[Arquivado] &nbspAnalise de Log do HijHackThi

[Japaxd 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:33:58, on 05/11/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe

C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijHackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing)

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B246D1-CD68-4E20-8A18-9A33AE4D35AC}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate1cabe12939d1d8a) (gupdate1cabe12939d1d8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 8393 bytes

[Power Max 54]

:) Olá Japaxd!

 

:seta: Há muitas toolbars (barras de ferramentas) instaladas em seu PC que podem deixar a navegação muito mais lenta, além do fato de que algumas toolbars costumam não ser confiáveis, sugiro que desinstale-as (a não ser alguma que você precise muito).

____________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

 

O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file)

 

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

 

O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)

 

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 (file missing)

______________________________

 

:seta: Baixe e execute este programa que desativa o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

______________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

______________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

[Japaxd 0]

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:34:48, on 06/11/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe

C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\HijHackthis\HiJackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B246D1-CD68-4E20-8A18-9A33AE4D35AC}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: Google Update Service (gupdate1cabe12939d1d8a) (gupdate1cabe12939d1d8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 8066 bytes

 

Malwarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 5055

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

06/11/2010 20:21:30

mbam-log-2010-11-06 (20-21-30).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 283346

Tempo decorrido: 2 hora(s), 11 minuto(s), 51 segundo(s)

 

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 2

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 3

Arquivos Infectados: 53

 

Processos de Memória Infectados:

C:\Level Up! Games\PW\element\elementclient.exe (Malware.Packer.Gen) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\System3048 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\System3048 (Malware.Trace) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

C:\Windows\Svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\Level Up! Games\PW\element\elementclient.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Users\Ramon\Desktop\Pasta ²\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\IceCold ReLoaded.exe (HackTool.Agent) -> Quarantined and deleted successfully.

C:\ProgramLog\MsnNet.exe (Trojan.Banker.Gen) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\04032010.Dat (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Config.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\ERRODLG.DAT (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\EXCLDLG.DAT (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\INFDLG.DAT (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Intdlg.dat (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Portugues.lng (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\recurso.$$$ (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Skin.ini (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Uninstall.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\uninstall.spk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\alt_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\barra_fundo.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\bksp_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\caps_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\ctrl_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\del_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\end_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\enter_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\esc_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\espaco_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f10_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f11_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f12_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f1_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f2_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f3_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f4_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f5_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f6_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f7_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f8_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\f9_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\home_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\ins_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\menu_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\num_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\pause_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\pgd_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\pgup_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\pscr_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\scro_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\setabaixo_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\setacima_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\setadir_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\setaesq_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\shift_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\tab_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Windows\Svchost\svchost\Recurso\win_1.gif (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Users\Ramon\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

obrigado pela atençao

OBRIGADO PELA ANTEÇAO E BOA NOITE

[Power Max 54]

:) Vários problemas foram removidos pelo Malwarebytes.

____________________________

 

:seta: Mas pelo visto você não seguiu as orientações que te passei para desinstalar toolbars desnecessárias e para dar um fix checked naquelas entradas do Hijackthis que te passei, seria muito bom fazer isto.

_____________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://www.caixadedicas.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

O log do Combofix estará em C:\ComboFix.txt

_______________________________

 

:seta: Siga também estas dicas:

 

'>http://www.caixadedicas.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-bankerfix.html"]Tutorial do Bankerfix

______________________________

 

:seta: Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis, o relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt, o log do Combofix que estará em C:\ComboFix.txt e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[Japaxd 0]

aaaaaaaaaaaa em relaçao ao toolbar eu tentei deleta mais num pego como eu faço pra deleta

e obrigado novamente

[Power Max 54]

aaaaaaaaaaaa em relaçao ao toolbar eu tentei deleta mais num pego como eu faço pra deleta

e obrigado novamente

Deixe para depois então a desinstalação delas e siga as outras etapas que te passei hoje e poste os novos logs para analisarmos. Ficamos na espera.

[Japaxd 0]

BankerFix

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-11-06 - 22:32

-------------------------------------------------------

Lista de Definição: 2010-09-22-1 | CORE: 2010-01-14-1

=======================================================

----- Fim -------------------------

Combofix

 

ComboFix 10-11-07.01 - Ramon 06/11/2010 22:17:27.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2047.1157 [GMT -3:00]

Executando de: c:\users\Ramon\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Downloaded Installers

c:\program files\Downloaded Installers\{0FA15394-2695-48AB-9BA9-3F21EC94D5C0}\setup.msi

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ARA\ChipsetARA.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CHS\ChipsetCHS.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CHT\ChipsetCHT.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\CSY\ChipsetCSY.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\DAN\ChipsetDAN.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\DEU\ChipsetDEU.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ELL\ChipsetELL.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ENU\ChipsetENU.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ESP\ChipsetESP.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\FIN\ChipsetFIN.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\FRA\ChipsetFRA.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\HEB\ChipsetHEB.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\HUN\ChipsetHUN.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\ITA\ChipsetITA.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\JPN\ChipsetJPN.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\KOR\ChipsetKOR.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\NLD\ChipsetNLD.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\NOR\ChipsetNOR.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PLK\ChipsetPLK.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PTB\ChipsetPTB.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\PTG\ChipsetPTG.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\RUS\ChipsetRUS.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\SVE\ChipsetSVE.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\THA\ChipsetTHA.dll

c:\program files\Driver Checker\download\Intel_900_Series_Chipsets For Win2K_XP_Vista_Win7x32\Lang\CHIP\TRK\ChipsetTRK.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ARA\ChipsetARA.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\CHS\ChipsetCHS.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\CHT\ChipsetCHT.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\CSY\ChipsetCSY.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\DAN\ChipsetDAN.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\DEU\ChipsetDEU.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ELL\ChipsetELL.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ENU\ChipsetENU.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ESP\ChipsetESP.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\FIN\ChipsetFIN.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\FRA\ChipsetFRA.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\HEB\ChipsetHEB.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\HUN\ChipsetHUN.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\ITA\ChipsetITA.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\JPN\ChipsetJPN.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\KOR\ChipsetKOR.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\NLD\ChipsetNLD.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\NOR\ChipsetNOR.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\PLK\ChipsetPLK.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\PTB\ChipsetPTB.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\PTG\ChipsetPTG.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\RUS\ChipsetRUS.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\SVE\ChipsetSVE.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\THA\ChipsetTHA.dll

c:\program files\Driver Checker\download\Intel_Chipset_Device_Software_System For Win7x32_Win7x64\Lang\CHIP\TRK\ChipsetTRK.dll

C:\ProgramLog

c:\users\Ramon\dat2.000

c:\users\Ramon\GoogleEarthSetup.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-10-07 to 2010-11-07 ))))))))))))))))))))))))))))

.

 

2010-11-07 01:24 . 2010-11-07 01:25 -------- d-----w- c:\users\Ramon\AppData\Local\temp

2010-11-07 01:24 . 2010-11-07 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-07 01:24 . 2010-11-07 01:24 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2010-11-05 23:46 . 2010-11-05 23:46 -------- d-----w- c:\users\Ramon\AppData\Roaming\Malwarebytes

2010-11-05 23:46 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-05 23:46 . 2010-11-05 23:46 -------- d-----w- c:\programdata\Malwarebytes

2010-11-05 23:46 . 2010-11-05 23:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-05 23:46 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-05 20:22 . 2010-11-06 23:29 53248 ----a-w- c:\windows\system32\CSVer.dll

2010-11-05 20:22 . 2010-11-05 20:22 -------- d-----w- c:\program files\Intel

2010-11-05 20:21 . 2010-11-05 20:21 -------- d-----w- C:\Intel

2010-11-05 19:26 . 2010-11-05 19:26 -------- d-----w- c:\users\Ramon\AppData\Local\SlimWare Utilities Inc

2010-11-05 19:25 . 2010-11-05 19:25 -------- d-----w- c:\program files\SlimDrivers

2010-11-05 19:24 . 2008-12-03 20:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe

2010-11-05 19:24 . 2010-11-05 20:21 -------- d-----w- c:\program files\Driver Checker

2010-11-05 15:32 . 2010-11-06 23:33 -------- d-----w- C:\HijHackthis

2010-11-05 12:31 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{441D2A7E-846F-4134-B254-F86CEBDD8BEC}\mpengine.dll

2010-11-02 23:37 . 2010-11-02 23:37 -------- d-----w- c:\program files\Sony

2010-11-02 22:42 . 2010-11-02 22:42 -------- d-----w- c:\program files\SystemRequirementsLab

2010-11-02 22:42 . 2010-11-02 22:42 -------- d-----w- c:\users\Ramon\SystemRequirementsLab

2010-11-02 01:59 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2010-11-02 01:59 . 2009-09-04 20:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll

2010-11-02 01:59 . 2009-09-04 20:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll

2010-11-02 01:59 . 2009-09-04 20:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2010-11-02 01:59 . 2009-09-04 20:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll

2010-11-02 01:58 . 2009-09-04 20:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2010-11-02 01:58 . 2008-10-27 13:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2010-11-02 01:58 . 2008-10-27 13:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll

2010-11-02 01:58 . 2008-10-27 13:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2010-11-02 01:58 . 2008-10-27 13:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll

2010-11-02 01:58 . 2008-07-31 13:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll

2010-11-02 01:58 . 2008-07-31 13:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2010-11-02 01:58 . 2008-07-31 13:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2010-11-02 00:21 . 2010-11-02 00:21 -------- d-----w- c:\programdata\NVIDIA Corporation

2010-11-02 00:20 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco322030.dll

2010-11-02 00:20 . 2010-10-22 06:23 57960 ----a-w- c:\windows\system32\OpenCL.dll

2010-11-02 00:20 . 2010-10-22 06:23 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll

2010-11-02 00:20 . 2010-10-22 06:23 14899816 ----a-w- c:\windows\system32\nvoglv32.dll

2010-11-02 00:20 . 2010-10-22 06:23 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2010-11-02 00:20 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco322050.dll

2010-11-02 00:20 . 2010-10-22 06:23 319080 ----a-w- c:\windows\system32\nvdecodemft.dll

2010-11-02 00:20 . 2010-10-22 06:23 4837480 ----a-w- c:\windows\system32\nvcuda.dll

2010-11-02 00:20 . 2010-10-22 06:23 2912360 ----a-w- c:\windows\system32\nvcuvid.dll

2010-11-02 00:20 . 2010-10-22 06:23 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-11-02 00:20 . 2010-10-22 06:23 13019752 ----a-w- c:\windows\system32\nvcompiler.dll

2010-11-02 00:18 . 2010-11-02 00:18 -------- d-----w- C:\NVIDIA

2010-11-02 00:11 . 2010-11-02 01:37 108279664 ----a-w- c:\users\Ramon\directx_aug2009_redist.exe

2010-11-01 23:01 . 2004-12-12 22:04 1069056 ----a-w- c:\users\Ramon\dat3.000

2010-11-01 23:01 . 2004-12-11 00:50 -------- d-----w- c:\users\Ramon\images

2010-11-01 23:01 . 2004-12-11 00:44 52736 ----a-w- c:\users\Ramon\ForceDLL.dll

2010-11-01 23:01 . 2004-12-11 00:44 90112 ----a-w- c:\users\Ramon\hook_3DA.dll

2010-11-01 23:01 . 2004-12-12 22:13 208896 ----a-w- c:\users\Ramon\3DAnalyze.exe

2010-11-01 23:01 . 2004-12-11 00:45 765952 ----a-w- c:\users\Ramon\dat1.000

2010-11-01 23:01 . 2004-12-12 22:13 208896 ----a-w- c:\program files\Mozilla Firefox\3DAnalyze.exe

2010-11-01 23:01 . 2004-12-11 00:44 52736 ----a-w- c:\program files\Mozilla Firefox\ForceDLL.dll

2010-11-01 23:01 . 2004-12-11 00:44 90112 ----a-w- c:\program files\Mozilla Firefox\hook_3DA.dll

2010-10-30 00:08 . 2010-10-30 00:09 -------- d-----w- c:\program files\Teamspeak2_RC2

2010-10-27 17:22 . 2010-10-27 17:22 -------- d-----w- c:\programdata\Nexon

2010-10-27 11:48 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll

2010-10-27 11:48 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-10-27 11:48 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-10-27 11:48 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2010-10-27 11:48 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2010-10-25 23:21 . 2010-10-25 23:21 -------- d-----w- c:\programdata\Adobe Systems

2010-10-25 23:13 . 2010-10-25 23:13 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

2010-10-25 23:11 . 2010-10-25 23:11 -------- d-----w- c:\program files\Topaz Labs LLC

2010-10-24 21:49 . 2010-11-06 18:06 -------- d-----w- c:\program files\thriXXX

2010-10-16 15:42 . 2010-10-16 15:42 66664 ----a-w- c:\windows\system32\nvshext.dll

2010-10-16 15:42 . 2010-10-16 15:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe

2010-10-16 15:42 . 2010-10-16 15:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll

2010-10-16 15:42 . 2010-10-16 15:42 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-10-16 15:42 . 2010-10-16 15:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll

2010-10-16 15:42 . 2010-10-16 15:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll

2010-10-09 20:29 . 2010-10-09 20:29 -------- d-----w- c:\program files\Advanced IP Scanner

2010-10-09 12:09 . 2010-10-09 12:10 -------- d-----w- c:\program files\Microsoft IntelliPoint

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-22 06:23 . 2009-08-05 23:50 10023528 ----a-w- c:\windows\system32\nvd3dum.dll

2010-10-22 06:23 . 2010-11-02 00:20 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2010-10-22 06:23 . 2009-08-05 23:50 1719912 ----a-w- c:\windows\system32\nvapi.dll

2010-10-19 14:41 . 2010-01-16 02:02 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-08-21 05:32 . 2010-09-15 10:54 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-10 08:15 . 2010-08-10 08:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 08:15 . 2010-08-10 08:15 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

 

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2010-04-27 13:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

 

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

 

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 311680]

 

c:\users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MSN Pictures Displayer.lnk - c:\programdata\MSN Pictures Displayer\MSN Pictures Displayer.exe [2010-7-18 2068480]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bitcomet Ultra Accelerator.lnk - c:\program files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe [2010-6-22 260096]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear SA1VBExx Device Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA1VBExx Device Manager.lnk

backup=c:\windows\pss\Philips GoGear SA1VBExx Device Manager.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Ramon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=c:\users\Ramon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 07:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 18:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 14:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]

2010-09-05 17:22 232912 ----a-w- c:\windows\System32\Macromed\Flash\FlashUtil10i_Plugin.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 14:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2010-07-21 19:54 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 18:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingoes]

2009-10-09 03:50 2203648 ----a-w- c:\program files\Lingoes\Translator2\Lingoes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 19:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-08-10 08:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-03-09 13:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 14:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-07-07 20:42 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1cabe12939d1d8a;Google Update Service (gupdate1cabe12939d1d8a);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 133104]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400]

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]

R3 XDva297;XDva297;c:\windows\system32\XDva297.sys [x]

R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 16:23]

 

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 16:23]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.minilua.com/

uInternet Settings,ProxyOverride = local

IE: &B&aixar &com o BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

TCP: {A1B246D1-CD68-4E20-8A18-9A33AE4D35AC} = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2436531&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - iUserbar Customized Web Search

FF - prefs.js: network.proxy.http - 68.68.107.60

FF - prefs.js: network.proxy.http_port - 29505

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\{51d37496-c262-4d13-a8c1-c93e59bf50b9}\components\FFExternalAlert.dll

FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\{51d37496-c262-4d13-a8c1-c93e59bf50b9}\components\RadioWMPCore.dll

FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - component: c:\users\Ramon\AppData\Roaming\Mozilla\Firefox\Profiles\g8f5toft.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-Msnnet - c:\programlog\MsnNet.exe

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2010-11-06 22:26:52

ComboFix-quarantined-files.txt 2010-11-07 01:26

 

Pré-execução: 96.351.309.824 bytes disponíveis

Pós execução: 96.282.484.736 bytes disponíveis

 

- - End Of File - - E7C48F0133B476C9A3D39F16DB243E96

 

 

 

 

 

 

HijackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:16:19, on 06/11/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe

C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

C:\Windows\explorer.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Downloads\Combatarms_VER_2.1010.01.exe

C:\Program Files\iTunes\iTunes.exe

C:\HijHackthis\HiJackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll

O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

O4 - Global Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ramon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: (no name) - {4248FE82-7FCB-46AC-B270-339F08212110} - (no file)

O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O9 - Extra button: (no name) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1B246D1-CD68-4E20-8A18-9A33AE4D35AC}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: Google Update Service (gupdate1cabe12939d1d8a) (gupdate1cabe12939d1d8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

 

--

End of file - 7609 bytes

 

OBG e boa noite

[Power Max 54]

:) Vários problemas foram removidos pelo Combofix.

_________________________

 

:seta: Mas ficou faltando você executar o Norman Malware Cleaner e postar o log dele. Ficamos na espera.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.