINDOWS\Installer

2010-02-18 10:46:36 ----HD---- C:\Config.Msi

2010-02-18 10:25:30 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-02-18 00:43:51 ----D---- C:\WINDOWS\system32\Restore

2010-02-17 22:44:36 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-02-17 22:33:19 ----D---- C:\WINDOWS\system32\NtmsData

2010-02-17 22:04:16 ----D---- C:\WINDOWS

2010-02-17 13:47:50 ----D---- C:\WINDOWS\Debug

2010-02-17 13:45:58 ----D---- C:\WINDOWS\Prefetch

2010-02-17 13:45:17 ----SD---- C:\WINDOWS\Tasks

2010-02-11 18:20:12 ----HD---- C:\WINDOWS\inf

2010-02-11 18:20:08 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-11 18:20:05 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-02-06 21:14:36 ----D---- C:\Arquivos de programas\Ares

2010-02-02 17:32:49 ----D---- C:\WINDOWS\Help

2010-02-01 17:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-23 13:36:03 ----D---- C:\Arquivos de programas\Internet Explorer

2010-01-23 13:35:52 ----D---- C:\WINDOWS\ie8updates

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 43520]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-25 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-25 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-25 108552]

R1 SASDIFSV;SASDIFSV; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys []

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]

R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]

R3 SASENUM;SASENUM; \??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS []

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S1 Cuzinho;net; C:\WINDOWS\system32\drivers\drive.sys []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]

R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2009-08-25 908056]

R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-08-25 297752]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]

R2 NWCWorkstation;Serviço de cliente para NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

 

-----------------EOF-----------------

 

e ai o log info txt

 

info.txt logfile of random's system information tool 1.06 2010-02-19 19:52:19

 

======Uninstall list======

 

-->C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

AMD Processor Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0416 -removeonly

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Atualização de Segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Atualização para Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

AVG Free 8.5-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

EVEREST Ultimate Edition v5.00-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Foxit Reader-->C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe

Free WMA to MP3 Converter 1.16-->"C:\Arquivos de programas\Free WMA to MP3 Converter\unins000.exe"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Documents and Settings\Vânia\Meus documentos\Downloads\HijackThis.exe" /uninstall

HiYo -->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"

HiYo-->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4}

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

HP Imaging Device Functions 7.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart and Deskjet 7.0 Software (ptb)-->C:\Arquivos de programas\HP\Digital Imaging\{D1AE6D4D-C37A-487d-83D8-C333125B2459}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (3.6)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Multimedia Launcher-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

Nero 7 Essentials-->MsiExec.exe /I{F87DA817-8D53-42CC-AA45-93A100341033}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe"

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}

Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}

Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

 

======Security center information======

 

AV: AVG Anti-Virus Free

AV: avast! antivirus 4.8.1169 [VPS 091021-0] (outdated)

 

======System event log======

 

Computer Name: V-24EC962BE4AC4

Event Code: 7036

Message: O serviço Localizador de computadores entrou no estado interrompido.

 

Record Number: 4712

Source Name: Service Control Manager

Time Written: 20100211174550.000000-120

Event Type: Informações

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 7036

Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.

 

Record Number: 4711

Source Name: Service Control Manager

Time Written: 20100211174546.000000-120

Event Type: Informações

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 7036

Message: O serviço Serviço 'Gateway de camada de aplicativo' entrou no estado executando.

 

Record Number: 4710

Source Name: Service Control Manager

Time Written: 20100211174540.000000-120

Event Type: Informações

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 7035

Message: O serviço Serviço 'Gateway de camada de aplicativo' recebeu com êxito um controle Iniciar.

 

Record Number: 4709

Source Name: Service Control Manager

Time Written: 20100211174540.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: V-24EC962BE4AC4

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado interrompido.

 

Record Number: 4708

Source Name: Service Control Manager

Time Written: 20100211174540.000000-120

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: V-24EC962BE4AC4

Event Code: 1000

Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.

 

Record Number: 1804

Source Name: Application Error

Time Written: 20091210230747.000000-120

Event Type: Erro

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 1000

Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.

 

Record Number: 1803

Source Name: Application Error

Time Written: 20091210225732.000000-120

Event Type: Erro

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 1000

Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.

 

Record Number: 1802

Source Name: Application Error

Time Written: 20091210224717.000000-120

Event Type: Erro

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 1000

Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.

 

Record Number: 1801

Source Name: Application Error

Time Written: 20091210223702.000000-120

Event Type: Erro

User:

 

Computer Name: V-24EC962BE4AC4

Event Code: 1000

Message: Aplicativo com falha nmindexstoresvr.exe, versão 1.5.3.0, módulo com falha nmindexstoresvr.exe, versão 1.5.3.0, endereço com falha 0x00069e9e.

 

Record Number: 1800

Source Name: Application Error

Time Written: 20091210215922.000000-120

Event Type: Erro

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=7f02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[MGuitar 11]

Desculpe a demora!

 

- Faça o download do '>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[Italo16 0]

ComboFix 10-03-03.03 - Vânia 04/03/2010 14:33:02.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.895.387 [GMT -3:00]

Executando de: c:\documents and settings\Vânia\Meus documentos\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1169 [VPS 091021-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\cmd.ini

c:\windows\system32\drivers\drive.sys.off

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CUZINHO

-------\Service_Cuzinho

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-04 to 2010-03-04 ))))))))))))))))))))))))))))

.

 

2010-02-24 18:53 . 2010-02-24 18:53 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-22 21:40 . 2010-02-22 22:19 -------- d-----w- c:\windows\system32\Adobe

2010-02-19 21:51 . 2010-02-19 21:52 -------- d-----w- C:\rsit

2010-02-18 12:46 . 2010-02-18 12:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HiYo

2010-02-18 12:35 . 2010-02-18 12:46 -------- d-----w- c:\arquivos de programas\HiYo

2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-02-11 17:21 . 2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll

2010-02-07 02:10 . 2008-04-14 02:21 11776 ----a-w- c:\windows\system32\eMpnbfDTiUBcONoX.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-21 02:26 . 2001-10-28 15:07 48846 ----a-w- c:\windows\system32\perfc016.dat

2010-02-21 02:26 . 2001-10-28 15:07 344734 ----a-w- c:\windows\system32\perfh016.dat

2010-02-06 23:14 . 2009-11-04 18:33 -------- d-----w- c:\arquivos de programas\Ares

2010-02-01 22:34 . 2010-02-01 22:34 -------- d-----w- c:\arquivos de programas\Foxit Software

2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:08 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2009-08-13 23:07 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-04 18:22 . 2004-08-04 02:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2004-10-01 18:00 . 2009-08-13 23:37 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}]

2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 13:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-12-20 2043160]

"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"Hiyo"="c:\arquivos de programas\HiYo\bin\HiYo.exe" [2010-02-18 230768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 16:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-25 22:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/8/2009 20:29 75856]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/8/2009 19:03 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/8/2009 19:03 108552]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [5/1/2010 06:56 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [5/1/2010 06:56 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/8/2009 20:29 20560]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [25/8/2009 19:03 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [25/8/2009 19:03 297752]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [5/1/2010 06:56 7408]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://mystart.hiyo.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {098FDC35-D3D8-46EB-BEFA-9121837A50B6} = 200.223.0.83 200.223.0.84

FF - ProfilePath - c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-PowerBar - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-04 14:41

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ?Y?????????????????????????????????????????????????????????? ??|`??|????]??|?`?w????????pY????@?8?@?????pY??c"?s???s??????@?????N'?s?W2?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?sd{2??$@?8?@?8?@?????????p{2??C2????s???s`W2?PC2??C2?0i?s?????????W2????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(672)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

 

- - - - - - - > 'explorer.exe'(3816)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wdfmgr.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\RTHDCPL.EXE

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-04 14:47:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-04 17:47

 

Pré-execução: 6 pasta(s) 27.907.305.472 bytes disponíveis

Pós execução: 10 pasta(s) 27.819.761.664 bytes disponíveis

 

- - End Of File - - D3E3C553E37815856B8ABA1380FA8961

[MGuitar 11]

Você está com dois antivirus: Avast! e AVG. Isto não é recomendável. Sugiro que escolha apenas um e desinstale o outro. Pois além de fazer com que o sistema perca mais em desempenho, pode haver conflitos entre ambos.

 

Executando de: c:\documents and settings\Vânia\Meus documentos\Downloads\ComboFix.exe

O ComboFix deve estar salvo no desktop. Delete-o e baixe-o aqui'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]aqui novamente, salvando no desktop desta vez, para que possamos prosseguir com as instruções abaixo.

 

Selecione o texto abaixo e copie (a partir de File). Cole no Bloco de Notas e salve no desktop com o nome de CFScript.txt

 

File::

c:\windows\system32\eMpnbfDTiUBcONoX.exe

 

SysRst::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

[Italo16 0]

combofix txt

 

ComboFix 10-03-05.06 - Vânia 06/03/2010 16:51:26.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.895.539 [GMT -3:00]

Executando de: c:\documents and settings\Vânia\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Vânia\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1169 [VPS 091021-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\windows\system32\eMpnbfDTiUBcONoX.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\eMpnbfDTiUBcONoX.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-06 to 2010-03-06 ))))))))))))))))))))))))))))

.

 

2010-02-24 18:53 . 2010-02-24 18:53 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-02-22 21:40 . 2010-02-22 22:19 -------- d-----w- c:\windows\system32\Adobe

2010-02-19 21:51 . 2010-02-19 21:52 -------- d-----w- C:\rsit

2010-02-18 12:46 . 2010-02-18 12:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HiYo

2010-02-18 12:35 . 2010-02-18 12:46 -------- d-----w- c:\arquivos de programas\HiYo

2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2010-02-18 00:45 . 2010-02-18 00:45 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2010-02-11 17:21 . 2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-21 02:26 . 2001-10-28 15:07 48846 ----a-w- c:\windows\system32\perfc016.dat

2010-02-21 02:26 . 2001-10-28 15:07 344734 ----a-w- c:\windows\system32\perfh016.dat

2010-02-06 23:14 . 2009-11-04 18:33 -------- d-----w- c:\arquivos de programas\Ares

2010-02-01 22:34 . 2010-02-01 22:34 -------- d-----w- c:\arquivos de programas\Foxit Software

2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:08 . 2004-08-04 03:45 916480 ------w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2009-08-13 23:07 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll

2004-10-01 18:00 . 2009-08-13 23:37 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

06/03/2010 13:49 641320 c:\arquivos de programas\Alwil Software\Avast4\DATA\aswar0.dll

10/02/2010 18:35 641320 \RP100\A0040215.dll

09/02/2010 12:20 641320 \RP99\A0040151.dll

 

06/03/2010 13:49 391216 c:\arquivos de programas\Alwil Software\Avast4\DATA\clnr0.dll

10/02/2010 18:35 391216 \RP100\A0040216.dll

09/02/2010 12:20 391216 \RP99\A0040149.dll

 

06/03/2010 13:49 10536 c:\arquivos de programas\Alwil Software\Avast4\DATA\exts0.dll

10/02/2010 18:35 10536 \RP100\A0040217.dll

09/02/2010 12:20 10536 \RP99\A0040150.dll

 

06/03/2010 13:49 3747800 c:\arquivos de programas\Alwil Software\Avast4\DATA\uiaux0.dll

10/02/2010 18:35 3747800 \RP100\A0040218.dll

09/02/2010 12:20 3747800 \RP99\A0040152.dll

 

c:\arquivos de programas\AVG\AVG8\avg7api.dll

25/08/2009 19:03 222488 \RP112\A0055104.dll

 

c:\arquivos de programas\AVG\AVG8\avgabout.dll

08/10/2009 09:57 1216280 \RP112\A0055054.dll

 

c:\arquivos de programas\AVG\AVG8\avgamnot.dll

25/08/2009 19:03 271640 \RP112\A0055101.dll

 

c:\arquivos de programas\AVG\AVG8\avgapix.dll

25/08/2009 19:03 1262872 \RP112\A0055105.dll

 

c:\arquivos de programas\AVG\AVG8\avgcclix.dll

25/08/2009 19:03 418072 \RP112\A0055108.dll

 

c:\arquivos de programas\AVG\AVG8\avgcfgex.exe

25/08/2009 19:03 730392 \RP112\A0055037.exe

 

c:\arquivos de programas\AVG\AVG8\avgcfgx.dll

25/08/2009 19:03 836888 \RP112\A0055092.dll

 

c:\arquivos de programas\AVG\AVG8\avgclitx.dll

25/08/2009 19:03 390424 \RP112\A0055110.dll

 

c:\arquivos de programas\AVG\AVG8\avgcmgr.exe

20/12/2009 08:53 845080 \RP112\A0055061.exe

 

c:\arquivos de programas\AVG\AVG8\avgcorex.dll

10/02/2010 18:54 2067224 \RP112\A0055106.dll

 

c:\arquivos de programas\AVG\AVG8\avgcrlpx.dll

25/08/2009 19:03 70424 \RP112\A0055107.dll

 

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

25/08/2009 19:03 693016 \RP112\A0055109.exe

 

c:\arquivos de programas\AVG\AVG8\avgdumpx.exe

25/08/2009 19:03 100120 \RP112\A0055038.exe

 

c:\arquivos de programas\AVG\AVG8\avgemc.exe

25/08/2009 19:03 908056 \RP112\A0055041.exe

 

c:\arquivos de programas\AVG\AVG8\avgfrw.exe

25/08/2009 19:03 1217816 \RP112\A0055056.exe

 

c:\arquivos de programas\AVG\AVG8\avginet.dll

20/12/2009 08:42 759064 \RP112\A0055048.dll

 

c:\arquivos de programas\AVG\AVG8\avgiproxy.exe

25/08/2009 19:03 587032 \RP112\A0055049.exe

 

c:\arquivos de programas\AVG\AVG8\avglngx.dll

25/08/2009 19:03 310552 \RP112\A0055095.dll

 

c:\arquivos de programas\AVG\AVG8\avglogx.dll

25/08/2009 19:03 337176 \RP112\A0055111.dll

 

c:\arquivos de programas\AVG\AVG8\avglvex.dll

25/08/2009 19:03 197912 \RP112\A0055115.dll

 

c:\arquivos de programas\AVG\AVG8\avgmail.dll

25/08/2009 19:03 177432 \RP112\A0055040.dll

 

c:\arquivos de programas\AVG\AVG8\avgmvflx.dll

25/08/2009 19:03 305944 \RP112\A0055102.dll

 

c:\arquivos de programas\AVG\AVG8\avgnsx.exe

25/08/2009 19:03 595736 \RP112\A0055113.exe

 

c:\arquivos de programas\AVG\AVG8\avgoff2k.dll

25/08/2009 19:03 264984 \RP112\A0055042.dll

 

c:\arquivos de programas\AVG\AVG8\avgpp.dll

25/08/2009 19:03 87320 \RP112\A0055063.dll

 

c:\arquivos de programas\AVG\AVG8\avgresf.dll

25/08/2009 19:03 2352920 \RP112\A0055058.dll

 

c:\arquivos de programas\AVG\AVG8\avgrsx.exe

25/08/2009 19:03 486680 \RP112\A0055112.exe

 

c:\arquivos de programas\AVG\AVG8\avgscanx.dll

29/12/2009 12:00 340736 \RP112\A0055093.dll

 

c:\arquivos de programas\AVG\AVG8\avgscanx.exe

29/12/2009 12:00 761600 \RP112\A0055035.exe

 

c:\arquivos de programas\AVG\AVG8\avgsched.dll

25/08/2009 19:03 530712 \RP112\A0055096.dll

 

c:\arquivos de programas\AVG\AVG8\avgse.dll

25/08/2009 19:03 114968 \RP112\A0055060.dll

 

c:\arquivos de programas\AVG\AVG8\avgsrmax.exe

25/08/2009 19:03 341272 \RP112\A0055094.exe

 

c:\arquivos de programas\AVG\AVG8\avgsrmx.dll

20/12/2009 08:53 682776 \RP112\A0055036.dll

 

c:\arquivos de programas\AVG\AVG8\avgssie.dll

20/12/2009 08:53 1111320 \RP112\A0055062.dll

 

c:\arquivos de programas\AVG\AVG8\avgtbapi.dll

25/08/2009 19:03 493848 \RP112\A0055083.dll

 

c:\arquivos de programas\AVG\AVG8\AVGToolbarInstall.exe

25/08/2009 19:03 839808 \RP112\A0055084.exe

 

c:\arquivos de programas\AVG\AVG8\avgtray.exe

20/12/2009 08:53 2043160 \RP112\A0055053.exe

 

c:\arquivos de programas\AVG\AVG8\avgui.exe

10/02/2010 18:54 3533592 \RP112\A0055055.exe

 

c:\arquivos de programas\AVG\AVG8\avguiadv.dll

25/08/2009 19:03 2308888 \RP112\A0055059.dll

 

c:\arquivos de programas\AVG\AVG8\avguires.dll

25/08/2009 19:03 2808600 \RP112\A0055057.dll

 

c:\arquivos de programas\AVG\AVG8\avgupd.dll

20/12/2009 08:43 1478936 \RP112\A0055103.dll

 

c:\arquivos de programas\AVG\AVG8\avgupd.exe

20/12/2009 08:43 1143064 \RP112\A0055050.exe

 

c:\arquivos de programas\AVG\AVG8\avgvvx.dll

25/08/2009 19:03 515864 \RP112\A0055098.dll

 

c:\arquivos de programas\AVG\AVG8\avgwd.dll

25/08/2009 19:03 1262368 \RP112\A0055097.dll

 

c:\arquivos de programas\AVG\AVG8\avgwdsvc.exe

25/08/2009 19:03 297752 \RP112\A0055099.exe

 

c:\arquivos de programas\AVG\AVG8\avgwdwsc.dll

25/08/2009 19:03 423424 \RP112\A0055100.dll

 

c:\arquivos de programas\AVG\AVG8\avgxpl.dll

25/08/2009 19:03 1008920 \RP112\A0055114.dll

 

c:\arquivos de programas\AVG\AVG8\dbghelp.dll

25/08/2009 19:03 1045128 \RP112\A0055085.dll

 

c:\arquivos de programas\AVG\AVG8\Firefox\Components\avgssff.dll

25/08/2009 19:03 1033496 \RP112\A0055033.dll

 

c:\arquivos de programas\AVG\AVG8\fixcfg.exe

25/08/2009 19:03 423192 \RP112\A0055039.exe

 

c:\arquivos de programas\AVG\AVG8\libsasl.dll

25/08/2009 19:03 53528 \RP112\A0055043.dll

 

c:\arquivos de programas\AVG\AVG8\saslcrammd5.dll

25/08/2009 19:03 18200 \RP112\A0055046.dll

 

c:\arquivos de programas\AVG\AVG8\sasldigestmd5.dll

25/08/2009 19:03 36632 \RP112\A0055047.dll

 

c:\arquivos de programas\AVG\AVG8\sasllogin.dll

25/08/2009 19:03 16664 \RP112\A0055044.dll

 

c:\arquivos de programas\AVG\AVG8\saslplain.dll

25/08/2009 19:03 16664 \RP112\A0055045.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils2.dll

02/09/2009 11:58 103680 \RP91\A0037889.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils3.dll

02/09/2009 11:58 103680 \RP91\A0037890.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\IGeared_tavgp_xputils35.dll

02/09/2009 11:58 103680 \RP91\A0037891.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared-old\components\xpavgtbapi.dll

02/09/2009 11:58 99584 \RP91\A0037892.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

25/11/2009 12:01 111872 \RP112\A0055079.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

25/11/2009 12:01 111872 \RP112\A0055080.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

25/11/2009 12:01 111872 \RP112\A0055081.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

25/11/2009 12:01 99584 \RP112\A0055082.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\IE8Lib.dll

08/07/2009 05:09 59136 \RP112\A0055064.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

02/09/2009 10:58 1107200 \RP112\A0055129.dll

 

c:\arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe

02/09/2009 10:58 255232 \RP112\A0055130.exe

 

18/02/2010 09:34 623448 c:\arquivos de programas\HiYo\Bin\HiYo_Install.exe

09/02/2010 21:43 623448 \RP107\A0041980.exe

 

21/12/2009 16:07 246272 c:\arquivos de programas\Internet Explorer\ieproxy.dll

29/08/2009 04:57 246272 \RP85\A0032912.dll

29/10/2009 04:42 246272 \RP97\A0039227.dll

 

21/12/2009 16:08 12800 c:\arquivos de programas\Internet Explorer\xpshims.dll

29/08/2009 04:57 12800 \RP85\A0032911.dll

29/10/2009 04:42 12800 \RP97\A0039226.dll

 

16/01/2010 00:18 17880 c:\arquivos de programas\Mozilla Firefox\AccessibleMarshal.dll

06/01/2010 19:14 17880 \RP104\A0041663.dll

17/12/2009 13:21 17880 \RP92\A0038356.dll

 

16/01/2010 00:18 23000 c:\arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll

06/01/2010 19:14 23512 \RP104\A0041699.dll

17/12/2009 13:21 23512 \RP92\A0038358.dll

 

16/01/2010 00:18 138712 c:\arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll

06/01/2010 19:15 137176 \RP104\A0041700.dll

17/12/2009 13:21 137176 \RP92\A0038359.dll

 

16/01/2010 00:18 120792 c:\arquivos de programas\Mozilla Firefox\crashreporter.exe

06/01/2010 19:15 120280 \RP104\A0041656.exe

17/12/2009 13:21 120280 \RP92\A0038360.exe

 

16/01/2010 00:18 910296 c:\arquivos de programas\Mozilla Firefox\firefox.exe

06/01/2010 19:15 908248 \RP104\A0041654.exe

17/12/2009 13:21 908248 \RP92\A0038361.exe

 

15/01/2010 21:13 249856 c:\arquivos de programas\Mozilla Firefox\freebl3.dll

06/01/2010 19:15 249856 \RP104\A0041662.dll

17/12/2009 13:21 249856 \RP92\A0038362.dll

 

16/01/2010 00:18 1014232 c:\arquivos de programas\Mozilla Firefox\js3250.dll

06/01/2010 19:15 918488 \RP104\A0041671.dll

17/12/2009 13:21 917464 \RP92\A0038363.dll

 

16/01/2010 00:18 718296 c:\arquivos de programas\Mozilla Firefox\mozcrt19.dll

06/01/2010 19:15 722392 \RP104\A0041672.dll

17/12/2009 13:21 722392 \RP92\A0038364.dll

 

16/01/2010 00:18 169432 c:\arquivos de programas\Mozilla Firefox\nspr4.dll

06/01/2010 19:15 169432 \RP104\A0041660.dll

17/12/2009 13:21 169432 \RP92\A0038365.dll

 

16/01/2010 00:18 636376 c:\arquivos de programas\Mozilla Firefox\nss3.dll

06/01/2010 19:15 636376 \RP104\A0041673.dll

17/12/2009 13:21 636376 \RP92\A0038366.dll

 

16/01/2010 00:18 341464 c:\arquivos de programas\Mozilla Firefox\nssckbi.dll

06/01/2010 19:15 316888 \RP104\A0041661.dll

17/12/2009 13:21 316888 \RP92\A0038368.dll

 

15/01/2010 21:13 98304 c:\arquivos de programas\Mozilla Firefox\nssdbm3.dll

06/01/2010 19:15 98304 \RP104\A0041659.dll

17/12/2009 13:21 98304 \RP92\A0038369.dll

 

16/01/2010 00:18 87512 c:\arquivos de programas\Mozilla Firefox\nssutil3.dll

06/01/2010 19:15 87512 \RP104\A0041674.dll

17/12/2009 13:21 87512 \RP92\A0038370.dll

 

16/01/2010 00:18 20440 c:\arquivos de programas\Mozilla Firefox\plc4.dll

06/01/2010 19:15 20440 \RP104\A0041676.dll

17/12/2009 13:21 20440 \RP92\A0038372.dll

 

16/01/2010 00:18 17368 c:\arquivos de programas\Mozilla Firefox\plds4.dll

06/01/2010 19:15 17368 \RP104\A0041677.dll

17/12/2009 13:21 17368 \RP92\A0038373.dll

 

c:\arquivos de programas\Mozilla Firefox\plugins\np_gp.dll

17/12/2009 15:37 31936 \RP92\A0038499.dll

 

16/01/2010 00:18 64984 c:\arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

06/01/2010 19:15 64984 \RP104\A0041698.dll

17/12/2009 13:21 64984 \RP92\A0038374.dll

 

16/01/2010 00:18 103896 c:\arquivos de programas\Mozilla Firefox\smime3.dll

06/01/2010 19:15 103896 \RP104\A0041678.dll

17/12/2009 13:21 103896 \RP92\A0038375.dll

 

15/01/2010 21:13 155648 c:\arquivos de programas\Mozilla Firefox\softokn3.dll

06/01/2010 19:15 155648 \RP104\A0041679.dll

17/12/2009 13:21 155648 \RP92\A0038376.dll

 

16/01/2010 00:18 458200 c:\arquivos de programas\Mozilla Firefox\sqlite3.dll

06/01/2010 19:15 457688 \RP104\A0041658.dll

17/12/2009 13:21 457688 \RP92\A0038377.dll

 

16/01/2010 00:18 136664 c:\arquivos de programas\Mozilla Firefox\ssl3.dll

06/01/2010 19:15 136664 \RP104\A0041680.dll

17/12/2009 13:21 136664 \RP92\A0038378.dll

 

16/01/2010 00:18 553152 c:\arquivos de programas\Mozilla Firefox\uninstall\helper.exe

06/01/2010 19:15 553216 \RP104\A0041710.exe

17/12/2009 13:21 553216 \RP92\A0038379.exe

 

16/01/2010 00:18 243160 c:\arquivos de programas\Mozilla Firefox\updater.exe

06/01/2010 19:15 244696 \RP104\A0041655.exe

17/12/2009 13:21 244696 \RP92\A0038380.exe

 

16/01/2010 00:18 17880 c:\arquivos de programas\Mozilla Firefox\xpcom.dll

06/01/2010 19:15 17880 \RP104\A0041657.dll

17/12/2009 13:21 17880 \RP92\A0038381.dll

 

16/01/2010 00:18 11623896 c:\arquivos de programas\Mozilla Firefox\xul.dll

06/01/2010 19:15 10810840 \RP104\A0041633.dll

17/12/2009 13:21 10802648 \RP92\A0038382.dll

 

c:\arquivos de programas\NOS\bin\getPlus_Helper.dll

17/12/2009 15:37 67360 \RP92\A0038501.dll

 

c:\arquivos de programas\NOS\bin\getPlusPlus_Adobe.exe

17/12/2009 15:37 349552 \RP92\A0038500.exe

 

c:\arquivos de programas\Windows Live\Messenger\ampFsETkdKZAzbIve.dll

06/02/2010 23:10 1307136 \RP101\A0040300.dll

 

c:\arquivos de programas\Word Password Recover Genie\unins000.exe

27/06/2004 07:00 77257 \RP104\A0041807.exe

 

c:\arquivos de programas\Word Password Recover Genie\WordKey.exe

12/03/2006 12:29 731136 \RP104\A0041806.exe

 

c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll

24/07/2009 09:55 1090816 \RP112\A0055065.dll

 

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

16/01/2010 13:01 2066200 \RP107\A0041953.dll

29/12/2009 12:00 2066200 \RP97\A0039473.dll

 

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

30/11/2009 10:28 2029336 \RP91\A0037991.exe

 

c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgui.exe

30/11/2009 10:28 3514648 \RP91\A0037992.exe

 

c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

17/12/2009 15:37 29344 \RP92\A0038502.exe

 

c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

17/12/2009 15:37 31936 \RP92\A0038504.dll

 

21/02/2010 19:02 52224 c:\documents and settings\Vânia\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

17/02/2010 21:59 52224 \RP107\A0042224.dll

 

21/02/2010 19:02 117760 c:\documents and settings\Vânia\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

17/02/2010 21:59 117760 \RP107\A0042223.DLL

 

c:\windows\_000004_.tmp.dll

17/12/2009 05:22 9383 \RP101\A0040239.dll

13/10/2009 08:23 9370 \RP83\A0031659.dll

 

c:\windows\_000005_.tmp.dll

27/11/2009 14:51 10795 \RP101\A0040253.dll

21/11/2009 14:03 11111 \RP93\A0038877.dll

 

c:\windows\_000006_.tmp.dll

21/10/2009 03:20 12194 \RP83\A0031682.dll

 

c:\windows\_000008_.tmp.dll

27/11/2009 14:13 15031 \RP101\A0040243.dll

 

c:\windows\_000009_.tmp.dll

21/11/2009 07:25 10999 \RP84\A0032729.dll

 

c:\windows\_000035_.tmp.dll

29/10/2009 06:53 18258 \RP85\A0032902.dll

05/01/2010 18:27 18271 \RP97\A0039217.dll

 

21/11/2009 12:58 471552 c:\windows\AppPatch\aclayers.dll

13/04/2008 23:20 451072 \RP93\A0038885.dll

 

04/12/2009 15:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys

24/10/2008 08:21 455296 \RP102\A0040312.sys

 

c:\windows\inf\_000000_.tmp.dll

05/01/2010 15:43 926 \RP101\A0040238.dll

21/11/2009 13:10 926 \RP97\A0039204.dll

 

18/02/2010 09:46 15086 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\ARPPRODUCTICON.exe

09/02/2010 21:59 15086 \RP107\A0041983.exe

 

18/02/2010 09:46 15086 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut1_644D622AEF3D40E290EE92523E2DA87A.exe

09/02/2010 21:59 15086 \RP107\A0041984.exe

 

18/02/2010 09:46 15086 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut2_569C74F853D147C0802E971DD74EC31B.exe

09/02/2010 21:59 15086 \RP107\A0041985.exe

 

18/02/2010 09:46 8854 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut3_661346DFE29D45B2AB0F791526D873EC.exe

09/02/2010 21:59 8854 \RP107\A0041986.exe

 

18/02/2010 09:46 25214 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut5_DDCE803CDC5C411082D68C5AD6497A2A.exe

09/02/2010 21:59 25214 \RP107\A0041987.exe

 

18/02/2010 09:46 17542 c:\windows\Installer\{00E1E235-AB45-4695-A156-073118949ED4}\NewShortcut6_D93733619CA548BBB3075870A1681AAB.exe

09/02/2010 21:59 17542 \RP107\A0041988.exe

 

25/10/2009 06:11 77312 c:\windows\MBR.exe

25/10/2009 06:11 77312 \RP112\A0055150.exe

 

c:\windows\system32\_000005_.tmp.dll

13/04/2008 23:20 32256 \RP101\A0040272.dll

 

c:\windows\system32\avg.exe

\RP107\A0041992.exe

 

c:\windows\system32\avgrsstx.dll

25/08/2009 19:03 11952 \RP112\A0055086.dll

 

27/11/2009 13:08 85504 c:\windows\system32\avifil32.dll

10/06/2009 11:14 85504 \RP101\A0040248.dll

 

27/11/2009 13:08 85504 c:\windows\system32\dllcache\avifil32.dll

10/06/2009 11:14 85504 \RP101\A0040250.dll

 

15/10/2009 13:32 81920 c:\windows\system32\dllcache\fontsub.dll

29/07/2009 01:36 81920 \RP93\A0038875.dll

 

21/12/2009 10:22 173056 c:\windows\system32\dllcache\ie4uinit.exe

28/08/2009 07:38 173056 \RP85\A0032927.exe

28/10/2009 11:40 173056 \RP97\A0039242.exe

 

21/12/2009 16:07 387584 c:\windows\system32\dllcache\iedkcs32.dll

29/08/2009 04:57 387584 \RP85\A0032926.dll

29/10/2009 04:42 387584 \RP97\A0039241.dll

 

21/12/2009 16:07 11070464 c:\windows\system32\dllcache\ieframe.dll

29/08/2009 04:57 11069440 \RP85\A0032925.dll

29/10/2009 04:42 11069952 \RP97\A0039240.dll

 

21/12/2009 16:07 184320 c:\windows\system32\dllcache\iepeers.dll

29/08/2009 04:57 184320 \RP85\A0032924.dll

29/10/2009 04:42 184320 \RP97\A0039239.dll

 

21/12/2009 16:07 246272 c:\windows\system32\dllcache\ieproxy.dll

29/08/2009 04:57 246272 \RP85\A0032923.dll

29/10/2009 04:42 246272 \RP97\A0039238.dll

 

21/12/2009 16:07 1985536 c:\windows\system32\dllcache\iertutil.dll

29/08/2009 04:57 1985536 \RP85\A0032922.dll

29/10/2009 04:42 1985536 \RP97\A0039237.dll

 

09/12/2009 02:54 726528 c:\windows\system32\dllcache\jscript.dll

22/06/2009 03:48 726528 \RP108\A0051493.dll

 

21/12/2009 16:07 25600 c:\windows\system32\dllcache\jsproxy.dll

29/08/2009 04:57 25600 \RP85\A0032920.dll

29/10/2009 04:42 25600 \RP97\A0039235.dll

 

04/12/2009 15:22 455424 c:\windows\system32\dllcache\mrxsmb.sys

24/10/2008 08:21 455296 \RP102\A0040313.sys

 

21/12/2009 16:07 594432 c:\windows\system32\dllcache\msfeeds.dll

29/08/2009 04:57 594432 \RP85\A0032919.dll

29/10/2009 04:42 594432 \RP97\A0039234.dll

 

21/12/2009 16:07 55296 c:\windows\system32\dllcache\msfeedsbs.dll

29/08/2009 04:57 55296 \RP85\A0032918.dll

29/10/2009 04:42 55296 \RP97\A0039233.dll

 

21/12/2009 16:07 5942784 c:\windows\system32\dllcache\mshtml.dll

22/10/2009 06:17 5939712 \RP85\A0032917.dll

29/10/2009 04:42 5940736 \RP97\A0039232.dll

 

27/11/2009 13:08 28672 c:\windows\system32\dllcache\msvidc32.dll

28/10/2001 12:07 25600 \RP101\A0040249.dll

 

21/12/2009 16:07 206848 c:\windows\system32\dllcache\occache.dll

29/08/2009 04:57 206848 \RP85\A0032916.dll

29/10/2009 04:42 206848 \RP97\A0039231.dll

 

27/11/2009 14:13 1296384 c:\windows\system32\dllcache\quartz.dll

03/06/2009 16:10 1295872 \RP101\A0040256.dll

 

31/12/2009 13:50 353792 c:\windows\system32\dllcache\srv.sys

11/12/2008 07:57 333952 \RP102\A0040319.sys

 

15/10/2009 13:32 119808 c:\windows\system32\dllcache\t2embed.dll

29/07/2009 01:36 119808 \RP93\A0038874.dll

 

21/12/2009 16:08 1208832 c:\windows\system32\dllcache\urlmon.dll

29/08/2009 04:57 1208832 \RP85\A0032915.dll

29/10/2009 04:42 1208832 \RP97\A0039230.dll

 

25/08/2009 06:19 354816 c:\windows\system32\dllcache\winhttp.dll

16/12/2008 09:31 354304 \RP83\A0031657.dll

 

21/12/2009 16:08 916480 c:\windows\system32\dllcache\wininet.dll

29/08/2009 04:57 916480 \RP85\A0032914.dll

29/10/2009 04:42 916480 \RP97\A0039229.dll

 

21/12/2009 16:08 12800 c:\windows\system32\dllcache\xpshims.dll

29/08/2009 04:57 12800 \RP85\A0032913.dll

29/10/2009 04:42 12800 \RP97\A0039228.dll

 

c:\windows\system32\drivers\_000005_.tmp.dll

24/10/2008 08:21 455296 \RP102\A0040311.dll

11/12/2008 07:57 333952 \RP102\A0040318.dll

 

c:\windows\system32\drivers\_000007_.tmp.dll

13/04/2008 15:53 264832 \RP83\A0031683.dll

 

c:\windows\system32\drivers\avgldx86.sys

25/08/2009 19:03 335240 \RP112\A0055117.sys

 

c:\windows\system32\drivers\avgmfx86.sys

25/08/2009 19:03 27784 \RP112\A0055116.sys

 

c:\windows\system32\drivers\avgtdix.sys

25/08/2009 19:03 108552 \RP112\A0055118.sys

 

c:\windows\system32\drivers\drive.sys

\RP105\A0041854.sys

\RP107\A0042010.sys

 

c:\windows\system32\eMpnbfDTiUBcONoX.exe

13/04/2008 23:21 11776 \RP112\A0055167.exe

 

15/10/2009 13:32 81920 c:\windows\system32\fontsub.dll

29/07/2009 01:36 81920 \RP93\A0038873.dll

 

c:\windows\system32\GbpSv.exe

\RP107\A0041991.exe

 

21/10/2009 02:39 25088 c:\windows\system32\httpapi.dll

13/04/2008 23:20 24576 \RP83\A0031694.dll

 

21/12/2009 10:22 173056 c:\windows\system32\ie4uinit.exe

28/08/2009 07:38 173056 \RP85\A0032910.exe

28/10/2009 11:40 173056 \RP97\A0039225.exe

 

21/12/2009 16:07 387584 c:\windows\system32\iedkcs32.dll

29/08/2009 04:57 387584 \RP85\A0032909.dll

29/10/2009 04:42 387584 \RP97\A0039224.dll

 

21/12/2009 16:07 11070464 c:\windows\system32\ieframe.dll

29/08/2009 04:57 11069440 \RP85\A0032953.dll

29/10/2009 04:42 11069952 \RP97\A0039254.dll

 

21/12/2009 16:07 184320 c:\windows\system32\iepeers.dll

29/08/2009 04:57 184320 \RP85\A0032908.dll

29/10/2009 04:42 184320 \RP97\A0039223.dll

 

21/12/2009 16:07 1985536 c:\windows\system32\iertutil.dll

29/08/2009 04:57 1985536 \RP85\A0032952.dll

29/10/2009 04:42 1985536 \RP97\A0039253.dll

 

27/11/2009 13:08 48128 c:\windows\system32\iyuv_32.dll

13/04/2008 23:20 47616 \RP101\A0040247.dll

 

09/12/2009 02:54 726528 c:\windows\system32\jscript.dll

22/06/2009 03:48 726528 \RP108\A0051492.dll

 

21/12/2009 16:07 25600 c:\windows\system32\jsproxy.dll

29/08/2009 04:57 25600 \RP85\A0032906.dll

29/10/2009 04:42 25600 \RP97\A0039221.dll

 

28/10/2009 00:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll

18/07/2009 00:21 3883424 \RP92\A0038486.dll

 

28/10/2009 00:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

18/07/2009 00:21 257440 \RP92\A0038487.exe

 

06/01/2010 20:59 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

16/08/2009 18:27 85173 \RP92\A0038488.exe

 

01/02/2010 16:26 30364104 c:\windows\system32\MRT.exe

04/01/2010 21:17 29634504 \RP102\A0040315.exe

01/12/2009 17:06 25966024 \RP93\A0038869.exe

 

21/12/2009 16:07 594432 c:\windows\system32\msfeeds.dll

29/08/2009 04:57 594432 \RP85\A0032951.dll

29/10/2009 04:42 594432 \RP97\A0039252.dll

 

21/12/2009 16:07 55296 c:\windows\system32\msfeedsbs.dll

29/08/2009 04:57 55296 \RP85\A0032950.dll

29/10/2009 04:42 55296 \RP97\A0039251.dll

 

21/12/2009 16:07 5942784 c:\windows\system32\mshtml.dll

22/10/2009 06:17 5939712 \RP85\A0032949.dll

29/10/2009 04:42 5940736 \RP97\A0039250.dll

 

17/12/2009 04:41 345600 c:\windows\system32\mspaint.exe

13/04/2008 23:21 345600 \RP101\A0040240.exe

 

27/11/2009 13:08 11264 c:\windows\system32\msrle32.dll

13/04/2008 23:20 11264 \RP101\A0040246.dll

 

27/11/2009 13:08 28672 c:\windows\system32\msvidc32.dll

28/10/2001 12:07 25600 \RP101\A0040245.dll

 

27/11/2009 14:13 17920 c:\windows\system32\msyuv.dll

13/04/2008 23:20 16896 \RP101\A0040255.dll

 

13/10/2009 07:34 271360 c:\windows\system32\oakley.dll

13/04/2008 23:20 271360 \RP83\A0031660.dll

13/04/2008 23:20 271360 \RP83\A0031690.dll

 

21/12/2009 16:07 206848 c:\windows\system32\occache.dll

29/08/2009 04:57 206848 \RP85\A0032905.dll

29/10/2009 04:42 206848 \RP97\A0039220.dll

 

27/11/2009 14:13 1296384 c:\windows\system32\quartz.dll

03/06/2009 16:10 1295872 \RP101\A0040254.dll

03/06/2009 16:10 1295872 \RP101\A0040270.dll

 

12/10/2009 10:39 79872 c:\windows\system32\raschap.dll

13/04/2008 23:20 79872 \RP83\A0031680.dll

13/04/2008 23:20 79872 \RP83\A0031692.dll

 

12/10/2009 10:39 150016 c:\windows\system32\rastls.dll

13/04/2008 23:20 150528 \RP83\A0031679.dll

13/04/2008 23:20 150528 \RP83\A0031691.dll

 

08/12/2009 06:24 474112 c:\windows\system32\shlwapi.dll

13/04/2008 23:20 474112 \RP101\A0040259.dll

13/04/2008 23:20 474112 \RP101\A0040271.dll

 

21/10/2009 02:39 75776 c:\windows\system32\strmfilt.dll

13/04/2008 23:20 75776 \RP83\A0031693.dll

 

15/10/2009 13:32 119808 c:\windows\system32\t2embed.dll

29/07/2009 01:36 119808 \RP93\A0038872.dll

 

27/11/2009 13:08 8704 c:\windows\system32\tsbyuv.dll

28/10/2001 12:06 8192 \RP101\A0040244.dll

 

23/01/2010 05:11 46080 c:\windows\system32\tzchange.exe

28/10/2009 12:07 46080 \RP108\A0051489.exe

 

21/12/2009 16:08 1208832 c:\windows\system32\urlmon.dll

29/08/2009 04:57 1208832 \RP85\A0032904.dll

29/10/2009 04:42 1208832 \RP97\A0039249.dll

 

25/08/2009 06:19 354816 c:\windows\system32\winhttp.dll

16/12/2008 09:31 354304 \RP83\A0031656.dll

16/12/2008 09:31 354304 \RP83\A0031689.dll

 

21/12/2009 16:08 916480 c:\windows\system32\wininet.dll

29/08/2009 04:57 916480 \RP85\A0032903.dll

29/10/2009 04:42 916480 \RP97\A0039248.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E0B679D-AB68-4DAE-833D-9A76C095BD0C}]

2010-02-07 02:10 1307136 ----a-w- c:\windows\system32\flash10flv.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"Hiyo"="c:\arquivos de programas\HiYo\bin\HiYo.exe" [2010-02-18 230768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 16:21 548352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/8/2009 20:29 75856]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [5/1/2010 06:56 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [5/1/2010 06:56 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/8/2009 20:29 20560]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [5/1/2010 06:56 7408]

R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - AvgLdx86

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-06 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://mystart.hiyo.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {098FDC35-D3D8-46EB-BEFA-9121837A50B6} = 200.223.0.83 200.223.0.84

FF - ProfilePath - c:\documents and settings\Vânia\Dados de aplicativos\Mozilla\Firefox\Profiles\o8499kg5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-06 16:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(672)

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Tempo para conclusão: 2010-03-06 16:57:50

ComboFix-quarantined-files.txt 2010-03-06 19:57

ComboFix2.txt 2010-03-04 17:47

 

Pré-execução: 8 pasta(s) 28.502.663.168 bytes disponíveis

Pós execução: 9 pasta(s) 28.473.372.672 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 53F96CABC9442573BE4778E30EDF6C45

 

 

do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16:42, on 6/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\HiYo\bin\HiYo.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Vânia\Meus documentos\Downloads\Vânia.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Flash Video Decoder for FLV - {7E0B679D-AB68-4DAE-833D-9A76C095BD0C} - C:\WINDOWS\system32\flash10flv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Hiyo] C:\Arquivos de programas\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{098FDC35-D3D8-46EB-BEFA-9121837A50B6}: NameServer = 200.223.0.83 200.223.0.84

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5792 bytes

 

 

:D

[MGuitar 11]

Vá em Iniciar > Executar, cole o comando abaixo na caixa e dê um OK:

 

Combofix.exe /uninstall

 

A ferramenta será removida de seu sistema. Caso a pasta C:\ComboFix e o log C:\ComboFix.txt permaneçam, delete-os manualmente.

 

Vá em Iniciar > Executar novamente. Digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema e marque a opção "Desativar restauração do sistema" > OK. Logo após, retorne ao mesmo local e desmarque a opção.

 

Os logs estão limpos.

 

Algum problema ainda?

[Italo16 0]

nada tudo ok.

obrigado por tudo :D

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.