Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

matheus355

[Resolvido] &nbspComputador com Vírus

Recommended Posts

Acho que minha máquina está com vírus, pelo fato de travar muito as vezes e não entrar em determinados jogos, como o Ragnarok, server unitRO, o GameFort detecta algo na máquina, não sei o que é, mais detecta. Abri o Hijack e apareceu no bloco de notas:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:53:18, on 19/3/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

D:\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Arquivos de programas\Vuze_Remote\tbVuze.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~1\SEARCH~1.DLL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Arquivos de programas\Vuze_Remote\tbVuze.dll

O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Arquivos de programas\Vuze_Remote\tbVuze.dll

O3 - Toolbar: @C:\Arquivos de programas\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Arquivos de programas\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [facemoods] "C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [RelevantKnowledge] C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe -boot

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [skinClock] C:\Arquivos de programas\Free Desktop Clock\DesktopClock.exe

O4 - HKCU\..\Run: [] C:\Project1.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EA Core] "C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Raptr] C:\ARQUIV~1\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [steam] C:\Valve\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 16392 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá matheus355

 

 

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Aqui está o relatório.

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 01/03/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:14:54 on 19/03/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Usuario@PC ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\extensions\toolbar@ask.com

File deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\prefs.js.ask.bak

Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\conduit

Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\ConduitEngine

Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\extensions\engine@conduit.com

File deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\searchplugins\conduit.xml

Folder deleted: C:\Arquivos de programas\Ask.com

Folder deleted: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\AskToolbar

Folder deleted: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\PriceGong

Folder deleted: C:\Documents and Settings\All Users\Menu Iniciar\Programas\RelevantKnowledge

Folder deleted: C:\Arquivos de programas\RelevantKnowledge

Folder deleted: C:\Documents and Settings\Usuario\Dados de aplicativos\Toolbar4

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default\Prefs.js --

Line deleted: user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Line deleted: user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...

Line deleted: user_pref("CT2719261.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...

Line deleted: user_pref("CT2719261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271...

Line deleted: user_pref("CT2786678.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");

Line deleted: user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278...

Line deleted: user_pref("CT2849856.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...

Line deleted: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2849856");

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241897/1237570/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849856", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63427934310393...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849856/CT2849856...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"...

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2786678");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.localstrike.com.ar/?ie=UTF...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2719261,ConduitEngine,CT2786678,CT2849856,CT2504091");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2719261,ConduitEngine,CT2786678,CT2849856,CT2504091")...

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 09 2011 15:05:38 GMT-0300 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Mar 09 2011 15:05:38 GMT-0300 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "9370c763-2c2a-49bf-8fe2-b61cff583460");

Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Dec 18 2010 11:12:50 GMT-0200");

Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849856");

Line deleted: user_pref("ConduitEngine.CTID", "ConduitEngine");

Line deleted: user_pref("ConduitEngine.FirstServerDate", "12/02/2010 04");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.FixPageNotFoundErrors", false);

Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstallationType", "UnknownIntegration");

Line deleted: user_pref("ConduitEngine.InstalledDate", "Wed Dec 01 2010 23:10:00 GMT-0200");

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", false);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Dec 18 2010 11:12:52 GMT-0200");

Line deleted: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Fri Dec 17 2010 16:09:49 GMT-0200");

Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Dec 18 2010 11:12:52 GMT-0200");

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Line deleted: user_pref("ConduitEngine.SavedHomepage", "hxxp://www.mydtzone.com/|hxxp://search.conduit.com/?ctid=C...

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Dec 18 2010 11:12:52 GMT-0200");

Line deleted: user_pref("ConduitEngine.UserID", "UN16967031065742844");

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Dec 18 2010 11:12:52 GMT-0200");

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849856&Sea...

Line deleted: user_pref("extensions.asktb.InstallDir", "C:\\Arquivos de programas\\Ask.com\\");

Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000");

Line deleted: user_pref("extensions.asktb.cbid", "NL");

Line deleted: user_pref("extensions.asktb.config-updated", false);

Line deleted: user_pref("extensions.asktb.crumb", "2010.10.22+18.24.44-toolbar002iad-BR-UmlvIERlIEphbmVpcm8sQnJhem...

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&...

Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR");

Line deleted: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

Line deleted: user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BRXX0201");

Line deleted: user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.guid", "76D18118-19F6-43CE-B7A8-4DB6EC483504");

Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...

Line deleted: user_pref("extensions.asktb.if", "su");

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1297442538634");

Line deleted: user_pref("extensions.asktb.locale", "pt_BR");

Line deleted: user_pref("extensions.asktb.location", "Rio De Janeiro,Brazil");

Line deleted: user_pref("extensions.asktb.o", "14300");

Line deleted: user_pref("extensions.asktb.options-lang", "pt");

Line deleted: user_pref("extensions.asktb.options-locale", "UK");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "2");

Line deleted: user_pref("extensions.asktb.sa", "NO");

Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);

Line deleted: user_pref("extensions.asktb.silent-upgrade", true);

Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

Line deleted: user_pref("extensions.asktb.socialmini-first", true);

Line deleted: user_pref("extensions.asktb.socialmini-interval", "1200000");

Line deleted: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Line deleted: user_pref("extensions.asktb.socialmini-max-items", "30");

Line deleted: user_pref("extensions.asktb.socialmini-native-on", true);

Line deleted: user_pref("extensions.asktb.socialmini-speed", "5000");

Line deleted: user_pref("extensions.asktb.socialmini-transition-first-open", false);

Line deleted: user_pref("extensions.asktb.themeid", "");

Line deleted: user_pref("extensions.asktb.version", "5.11.3.15590");

Line deleted: user_pref("extensions.enabledItems", "{c69650dc-9644-4580-aa86-0ea329ee6c60}:2.7.2.0,{0329E7D6-6F54-...

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key deleted: HKLM\Software\Classes\CLSID\{15AF0E7C-DDDB-4448-B57B-8B45ED77BB56}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{15AF0E7C-DDDB-4448-B57B-8B45ED77BB56}

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\Interface\{384FE458-A963-450D-9187-EEFF81913FD0}

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\Toolbar.CT2504091

Key deleted: HKLM\Software\Classes\Toolbar.CT2719261

Key deleted: HKLM\Software\Classes\Toolbar.CT2786678

Key deleted: HKLM\Software\Classes\Toolbar.CT2849856

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Toolbar

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AskToolbar

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\PopCap

Key deleted: HKCU\Software\PriceGong

Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo

Key deleted: HKLM\Software\GamersFirst\OpenCandy

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Ask Search Assistant

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\RelevantKnowledge

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0654B6E6-18CD-4E1D-A676-D0E62532C3E0}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}

 

Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|RelevantKnowledge

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [3.6.13 (pt-BR)] ****

 

Plugins\nppanda3d.dll (?)

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\fcmdSrchvsl.xml (hxxp://start.facemoods.com/?a=vsl&f=4&q={searchTerms}/)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} (Skype extension )

HKLM_Extensions|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\SPFireFox

HKLM_Extensions|smartwebprinting@hp.com - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

HKCU_Extensions|smartwebprinting@hp.com - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

-- C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla\FireFox\Profiles\eoyistg0.default --

Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar)

Extensions\ffxtlbr@Facemoods.com (Facemoods)

Extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (?)

Extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8} (BittorrentBar_PT Community Toolbar)

Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} (Vuze Remote Toolbar)

Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (uTorrentBar Community Toolbar)

Extensions\{c69650dc-9644-4580-aa86-0ea329ee6c60} (MessengerPlusLive Brazil TB Toolbar)

Prefs.js - browser.download.lastDir, D:\\Minhas imagens\\Photo Player\\15 or 20

Prefs.js - browser.search.defaultenginename, LocalStrike

Prefs.js - browser.search.selectedEngine, Search

Prefs.js - browser.startup.homepage, hxxp://start.facemoods.com/?a=vsl

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

Prefs.js - keyword.URL, hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

========================================

 

**** Google Chrome Version [10.0.648.151] ****

 

Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (?)

Extension\jfmjfhklogoienhpfnppmbcbjfjnkonk (C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx) (?)

 

-- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://start.facemoods.com/?a=vsl

Preferences - homepage_is_newtabpage: false

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll)

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll)

Plugin - Windows Live Photo Gallery (Enabled: true) (C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll)

Plugin - "Windows Live Photo Gallery" (Enabled: true)

Plugin - "Microsoft DRM" (Enabled: true)

Preferences - urls_to_restore_on_startup: hxxp://search.localstrike.com.ar/

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{c69650dc-9644-4580-aa86-0ea329ee6c60} - "MessengerPlusLive Brazil TB Toolbar" (C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll)

HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Arquivos de programas\Vuze_Remote\tbVuze.dll)

HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=vsl&s={searchTerms}&f=4)

HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)

HKCU_SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323} - "LocalStrike Search" (hxxp://search.localstrike.com.ar/?q={searchTerms}&rls=com.microsoft:{language}&i...)

HKCU_SearchScopes\{682D7A96-1A15-44eb-99AF-BD27A63B7FFF} - "SpeedBit Search" (hxxp://home.speedbit.com/search.aspx?aff=106&q={searchTerms})

HKCU_Toolbar\WebBrowser|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll)

HKCU_Toolbar\WebBrowser|{C69650DC-9644-4580-AA86-0EA329EE6C60} (C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll)

HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll)

HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (C:\Arquivos de programas\Vuze_Remote\tbVuze.dll)

HKLM_Toolbar|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll)

HKLM_Toolbar|{c69650dc-9644-4580-aa86-0ea329ee6c60} (C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll)

HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll)

HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (C:\Arquivos de programas\Vuze_Remote\tbVuze.dll)

HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Arquivos de programas\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll)

HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll)

HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

HKCU_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Arquivos de programas\SpeedBit Video Downloader\Converter.exe (SpeedBit Ltd.)

HKLM_ElevationPolicy\5b2783b0-e8d1-4470-9458-4595499f0dc5 - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\MessengerPlusLive_Brazil_TBToolbarHelper.exe (?)

HKLM_ElevationPolicy\e1cd66b5-2528-4274-807f-a4f767f1d734 - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\MessengerPlusLive_Brazil_TBToolbarHelper.exe (?)

HKLM_ElevationPolicy\{54E59A0F-9BDF-4201-89BF-8082545EF652} - C:\Arquivos de programas\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)

HKLM_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Arquivos de programas\SpeedBit Video Downloader\Converter.exe (SpeedBit Ltd.)

HKLM_ElevationPolicy\{C12E5B19-0E9D-475D-838C-0F8BCFB666D4} - C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Conduit\CT2719261\MessengerPlusLive_Brazil_TBAutoUpdaterHelper.exe (x)

HKLM_ElevationPolicy\{DB282FB0-07BD-4209-9128-77C5374EF282} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\MessengerPlusLive_Brazil_TBToolbarHelper.exe (?)

HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - "SBCONVERT Class" (C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll)

BHO\{389943B0-C3A2-4E69-82CB-8596A84CB3DC} - "SearchPredictObj Class" (C:\ARQUIV~1\SEARCH~1\SEARCH~1.DLL)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Arquivos de programas\Vuze_Remote\tbVuze.dll)

BHO\{c69650dc-9644-4580-aa86-0ea329ee6c60} - "MessengerPlusLive Brazil TB Toolbar" (C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll)

BHO\{FF7C3CF0-4B15-11D1-ABED-709549C10000} - "GrabberObj Class" (C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 412 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 19/03/2011 11:14:58 (21147 Byte(s))

 

End at: 11:15:43, 19/03/2011

 

============== E.O.F ==============

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

 

2.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório:

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 6106

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

19/3/2011 12:05:54

mbam-log-2011-03-19 (12-05-54).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 224877

Tempo decorrido: 30 minuto(s), 29 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 14

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Arquivos de programas\backgroung.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Nitendo 64 1.7\Plugin\GFX\RiceVideoMud.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Usuario\Configurações locais\Temp\~os44F.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\Documents and Settings\Usuario\Configurações locais\Temp\~os44F.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\Documents and Settings\Usuario\Configurações locais\Temp\~os585.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\Documents and Settings\Usuario\Configurações locais\Temp\~os585.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP216\A0096318.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP228\A0104177.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP240\A0112225.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP240\A0112226.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP240\A0112227.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP240\A0112228.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{7847BA6F-AA2A-496D-BCF2-2655AE807B57}\RP240\A0112229.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\P.Cheat$Injector.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...

 

 

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois isto implicará na desconfiguração do seu desktop deixando-o em branco!

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

relatório:

 

ComboFix 11-03-18.04 - Usuario 19/03/2011 12:38:44.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1276 [GMT -3:00]

Executando de: d:\downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\facemoods.com

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoods.crx

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoods.png

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll

c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\uninstall.exe

c:\arquivos de programas\LeveUp! Games\RagnarokOnline\skin\default\_desktop.ini

c:\arquivos de programas\LeveUp! Games\RagnarokOnline\skin\default\basic_interface\_desktop.ini

c:\arquivos de programas\LeveUp! Games\RagnarokOnline\skin\Scribbling Kid\_desktop.ini

c:\arquivos de programas\LeveUp! Games\RagnarokOnline\skin\Scribbling Kid\basic_interface\_desktop.ini

c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbhelper.dll

c:\documents and settings\All Users\ntuser.pol

c:\documents and settings\Usuario\Dados de aplicativos\.#

c:\documents and settings\Usuario\Dados de aplicativos\facemoods.com

c:\firefoxportable\FirefoxPortable.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-19 to 2011-03-19 ))))))))))))))))))))))))))))

.

.

2011-03-19 14:34 . 2011-03-19 14:34 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Malwarebytes

2011-03-19 14:33 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-19 14:33 . 2011-03-19 14:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-03-19 14:33 . 2011-03-19 14:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-03-19 14:33 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-19 13:40 . 2011-03-19 13:51 -------- d-----w- c:\arquivos de programas\EuroGunz v9.0

2011-03-17 20:49 . 2011-03-17 20:49 -------- d-----w- C:\Level Up! Games

2011-03-16 17:56 . 2008-04-14 01:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2011-03-16 17:56 . 2001-09-06 05:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2011-03-16 00:33 . 2011-03-16 00:33 -------- d-----w- C:\AeriaGames

2011-03-16 00:17 . 2011-03-19 15:25 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Akamai

2011-03-14 19:21 . 2011-03-14 19:21 -------- d-----w- c:\arquivos de programas\LucasArts

2011-03-14 19:19 . 2011-03-14 19:24 -------- d-----w- c:\arquivos de programas\GameSpy Arcade

2011-03-14 19:15 . 2003-02-27 19:12 696320 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2011-03-14 19:15 . 2002-12-05 17:10 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2011-03-14 19:15 . 2002-12-02 18:22 5632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2011-03-14 19:15 . 2002-12-02 16:33 57344 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2011-03-14 19:15 . 2002-12-02 16:33 237568 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2011-03-14 19:15 . 2011-03-14 19:15 282756 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2011-03-14 19:15 . 2011-03-14 19:15 163972 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2011-03-14 17:57 . 2011-03-14 17:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2011-03-10 10:02 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-03-10 10:02 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-03-10 10:02 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-10 10:02 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-03-10 10:02 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-03-10 10:02 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-03-10 10:02 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-03-10 10:02 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-03-10 10:02 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr

2011-03-10 10:02 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-03-09 21:16 . 2011-03-09 21:31 -------- d-----w- c:\arquivos de programas\CCleaner

2011-03-09 20:36 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2011-03-09 20:36 . 2003-07-20 09:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd

2011-03-09 20:15 . 2011-03-09 22:12 -------- d-----w- c:\arquivos de programas\LeveUp! Games

2011-03-09 19:23 . 2011-03-09 19:23 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-09 19:22 . 2011-03-09 19:22 -------- d-----w- c:\arquivos de programas\Yu-Gi-Oh Duel Master

2011-03-09 19:22 . 2011-03-09 19:22 -------- d-----w- c:\arquivos de programas\Dragon Ball Z Budokai X

2011-03-08 21:41 . 2011-03-09 19:23 -------- d-----w- C:\WORLDRAG

2011-03-08 14:05 . 2004-04-19 02:42 733184 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2011-03-08 14:05 . 2004-04-19 02:40 69715 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2011-03-08 14:05 . 2004-04-19 02:39 266240 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2011-03-08 14:05 . 2004-04-19 02:39 172032 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2011-03-08 14:05 . 2004-04-19 02:39 5632 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2011-03-08 14:05 . 2011-03-08 14:05 303236 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2011-03-08 14:05 . 2011-03-08 14:05 180356 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2011-03-07 23:21 . 2011-03-07 23:22 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Tibia

2011-03-04 18:05 . 2011-03-04 18:20 -------- d-----w- c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\VDownloader

2011-03-04 18:05 . 2011-03-04 18:06 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\VDownloader

2011-03-04 18:04 . 2011-03-04 18:04 -------- d-----w- c:\arquivos de programas\WinPcap

2011-03-04 18:04 . 2010-01-26 13:11 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

2011-03-04 18:04 . 2011-03-15 21:35 -------- d-----w- c:\arquivos de programas\VDownloader

2011-03-01 23:31 . 2011-03-01 23:31 12920 ----a-w- c:\windows\system32\apl001.sys

2011-03-01 23:31 . 2011-03-01 23:31 10872 ----a-w- c:\windows\system32\apf001.sys

2011-03-01 23:24 . 2011-03-01 23:24 -------- d-----w- c:\arquivos de programas\SoftnyxGame

2011-03-01 21:15 . 2011-03-01 21:20 -------- d-----w- c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\Panda3D

2011-03-01 21:15 . 2010-06-18 21:38 229376 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppanda3d.dll

2011-03-01 21:15 . 2011-03-01 21:15 -------- d-----w- c:\arquivos de programas\Panda3D

2011-02-25 23:43 . 2011-02-26 11:39 -------- d-----w- c:\arquivos de programas\GamersFirst

2011-02-23 23:19 . 2011-02-23 23:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio

2011-02-21 20:35 . 2011-03-03 17:46 -------- d-----w- c:\arquivos de programas\LittleFighter2

2011-02-21 18:31 . 2011-02-21 18:31 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\LolClient

2011-02-21 18:13 . 2011-03-16 01:56 -------- d-----w- C:\Riot Games

2011-02-21 17:02 . 2011-03-17 21:20 -------- d-----w- c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\PMB Files

2011-02-21 17:02 . 2011-03-17 16:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PMB Files

2011-02-21 17:01 . 2011-02-21 17:01 -------- d-----w- c:\arquivos de programas\Pando Networks

2011-02-21 09:37 . 2011-02-21 09:58 -------- d-----w- c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\Electronic Arts

2011-02-20 16:39 . 2011-02-20 22:51 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\U3

2011-02-20 13:24 . 2011-02-20 13:24 -------- d-----w- c:\arquivos de programas\GameVicio

2011-02-20 13:15 . 2011-02-20 13:15 -------- d-----w- c:\arquivos de programas\THQ

2011-02-19 15:26 . 2011-02-19 15:26 -------- d-----w- c:\arquivos de programas\Dragon Ball v2.5

2011-02-19 13:07 . 2011-03-01 22:26 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2011-02-19 13:07 . 2011-03-01 22:26 -------- d-----w- c:\documents and settings\Usuario\SystemRequirementsLab

2011-02-19 12:31 . 2011-02-19 12:31 -------- d-----w- c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\LucasArts

2011-02-19 00:29 . 2011-02-19 00:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PopCap Games

2011-02-17 22:38 . 2011-02-17 22:38 -------- d-----w- c:\arquivos de programas\BurnAware Free

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2008-04-13 21:20 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-13 21:20 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-03 00:40 . 2010-12-02 02:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 22:19 . 2010-12-02 02:32 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2010-10-06 17:23 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-10-06 17:23 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:42 . 2008-04-13 21:20 441344 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-18 06:18 . 2010-10-24 15:54 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-01-18 06:18 . 2010-10-24 15:54 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-01-13 08:00 . 2011-01-20 23:03 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-01-07 14:09 . 2008-04-13 21:18 290048 ----a-w- c:\windows\system32\atmfd.dll

2011-01-03 14:45 . 2011-01-03 14:45 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-12-31 14:02 . 2009-05-02 02:37 1864192 ----a-w- c:\windows\system32\win32k.sys

2010-12-26 23:53 . 2010-11-28 23:34 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-12-22 12:32 . 2008-04-13 21:20 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-22 12:32 . 2008-04-13 21:20 301568 ----a-w- c:\windows\system32\kerberos(2).dll

2010-12-20 23:51 . 2008-04-13 21:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:51 . 2008-04-13 21:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:51 . 2008-04-13 21:20 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 17:24 . 2009-05-03 04:23 732672 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2008-04-13 20:55 385024 ----a-w- c:\windows\system32\html.iec

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll" [2011-01-17 175912]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\arquivos de programas\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]

2009-05-22 06:47 2447360 ----a-w- c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-12-09 14:51 3911776 ----a-w- c:\arquivos de programas\Vuze_Remote\tbVuze.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

2011-01-17 14:54 175912 ----a-w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll" [2011-01-17 175912]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\arquivos de programas\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C69650DC-9644-4580-AA86-0EA329EE6C60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\prxtbMes2.dll" [2011-01-17 175912]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\arquivos de programas\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"SkinClock"="c:\arquivos de programas\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"Raptr"="c:\arquiv~1\Raptr\raptrstub.exe" [2011-01-11 53160]

"Steam"="c:\valve\Steam\Steam.exe" [2003-11-11 1081344]

"Google Update"="c:\documents and settings\Usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2011-01-16 136176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"nwiz"="nwiz.exe" [2008-10-07 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Microsoft Default Manager"="c:\arquivos de programas\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"LogMeIn Hamachi Ui"="c:\arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-01-18 274608]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"avast"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\Usuario\Menu Iniciar\Programas\Inicializar\

RollerCoaster Tycoon 3 Registration.lnk - c:\documents and settings\Usuario\Configura‡äes locais\Temp\{BF334D84-CC97-47F1-8B13-9B21097C7214}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\Downloads\\BitTorrent-7.1.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

"c:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2011\\PES Maniac Patch 2011\\PES2011.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Vuze\\Azureus.exe"=

"c:\\Arquivos de programas\\Raptr\\raptr.exe"=

"c:\\Arquivos de programas\\Raptr\\raptr_im.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\SoftnyxGame\\WolfTeamPS\\NyxLauncher.exe"=

"c:\\Arquivos de programas\\SoftnyxGame\\WolfTeamPS\\Wolfteam.bin"=

"c:\\Arquivos de programas\\LeveUp! Games\\UnitRO\\rununitro.exe"=

"c:\\Arquivos de programas\\GameSpy Arcade\\Aphex.exe"=

"c:\\Arquivos de programas\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=

"c:\\AeriaGames\\SpecialForce\\specialforce.exe"=

"c:\\Level Up! Games\\TheDuel\\theduel.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58908:TCP"= 58908:TCP:Pando Media Booster

"58908:UDP"= 58908:UDP:Pando Media Booster

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"1039:TCP"= 1039:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/10/2010 22:47 691696]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/3/2011 07:02 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2011 07:02 301528]

R1 GF732Drv;GameFort 7.32;c:\arquivos de programas\LeveUp! Games\UnitRO\GF732_32.sys [9/3/2011 17:38 40104]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [13/4/2008 18:21 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2011 07:02 19544]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\arquivos de programas\LogMeIn Hamachi\hamachi-2.exe [6/12/2010 07:31 1238408]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/1/2010 23:09 50704]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 12:16 130384]

S3 apf001;apf001;c:\arquivos de programas\SoftnyxGame\WolfTeamPS\apf001.sys [1/3/2011 20:24 10872]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Usuario\CONFIG~1\Temp\DVC8053.tmp --> c:\docume~1\Usuario\CONFIG~1\Temp\DVC8053.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena\safedrv.sys --> c:\arquivos de programas\Garena\safedrv.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 12:16 753504]

S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2009-10-22 14:50]

.

2011-03-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1614895754-1644491937-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

.

2011-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1614895754-1644491937-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33]

.

2011-03-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-12-01 00:18]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\eoyistg0.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=vsl

FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll

Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll

HKCU-Run-EA Core - c:\arquivos de programas\Electronic Arts\EADM\Core.exe

HKLM-Run-facemoods - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe

AddRemove-facemoods - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.3\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-19 12:49

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/netsession_win_d76cf65.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/netsession_win_d76cf65.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Usuario\CONFIG~1\Temp\DVC8053.tmp"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1960408961-1614895754-1644491937-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]

"GameDir"=""

"ShortlistDir"=""

"ScreenshotsDir"=""

"SaveDir"=""

"HistoryDir"="c:\\DOCUME~1\\Usuario\\CONFIG~1\\Temp\\Rar$EX00.906\\FM Genie Scout 10\\History Points"

"LangDB"="c:\\Arquivos de programas\\Sports Interactive\\data\\updates\\update-1030\\db\\1030\\lang_db.dat"

"LastSaveGame"="d:\\Sports Interactive\\Football Manager 2010\\Saves\\Corinthians.fm"

"Language"="Portuguese"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:00009e0c

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000074

"UniqueID"="25-8980-E36F"

"Currency"=dword:00000056

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2011-03-19 12:52:57

ComboFix-quarantined-files.txt 2011-03-19 15:52

.

Pré-execução: 16 pasta(s) 15.412.998.144 bytes disponíveis

Pós execução: 18 pasta(s) 15.612.829.696 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - F70C2C1516BC9585C3D193B89BAF9142

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...log limpo.

 

 

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

9c7dcf5090.jpg

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.