Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbspLog para analise

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:20:30, on 13/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\BitComet\BitComet.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8704 bytes

 

 

 

 

 

ComboFix 12-12-10.01 - f002282 12/12/2012 17:53:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1013.504 [GMT -3:00]

Executando de: c:\documents and settings\f002282\Desktop\COMBOFIX\Ferramentas de remoþÒo de virus\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - system32: deleted 4 bytes in 2 streams.

ADS - drivers: deleted 259 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe

c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_mz_bb_setup.xpi

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\chrome.manifest

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\loader.xul

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js

c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\extensions\ffxtlbr@funmoods.com\install.rdf

c:\documents and settings\f002282\WINDOWS

c:\windows\system\chron32.dll

c:\windows\system\libeay32.dll

c:\windows\system\ssleay32.dll

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\SET18.tmp

c:\windows\system32\SET19.tmp

c:\windows\system32\SET5C.tmp

c:\windows\unin0416.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-12 to 2012-12-12 ))))))))))))))))))))))))))))

.

.

2012-11-20 17:58 . 2012-11-20 18:00 -------- d-----w- C:\LinhaDefensiva

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 09:25 . 2010-08-20 10:54 17488 ----a-w- c:\windows\gdrv.sys

2012-10-30 22:51 . 2011-05-25 11:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2010-08-20 11:21 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2010-08-20 11:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2010-08-20 11:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2010-08-20 11:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2010-08-20 11:21 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2010-08-20 11:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2010-08-20 11:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2010-08-20 11:55 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2010-08-20 11:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-09 16:29 . 2010-08-16 15:37 46440 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-09-29 22:54 . 2011-08-30 14:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2006-03-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

.

[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-13 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-13 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2006-03-02 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2006-03-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

.

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2006-03-02 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

.

[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2006-03-02 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[-] 2008-04-13 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-13 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2006-03-02 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

.

[-] 2008-04-13 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-13 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2006-03-02 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

.

[-] 2008-04-13 22:20 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-13 22:20 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2006-03-02 12:00 . FB93B504600DA3EC407ED0252EEF97AB . 821760 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

.

[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-13 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2006-03-02 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

.

[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2008-04-13 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2008-04-13 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2006-03-02 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

.

[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-13 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-13 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2006-03-02 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-13 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2008-04-13 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2006-03-02 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

.

[-] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-13 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2006-03-02 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[-] 2006-03-02 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 3976FAE773878603E12188B29B86FD69 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-13 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[-] 2008-04-13 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2006-03-02 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-03-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2006-03-02 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2008-04-13 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-13 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2006-03-02 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

.

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-13 22:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-13 22:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2006-03-02 12:00 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll

.

[-] 2008-04-13 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-13 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2006-03-02 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-13 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-13 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2006-03-02 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

.

[-] 2008-04-13 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-13 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2006-03-02 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

.

[-] 2008-04-13 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-13 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2006-03-02 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

.

[-] 2008-04-13 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2008-04-13 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-13 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2006-03-02 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2006-03-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2006-03-02 . B7BDD03E2D7422CE226DA4029CE8C13C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-04-13 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2008-04-13 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2006-03-02 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

.

[-] 2008-04-13 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-13 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2006-03-02 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

.

[-] 2008-04-13 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2008-04-13 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2006-03-02 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

.

[-] 2008-04-13 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2008-04-13 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2006-03-02 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

.

[-] 2008-04-13 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-13 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2006-03-02 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

.

[-] 2008-04-13 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-13 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2006-03-02 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

.

[-] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-13 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2006-03-02 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

.

[-] 2008-04-13 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-13 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2006-03-02 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

.

[-] 2008-04-13 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-13 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2006-03-02 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

.

[-] 2008-04-13 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll

[-] 2008-04-13 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2006-03-02 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

.

[-] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-13 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2006-03-02 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

.

[-] 2008-04-13 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-13 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe

[-] 2006-03-02 . 60710F6AA52D335F7A3560703E597F6A . 150528 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe

.

[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[-] 2008-04-13 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[-] 2008-04-13 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2006-03-02 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\ksuser.dll

[-] 2004-08-04 . 46B1E1944FB3BE789A9A1F6A9FBC8A1C . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll

.

[-] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-13 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2006-03-02 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

.

[-] 2009-07-27 . B2EC6D6CC31ABF1862801DFBD1C7219E . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . B2EC6D6CC31ABF1862801DFBD1C7219E . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 49E3691B7B320381D264D3D9950620AE . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[-] 2008-04-13 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[-] 2008-04-13 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2006-03-02 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

.

[-] 2008-04-13 . CB379439A2D0139E765B47D54B12F14B . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll

[-] 2008-04-13 . CB379439A2D0139E765B47D54B12F14B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll

[-] 2006-03-02 . 00EA09445F06EBDC9D499E989F12B7DA . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll

.

[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2006-03-02 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[-] 2008-04-13 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-13 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2006-03-02 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

.

[-] 2008-04-13 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-13 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2006-03-02 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

.

[-] 2010-12-09 . 8862374ABB9C3B74C4CAF27BC5E4CE25 . 734208 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll

[-] 2010-12-09 . B7F4168A13D253DDACB9C04A9434857C . 734208 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2010-12-09 . B7F4168A13D253DDACB9C04A9434857C . 734208 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll

[-] 2009-02-09 . 57BAAF8C6BE977FD376863A9FF7C6207 . 731136 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

[-] 2009-02-09 . 45232A23B6CB293A0BB5707CAD04E38F . 730624 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll

[-] 2008-04-13 . EC6F999F3D32F951B4EA08BDFBC7B705 . 721920 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll

[-] 2008-04-13 . EC6F999F3D32F951B4EA08BDFBC7B705 . 721920 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll

[-] 2006-03-02 . 887F30B21FD68DEA4EEDBBE5E0A2200A . 723968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll

.

[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime

[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime

[-] 2009-02-27 . 07A93C94F7B2709787E0DF3EA72D2712 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime

[-] 2008-04-13 . 609222D86984FC7A48A6AA5CB491D24F . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime

[-] 2008-04-13 . 609222D86984FC7A48A6AA5CB491D24F . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime

[-] 2006-03-02 . 855C0DEB5F89018CE7D2C94FBE2D8406 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime

.

[-] 2008-04-13 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-13 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2006-03-02 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

.

[-] 2008-04-13 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-13 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2006-03-02 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[-] 2006-03-02 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[-] 2008-04-13 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2008-04-13 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2006-03-02 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

.

[-] 2008-04-13 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2008-04-13 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2006-03-02 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

.

[-] 2008-04-13 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2008-04-13 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2006-03-02 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

.

[-] 2008-04-13 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-13 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2006-03-02 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

.

[-] 2008-04-13 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll

[-] 2008-04-13 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2006-03-02 . 9DBE4E9D0686F1C82A8D4F1210B5F47E . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

.

[-] 2008-04-13 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-13 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2006-03-02 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

.

[-] 2006-03-02 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-13 12:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2008-04-13 12:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

.

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2006-03-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

.

[-] 2010-09-18 07:18 . 7E9E27D39EAC36D2E6B1023F9CA915E2 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-13 22:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2008-04-13 22:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2006-03-02 12:00 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

.

[-] 2008-04-13 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-13 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2006-03-02 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

.

[-] 2008-04-13 22:20 . 60103CA5992F18B1EEF8D4511318C4B3 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2006-03-02 12:00 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll

[-] 2004-08-11 04:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-11 04:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll

[-] 2004-08-11 04:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[-] 2008-04-13 22:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2008-04-13 22:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2006-03-02 12:00 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

.

[-] 2008-04-13 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2008-04-13 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2006-03-02 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

.

[-] 2008-04-13 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll

[-] 2008-04-13 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2006-03-02 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

.

[-] 2008-04-13 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll

[-] 2008-04-13 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2006-03-02 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

.

[-] 2008-04-13 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll

[-] 2008-04-13 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2006-03-02 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

.

[-] 2008-04-13 22:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll

[-] 2008-04-13 22:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2006-03-02 12:00 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

.

[-] 2008-04-13 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll

[-] 2008-04-13 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2006-03-02 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

.

[-] 2008-04-13 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[-] 2008-04-13 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2006-03-02 . EDF655E907022DF8006221DFF1C2439A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-13 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2006-03-02 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

.

[-] 2008-04-13 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll

[-] 2008-04-13 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2006-03-02 . F0F4530EEE8D703C4471B37CA7C2C827 . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

.

[-] 2008-04-13 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll

[-] 2008-04-13 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2006-03-02 . E1E55789A51A088830E67F8B71312309 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll

.

[-] 2008-04-13 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll

[-] 2008-04-13 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2006-03-02 . 7B18451D3827377FA25C547F00461D82 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll

.

[-] 2008-04-13 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll

[-] 2008-04-13 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2006-03-02 . 8ACB07F9E562B94E1023BC16CBB9668C . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll

.

[-] 2008-04-13 . 7AC649BA34AF371D30AC3F79104A3015 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll

[-] 2008-04-13 . 7AC649BA34AF371D30AC3F79104A3015 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll

[-] 2006-03-02 . A751D27B7F060ADF13C64418F41334CF . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-30 39408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 19:05 1585768 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 18:05 650088 ------w- c:\arquiv~1\GbPlugin\gbiehcef.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Post-it® Software Notes Lite.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Software Notes Lite.lnk

backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VentiTV_SRPO.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VentiTV_SRPO.lnk

backup=c:\windows\pss\VentiTV_SRPO.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^f002282^Menu Iniciar^Programas^Inicializar^GpsGate.lnk]

path=c:\documents and settings\f002282\Menu Iniciar\Programas\Inicializar\GpsGate.lnk

backup=c:\windows\pss\GpsGate.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagull Drivers]

ssdal_nc.exe startup [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 00:59 937920 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-08-28 00:32 59280 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

2011-09-23 07:02 11515184 ----a-w- c:\arquivos de programas\BitComet\BitComet.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 22:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 14:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-01-21 03:20 166912 ----a-r- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-01-21 03:20 134656 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-10 02:30 421776 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2006-11-03 14:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

2011-03-24 15:11 107800 ----a-w- c:\documents and settings\f002282\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]

2006-11-03 14:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-01-21 03:18 134656 ----a-r- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-06-25 06:07 17887232 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 15:59 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

2012-02-16 18:29 114992 ----a-r- c:\arquivos de programas\SweetIM\Messenger\SweetIM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-08-30 19:50 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Documents and Settings\\f002282\\Dados de aplicativos\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6160:TCP"= 6160:TCP:Seagull Driver Networking

"9038:TCP"= 9038:TCP:BitComet 9038 TCP

"9038:UDP"= 9038:UDP:BitComet 9038 UDP

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [16/08/2010 12:37 46440]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/05/2011 08:51 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/08/2010 08:21 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/08/2010 08:21 21256]

R2 ES lite Service;ES lite Service for program management.;c:\arquivos de programas\Gigabyte\EasySaver\essvr.exe [19/08/2010 17:53 68136]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [16/08/2010 12:37 280168]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [19/08/2010 17:58 44032]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [29/12/2011 08:04 28880]

R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 18:31 616064]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/08/2010 17:56 1684736]

S3 CXPOLARIS;Conexant Polaris Video Capture;c:\windows\system32\drivers\cxpolaris.sys [12/03/2009 03:26 315520]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [29/12/2011 08:04 28880]

S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys --> c:\windows\system32\drivers\smsbda.sys [?]

S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys --> c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]

.

2012-12-12 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 22:50]

.

2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-30 19:50]

.

2012-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-30 19:50]

.

2012-12-12 c:\windows\Tasks\User_Feed_Synchronization-{4F8632A4-AA5E-42EA-9B41-AF671B83772E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-12-12 c:\windows\Tasks\User_Feed_Synchronization-{D8E61D37-220D-452C-AFD2-013740FDEC45}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.yahoo.com.br/

mStart Page = hxxp://home.sweetim.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &B&aixar &com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download All using 4shared Desktop

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Search the Web - c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 10.4.65.16

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?st=1

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: 4shared.com Community Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - %profile%\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}

FF - Ext: Modulo de Seguranca - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

FF - Ext: avast! WebRep: wrc@avast.com - c:\arquivos de programas\Alwil Software\Avast5\WebRep\FF

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pcmega1

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'pcdealply');

user_pref('extensions.dealply.installId', 'v23600248674773479007922012032808471413');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '3');

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pcmega1

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pcmega1&q=

FF - user.js: extensions.funmoods_i.id - 585cbe860000000000006cf049fae4ac

FF - user.js: extensions.funmoods_i.instlDay - 15427

FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.28:48

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - pcmega1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{857547F9-927B-43DC-99C6-F5D12143B2DB} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-AutoHelpDesk - c:\documents and settings\f002282\Configurações locais\Temporary Internet Files\Content.IE5\3LXDFQTB\DiagnosticoBB[1].exe

MSConfigStartUp-ChangeFilterMerit - c:\arquivos de programas\NewSoft\Presto! PVR HD\ChangeFilterMerit.exe

MSConfigStartUp-Presto! PVR HD Monitor - c:\arquivos de programas\NewSoft\Presto! PVR HD\Monitor.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

AddRemove-BFG-Gardenscapes - c:\arquivos de programas\Gardenscapes\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-12 18:10

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Control Panel\Desktop\WindowMetrics]

@DACL=(02 0000)

"BorderWidth"="0"

"CaptionFont"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,

00,00,00,01,00,00,00,00,54,00,72,00,65,00,62,00,75,00,63,00,68,00,65,00,74,\

"CaptionHeight"="-375"

"CaptionWidth"="-270"

"IconFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,

00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\

"IconSpacing"="-1410"

"IconTitleWrap"="1"

"IconVerticalspacing"="-1125"

"MenuFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,

00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\

"MenuHeight"="-285"

"MenuWidth"="-270"

"MessageFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,

00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\

"ScrollHeight"="-255"

"ScrollWidth"="-255"

"Shell Icon BPP"="16"

"SmCaptionFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,

00,00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,\

"SmCaptionHeight"="-255"

"SmCaptionWidth"="-255"

"StatusFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,

00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\

"AppliedDPI"=dword:00000060

"Shell Icon Size"="32"

"MinAnimate"="0"

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin.wsz]

@DACL=(02 0000)

"Prefs"="mute;True"

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/wmpdxm.wsz]

@DACL=(02 0000)

"Prefs"="debug;Not Rocking Onward"

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\BackgroundsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000007

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\DisplayPicsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000001

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\GroupState]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\SocialNews]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\SoundEvents]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\BackgroundsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000007

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\DisplayPicsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000007

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\EmoticonsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000004

"0"=hex:3a,00,7c,00,00,00

"1"=hex:3a,00,50,00,00,00

"2"=hex:3a,00,28,00,00,00

"3"=hex:3a,00,27,00,28,00,00,00

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\EmoticonsPinList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000028

"0"=hex:3a,00,29,00,00,00

"1"=hex:3a,00,44,00,00,00

"2"=hex:3b,00,29,00,00,00

"3"=hex:3a,00,2d,00,4f,00,00,00

"4"=hex:3a,00,50,00,00,00

"5"=hex:28,00,48,00,29,00,00,00

"6"=hex:3a,00,40,00,00,00

"7"=hex:3a,00,53,00,00,00

"8"=hex:3a,00,24,00,00,00

"9"=hex:3a,00,28,00,00,00

"10"=hex:3a,00,27,00,28,00,00,00

"11"=hex:3a,00,7c,00,00,00

"12"=hex:28,00,41,00,29,00,00,00

"13"=hex:38,00,6f,00,7c,00,00,00

"14"=hex:38,00,2d,00,7c,00,00,00

"15"=hex:2b,00,6f,00,28,00,00,00

"16"=hex:3c,00,3a,00,6f,00,29,00,00,00

"17"=hex:7c,00,2d,00,29,00,00,00

"18"=hex:2a,00,2d,00,29,00,00,00

"19"=hex:3a,00,2d,00,23,00,00,00

"20"=hex:3a,00,2d,00,2a,00,00,00

"21"=hex:5e,00,6f,00,29,00,00,00

"22"=hex:38,00,2d,00,29,00,00,00

"23"=hex:28,00,4c,00,29,00,00,00

"24"=hex:28,00,55,00,29,00,00,00

"25"=hex:28,00,4d,00,29,00,00,00

"26"=hex:28,00,40,00,29,00,00,00

"27"=hex:28,00,26,00,29,00,00,00

"28"=hex:28,00,73,00,6e,00,29,00,00,00

"29"=hex:28,00,62,00,61,00,68,00,29,00,00,00

"30"=hex:28,00,53,00,29,00,00,00

"31"=hex:28,00,2a,00,29,00,00,00

"32"=hex:28,00,23,00,29,00,00,00

"33"=hex:28,00,52,00,29,00,00,00

"34"=hex:28,00,7b,00,29,00,00,00

"35"=hex:28,00,7d,00,29,00,00,00

"36"=hex:28,00,4b,00,29,00,00,00

"37"=hex:28,00,46,00,29,00,00,00

"38"=hex:28,00,57,00,29,00,00,00

"39"=hex:28,00,4f,00,29,00,00,00

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\GroupState]

@DACL=(02 0000)

".ShowFavorites"=dword:00000001

".ListViewFavorites"=dword:00000003

".ListView"=dword:00000003

".DisplayContactsBy"=dword:00000000

".ContactSort"=dword:00000000

".FilterContactsBy"=dword:00000000

".CirclesFirstRun"=dword:00000001

".ShowStatusLabels"=dword:00000000

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\SocialNews]

@DACL=(02 0000)

"ShowWhatsNewSlideShow"=dword:00000000

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\SoundEvents]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\12.0\Common\Internet\Server Cache]

@DACL=(02 0000)

"Version"=dword:00000001

"Count"=dword:00000003

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\12.0\Common\Internet\Server Cache\http://www.sitedopastor.com.br/cursos/]

@DACL=(02 0000)

"Type"=dword:00000000

"Protocol"=dword:00000000

"Version"=dword:00000000

"Flags"=dword:00000000

"Expiration"=hex(B)/>:10,2f,d0,d1,71,3e,cc,01

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\CompressPictures]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\Offline]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\Smart Tag]

@DACL=(02 0000)

"migratedBitValues"=hex:01,00,00,00

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\UserInfo]

@DACL=(02 0000)

"Company"="."

"UserName"="f002282"

"UserInitials"="f"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\Elevation]

@DACL=(02 0000)

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\LocalServer32]

@DACL=(02 0000)

@="c:\\ARQUIV~1\\ARQUIV~1\\MICROS~1\\OFFICE12\\OFFICE~1\\SETUP.EXE"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804008013\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"="DISK8;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BBBC54B31AC5BF448958CA8CF16725E1\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0300000030\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E58EC68CABDDFF39B774E7BF9389C90\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Media]

@DACL=(02 0000)

"1"=";"

"2"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\FB540C64F3B24CB4E8C4000EFCB89DBD\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1144)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehCef.dll

c:\windows\system32\igfxdev.dll

c:\windows\system32\MPRUI.dll

.

Tempo para conclusão: 2012-12-12 18:12:59

ComboFix-quarantined-files.txt 2012-12-12 21:12

.

Pré-execução: 18 pasta(s) 188.153.327.616 bytes disponíveis

Pós execução: 20 pasta(s) 189.092.675.584 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 2F8DF0CDE312D2FDA6C40A6943D536B9

 

 

================xx===================

 

# AdwCleaner v2.100 - Logfile created 12/13/2012 at 08:25:13

# Updated 09/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f002282 - FUN0123

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f002282\Desktop\COMBOFIX\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Arquivos de programas\Mozilla Firefox\.autoreg

Folder Deleted : C:\Arquivos de programas\Claro

Folder Deleted : C:\Arquivos de programas\SweetIM

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Claro

Folder Deleted : C:\Documents and Settings\f002000\Dados de aplicativos\Funmoods

Folder Deleted : C:\Documents and Settings\f002282\Dados de aplicativos\Funmoods

Folder Deleted : C:\WINDOWS\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\SweetIM

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Key Deleted : HKLM\Software\Funmoods

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\Software\SweetIM

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=pcmega1 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

 

*************************

 

AdwCleaner[s1].txt - [5553 octets] - [13/12/2012 08:25:13]

 

########## EOF - C:\AdwCleaner[s1].txt - [5613 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Edvan

 

|- Caramba! Quantos XP você tem na sua casa? Contei uns 200. rsr...

 

-/-

 

|- Ps: Execute este Fix it

 

dc81ef73239a3e8ccf37d887c804bdd873c0a35a194ef6640aa7d240ef36a77b6g.jpg

 

|- Ps: Utilize o navegador Internet Explorer.

 

|- Após rodar o FixIt,poste novo relatório do ComboFix.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá! Edvan

 

|- Caramba! Quantos XP você tem na sua casa? Contei uns 200. rsr...

 

Não é na minha casa, são maquinas de amigos as vezes familiares outros maquinas de onde eu trabalho. kkkkkk..

 

Logo estarei postando os logs!. :thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não é na minha casa, são maquinas de amigos as vezes familiares outros maquinas de onde eu trabalho. kkkkkk..

 

Logo estarei postando os logs!. :thumbsup:/>/>

Ok! Mas...breve você não vai mais precisar de mim ou do wings. rsr...

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ok! Mas...breve você não vai mais precisar de mim ou do wings. rsr...

 

Muita coisa para aprender ainda, mais um dia quem sabe chegarei ao nível de vocês. :thumbsup:

 

ComboFix 12-12-12.01 - f002282 13/12/2012 11:37:25.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1013.535 [GMT -3:00]

Executando de: c:\documents and settings\f002282\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 310 bytes in 1 streams.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-13 to 2012-12-13 ))))))))))))))))))))))))))))

.

.

2012-12-13 13:48 . 2012-12-13 14:14 -------- d-----w- c:\windows\system32\CatRoot2

2012-12-13 11:19 . 2012-12-13 11:19 388608 ----a-w- C:\HiJackThis.exe

2012-11-20 17:58 . 2012-11-20 18:00 -------- d-----w- C:\LinhaDefensiva

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 13:51 . 2010-08-20 10:54 17488 ----a-w- c:\windows\gdrv.sys

2012-10-30 22:51 . 2011-05-25 11:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2010-08-20 11:21 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2010-08-20 11:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2010-08-20 11:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2010-08-20 11:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2010-08-20 11:21 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2010-08-20 11:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2010-08-20 11:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2010-08-20 11:55 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2010-08-20 11:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-09 16:29 . 2010-08-16 15:37 46440 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-09-29 22:54 . 2011-08-30 14:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-30 39408]

"BitComet"="c:\arquivos de programas\BitComet\BitComet.exe" [2011-09-23 11515184]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 19:05 1585768 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 18:05 650088 ------w- c:\arquiv~1\GbPlugin\gbiehcef.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Post-it® Software Notes Lite.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Software Notes Lite.lnk

backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VentiTV_SRPO.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VentiTV_SRPO.lnk

backup=c:\windows\pss\VentiTV_SRPO.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^f002282^Menu Iniciar^Programas^Inicializar^GpsGate.lnk]

path=c:\documents and settings\f002282\Menu Iniciar\Programas\Inicializar\GpsGate.lnk

backup=c:\windows\pss\GpsGate.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagull Drivers]

ssdal_nc.exe startup [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 00:59 937920 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-08-28 00:32 59280 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

2011-09-23 07:02 11515184 ----a-w- c:\arquivos de programas\BitComet\BitComet.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 22:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 14:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-01-21 03:20 166912 ----a-r- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-01-21 03:20 134656 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-10 02:30 421776 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2006-11-03 14:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

2011-03-24 15:11 107800 ----a-w- c:\documents and settings\f002282\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]

2006-11-03 14:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-01-21 03:18 134656 ----a-r- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-06-25 06:07 17887232 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 15:59 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-08-30 19:50 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Documents and Settings\\f002282\\Dados de aplicativos\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6160:TCP"= 6160:TCP:Seagull Driver Networking

"9038:TCP"= 9038:TCP:BitComet 9038 TCP

"9038:UDP"= 9038:UDP:BitComet 9038 UDP

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [16/08/2010 12:37 46440]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/05/2011 08:51 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/08/2010 08:21 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/08/2010 08:21 21256]

R2 ES lite Service;ES lite Service for program management.;c:\arquivos de programas\Gigabyte\EasySaver\essvr.exe [19/08/2010 17:53 68136]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [16/08/2010 12:37 280168]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [19/08/2010 17:58 44032]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [29/12/2011 08:04 28880]

R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 18:31 616064]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/08/2010 17:56 1684736]

S3 CXPOLARIS;Conexant Polaris Video Capture;c:\windows\system32\drivers\cxpolaris.sys [12/03/2009 03:26 315520]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [29/12/2011 08:04 28880]

S3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys --> c:\windows\system32\drivers\smsbda.sys [?]

S3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys --> c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]

.

2012-12-13 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 22:50]

.

2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-30 19:50]

.

2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-08-30 19:50]

.

2012-12-13 c:\windows\Tasks\User_Feed_Synchronization-{4F8632A4-AA5E-42EA-9B41-AF671B83772E}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-12-13 c:\windows\Tasks\User_Feed_Synchronization-{D8E61D37-220D-452C-AFD2-013740FDEC45}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.yahoo.com.br/

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &B&aixar &com o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download All using 4shared Desktop

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Search the Web - c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 10.4.65.16

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\f002282\Dados de aplicativos\Mozilla\Firefox\Profiles\tu81cpd1.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?st=1

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: 4shared.com Community Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - %profile%\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}

FF - Ext: Modulo de Seguranca - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

FF - Ext: avast! WebRep: wrc@avast.com - c:\arquivos de programas\Alwil Software\Avast5\WebRep\FF

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pcmega1

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'pcdealply');

user_pref('extensions.dealply.installId', 'v23600248674773479007922012032808471413');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '3');

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pcmega1

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pcmega1&q=

FF - user.js: extensions.funmoods_i.id - 585cbe860000000000006cf049fae4ac

FF - user.js: extensions.funmoods_i.instlDay - 15427

FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.28:48

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - pcmega1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-13 11:46

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Control Panel\Desktop\WindowMetrics]

@DACL=(02 0000)

"BorderWidth"="0"

"CaptionFont"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,

00,00,00,01,00,00,00,00,54,00,72,00,65,00,62,00,75,00,63,00,68,00,65,00,74,\

"CaptionHeight"="-375"

"CaptionWidth"="-270"

"IconFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,

00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\

"IconSpacing"="-1410"

"IconTitleWrap"="1"

"IconVerticalspacing"="-1125"

"MenuFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,

00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\

"MenuHeight"="-285"

"MenuWidth"="-270"

"MessageFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,

00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\

"ScrollHeight"="-255"

"ScrollWidth"="-255"

"Shell Icon BPP"="16"

"SmCaptionFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,

00,00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,\

"SmCaptionHeight"="-255"

"SmCaptionWidth"="-255"

"StatusFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,

00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\

"AppliedDPI"=dword:00000060

"Shell Icon Size"="32"

"MinAnimate"="0"

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin.wsz]

@DACL=(02 0000)

"Prefs"="mute;True"

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/wmpdxm.wsz]

@DACL=(02 0000)

"Prefs"="debug;Not Rocking Onward"

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\BackgroundsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000007

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\DisplayPicsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000001

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,61,00,6c,00,6c,00,61,00,6e,00,5f,00,32,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\GroupState]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\SocialNews]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\2410890960\SoundEvents]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\BackgroundsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000007

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\DisplayPicsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000007

"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,

00,74,00,6f,00,72,00,3d,00,22,00,66,00,75,00,6e,00,70,00,65,00,63,00,70,00,\

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\EmoticonsMRUList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000004

"0"=hex:3a,00,7c,00,00,00

"1"=hex:3a,00,50,00,00,00

"2"=hex:3a,00,28,00,00,00

"3"=hex:3a,00,27,00,28,00,00,00

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\EmoticonsPinList]

@DACL=(02 0000)

"CurrentEntries"=dword:00000028

"0"=hex:3a,00,29,00,00,00

"1"=hex:3a,00,44,00,00,00

"2"=hex:3b,00,29,00,00,00

"3"=hex:3a,00,2d,00,4f,00,00,00

"4"=hex:3a,00,50,00,00,00

"5"=hex:28,00,48,00,29,00,00,00

"6"=hex:3a,00,40,00,00,00

"7"=hex:3a,00,53,00,00,00

"8"=hex:3a,00,24,00,00,00

"9"=hex:3a,00,28,00,00,00

"10"=hex:3a,00,27,00,28,00,00,00

"11"=hex:3a,00,7c,00,00,00

"12"=hex:28,00,41,00,29,00,00,00

"13"=hex:38,00,6f,00,7c,00,00,00

"14"=hex:38,00,2d,00,7c,00,00,00

"15"=hex:2b,00,6f,00,28,00,00,00

"16"=hex:3c,00,3a,00,6f,00,29,00,00,00

"17"=hex:7c,00,2d,00,29,00,00,00

"18"=hex:2a,00,2d,00,29,00,00,00

"19"=hex:3a,00,2d,00,23,00,00,00

"20"=hex:3a,00,2d,00,2a,00,00,00

"21"=hex:5e,00,6f,00,29,00,00,00

"22"=hex:38,00,2d,00,29,00,00,00

"23"=hex:28,00,4c,00,29,00,00,00

"24"=hex:28,00,55,00,29,00,00,00

"25"=hex:28,00,4d,00,29,00,00,00

"26"=hex:28,00,40,00,29,00,00,00

"27"=hex:28,00,26,00,29,00,00,00

"28"=hex:28,00,73,00,6e,00,29,00,00,00

"29"=hex:28,00,62,00,61,00,68,00,29,00,00,00

"30"=hex:28,00,53,00,29,00,00,00

"31"=hex:28,00,2a,00,29,00,00,00

"32"=hex:28,00,23,00,29,00,00,00

"33"=hex:28,00,52,00,29,00,00,00

"34"=hex:28,00,7b,00,29,00,00,00

"35"=hex:28,00,7d,00,29,00,00,00

"36"=hex:28,00,4b,00,29,00,00,00

"37"=hex:28,00,46,00,29,00,00,00

"38"=hex:28,00,57,00,29,00,00,00

"39"=hex:28,00,4f,00,29,00,00,00

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\GroupState]

@DACL=(02 0000)

".ShowFavorites"=dword:00000001

".ListViewFavorites"=dword:00000003

".ListView"=dword:00000003

".DisplayContactsBy"=dword:00000000

".ContactSort"=dword:00000000

".FilterContactsBy"=dword:00000000

".CirclesFirstRun"=dword:00000001

".ShowStatusLabels"=dword:00000000

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\SocialNews]

@DACL=(02 0000)

"ShowWhatsNewSlideShow"=dword:00000000

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\MSNMessenger\PerPassportSettings\380043334\SoundEvents]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\12.0\Common\Internet\Server Cache]

@DACL=(02 0000)

"Version"=dword:00000001

"Count"=dword:00000003

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\12.0\Common\Internet\Server Cache\http://www.sitedopastor.com.br/cursos/]

@DACL=(02 0000)

"Type"=dword:00000000

"Protocol"=dword:00000000

"Version"=dword:00000000

"Flags"=dword:00000000

"Expiration"=hex(B):10,2f,d0,d1,71,3e,cc,01

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\CompressPictures]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\Offline]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\Smart Tag]

@DACL=(02 0000)

"migratedBitValues"=hex:01,00,00,00

.

[HKEY_USERS\S-1-5-21-2586132527-314635491-3328972525-21014\Software\Microsoft\Office\Common\UserInfo]

@DACL=(02 0000)

"Company"="."

"UserName"="f002282"

"UserInitials"="f"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\Elevation]

@DACL=(02 0000)

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCEEB}\LocalServer32]

@DACL=(02 0000)

@="c:\\ARQUIV~1\\ARQUIV~1\\MICROS~1\\OFFICE12\\OFFICE~1\\SETUP.EXE"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804008013\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"="DISK8;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BBBC54B31AC5BF448958CA8CF16725E1\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0300000030\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E58EC68CABDDFF39B774E7BF9389C90\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Media]

@DACL=(02 0000)

"1"=";"

"2"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\FB540C64F3B24CB4E8C4000EFCB89DBD\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1144)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehCef.dll

.

- - - - - - - > 'explorer.exe'(1168)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\arquiv~1\GbPlugin\gbiehCef.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\windows\system32\webcheck.dll

.

Tempo para conclusão: 2012-12-13 11:48:08

ComboFix-quarantined-files.txt 2012-12-13 14:48

ComboFix2.txt 2012-12-12 21:12

.

Pré-execução: 19 pasta(s) 188.937.084.928 bytes disponíveis

Pós execução: 20 pasta(s) 188.938.235.904 bytes disponíveis

.

- - End Of File - - D84AAA45E03E617C4CAC17A33029F470

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Edvan

 

|- O FixIt funcionou corretamente. Bom trabalho!

 

-/-

 

|- Baixe: < adeWcUUs.jpg >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Rápido!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!

 

MBAN_Remover.jpg

 

|- Ao concluir,clique em "Ok" -> "Ver Resultados" -> "Remover Selecionados".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

|- Indo à janela principal do MBAM,clique na aba Logs para obter o relatório.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.12.13.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f002282 :: FUN0123 [administrador]

 

13/12/2012 14:41:08

mbam-log-2012-12-13 (14-41-08).txt

 

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 413371

Tempo decorrido: 3 minuto(s), 54 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:00:33, on 13/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\BitComet\BitComet.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bitComet] "C:\Arquivos de programas\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIV~1\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8743 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Edvan

 

|- Baixe: | ZHPDiag2 | *ºº* < NicolasCoolman.jpg > *ºº* ( ... de Nicolas Coolman )

 

|- Salve-o no desktop!

 

ZHPDiag2.jpg

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

ZHPDiag_Installation.jpg

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

ZHPDiag_MBRCheck.jpg

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

ZHPDiag_cones.jpg

 

|- Clique no ícone do pergaminho. ( ZHPScript )

 

ZHPDiag_Update.jpg

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

ZHPDiag_All.jpg

 

|- Clique em All.

|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

 

|- ZHPDiag_30days.jpg

 

|- Clique em "Calendar" e escolha 30 dias!

 

ZHPDiag_UAC.jpg

 

|- Clique no botão UAC,para desabilitar essa proteção.

 

ZHPDiag_Lupa.jpg

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

|- Ps: Não poste,diretamente,esse arquivo texto.

 

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >

 

|- Ou acesse: Cjoint_Logo.jpg

 

|- Ou acesse: abmdaZsE.jpg

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Edvan

 

|- Se ainda tiver,desinstale: C:\Arquivos de programas\Spybot - Search & Destroy

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_silent_zps532d2db6.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Orphean Key     
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key     
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} Orphean Key     
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key     
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Orphean Key     
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key     
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key     
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key     
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key     
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key     
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key     
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key  
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)     
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) --  (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe   
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Claro.lnk . (...)  -- C:\Arquivos de programas\Claro\Claro.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mais jogos maravilhosos.lnk - Orphean Key
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Claro.lnk . (...)  -- C:\Arquivos de programas\Claro\Claro.exe (.not file.)
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mais jogos maravilhosos.lnk - Orphean Key
O43 - CFD: 30/08/2011 - 10:56:05 - [1,114] ----D C:\Arquivos de programas\Spybot - Search & Destroy    => Spybot - Search & Destroy
O44 - LFC:[MD5.1D1C4EFE73BA6E92ED2C78A2D634B542] - 13/12/2012 - 15:00:33 ---A- . (...) -- C:\hijackthis.log   [8744]
O44 - LFC:[MD5.6EC67B9D4D39E3D8C1F6EFF5E694D2C6] - 13/12/2012 - 14:54:01 ---A- . (...) -- C:\service.log   [145]
O68 - StartMenuInternet: <COMETBIRD.EXE> <CometBird>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\CometBird\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <COMETBIRD.EXE> <CometBird>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\CometBird\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <COMETBIRD.EXE> <CometBird>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\CometBird\uninstall\helper.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {1D02A396-4676-4DA5-95D6-7EC8B887D269} - (Ask Search) - http://websearch.ask.com 
O69 - SBI: SearchScopes [HKCU] {A0A042FA-CEF0-470F-AA10-BE3A0AA7BC1F} - (Search) - http://start.funmoods.com 

C:\Documents and Settings\f002282\Configurações locais\Dados de aplicativos\Conduit    => Toolbar.Conduit

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

 

acerMAbC.jpg

 

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Se ainda tiver,desinstale: C:\Arquivos de programas\Spybot - Search & Destroy

 

está desinstalado. :thumbsup:

 

Rapport de ZHPFix 1.3.10 par Nicolas Coolman, Update du 11/12/2012

Fichier d'export Registre :

Run by f002282 at 13/12/2012 17:22:01

Windows XP Professional Service Pack 3 (Build 2600)

 

 

 

========== Registry Key ==========

DELETED Key: CLSID BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670}

DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

DELETED Key: CLSID BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}

DELETED Key: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}

DELETED Key: CLSID BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

DELETED Key: CLSID BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}

DELETED Key: CLSID BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}

DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

DELETED Key: SearchScopes :{1D02A396-4676-4DA5-95D6-7EC8B887D269}

DELETED Key: SearchScopes :{A0A042FA-CEF0-470F-AA10-BE3A0AA7BC1F}

 

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

DELETED RunValue: CTFMON.EXE

NOT FOUND RunValue: CTFMON.EXE

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Registry Data Items ==========

REMOVED StartMenuInternet: C:\Arquivos de programas\CometBird\uninstall\helper.exe

 

========== Repertory ==========

NOT FOUND C:\Arquivos de programas\Spybot - Search & Destroy

DELETED Folder: c:\documents and settings\f002282\configurações locais\dados de aplicativos\conduit

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETE on Reboot c:\windows\system32\ctfmon.exe

DELETED File: c:\documents and settings\all users\desktop\claro.lnk

NOT FOUND File: c:\arquivos de programas\claro\claro.exe

DELETED File: c:\documents and settings\all users\desktop\mais jogos maravilhosos.lnk

DELETED File: c:\hijackthis.log

DELETED File: c:\service.log

DELETED File: c:\arquivos de programas\cometbird\uninstall\helper.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

15 : Registry Key

15 : Registry Value

1 : Registry Data Items

4 : Repertory

9 : File

1 : Restoration

 

 

End of clean in 01mn 09s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 13/12/2012 17:22:01 [3051]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Edvan

 

|- Baixe: |DelFix| ( ... de Xplode )

 

DelFix_SetaVerde.jpg

 

|- Estando na página,clique na seta verde para o download. ( Seta verde! )

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

 

DelFix_Suppression.jpg

 

|- Clique em "Suppression".

|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".

|- Seus logs estão limpos! Tudo Ok?

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tudo Ok! :thumbsup:

 

Pode fechar o tópico, amanhã estarei fazendo o procedimento na maquina do usuário.

 

Mais uma vez muito obrigado. :grin:

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.