Remoção de vírus

Invadiram minha Conta Corrente!

Mr. Wolf, tudo bem?

É meu primeiro post aqui, estava com um pressentimento de que as paginas da caixa economica aqui em meu micro eram falsas, e realmente era um malware eu acho.

Ja instalei o programa que removeu 11 vírus...

Acontece que eu só fui perceber isso depois que o Hacker fez 3 tranferencias que totalizam cerca de R$ 1.000,00 e ainda fez um crédito no celular pré-pago dele no valor de R$ 50,00 tenho tudo anotado aqui, inclusive o numero de celular.:ranting3:

O que eu posso fazer para me resguardar dessa situação?
Se possível mande por mensagem privada seu telefone pra eu ligar e discutir com vc o melhor a fazer.

ps: meu problema foi o mesmo do |St1ng3r|, na pagina 260 deste mesmo tópico, poderia colocar aqui alguns prints, mas não sei fazer isso, se puder me mandar um e-mail talvez, eu te respondo com os prints. (gutobach@hotmail.com)

Desde já, muito obrigado!!
 
fala grande Wolf

nao sei explicar direito... nod32 smart security aparece toda hora (deletando virus) mas tenho certeza tem algum suspeito poderia me ajudar???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:04, on 15/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe
C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DU Meter\DUMeter.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\cFosSpeed\spd.exe
C:\Arquivos de programas\Cobian Backup 9\cbService.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\DU Meter\DUMeterSvc.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\HpqSRmon .exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
E:\Downloads mozilla\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Arquivos de programas\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B2BBB7C-B750-4555-BF72-08A2AE7FF353}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF046AC-A948-4C57-A3BF-3F2A1099A6B6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B2BBB7C-B750-4555-BF72-08A2AE7FF353}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B2BBB7C-B750-4555-BF72-08A2AE7FF353}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe
O23 - Service: Cobian Backup 9 serviço (CobianBackupAmanita) - Luis Cobian - C:\Arquivos de programas\Cobian Backup 9\cbService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Arquivos de programas\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8673 bytes
 
Mr. Wolf com vai tudo bem?

Bom está aqui mais uma vítima de trojan que o avira detectou mas não resolve. Portanto peço sua orientação para remove-lo. Segue o report do avira:

Report file date: quarta-feira, 15 de julho de 2009 20:02

Scanning for 1523462 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ADM

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 3/6/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 10/6/2009 00:05:08
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/6/2009 13:30:21
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/7/2009 20:23:25
ANTIVIR3.VDF : 7.1.4.234 106496 Bytes 14/7/2009 21:47:33
Engineversion : 8.2.0.215
AEVDF.DLL : 8.1.1.1 106868 Bytes 16/5/2009 21:07:51
AESCRIPT.DLL : 8.1.2.16 438651 Bytes 14/7/2009 21:47:54
AESCN.DLL : 8.1.2.3 127347 Bytes 16/5/2009 21:07:51
AERDL.DLL : 8.1.2.4 430452 Bytes 14/7/2009 21:47:51
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/5/2009 23:35:35
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/6/2009 23:33:03
AEHEUR.DLL : 8.1.0.141 1855864 Bytes 14/7/2009 21:47:49
AEHELP.DLL : 8.1.4.5 229748 Bytes 14/7/2009 21:47:39
AEGEN.DLL : 8.1.1.48 348532 Bytes 2/7/2009 15:13:07
AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 17:32:40
AECORE.DLL : 8.1.7.5 180597 Bytes 14/7/2009 21:47:35
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 17:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 13:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 17:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 16/5/2009 21:07:51
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/6/2009 00:05:08
RCTEXT.DLL : 9.0.37.0 86785 Bytes 16/5/2009 21:07:51

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: rename
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: quarta-feira, 15 de julho de 2009 20:02

Starting search for hidden objects.
'28637' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned
Scan process 'LCDClock.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'CtHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'LGDCore.exe' - '1' Module(s) have been scanned
Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
Scan process 'LGDevAgt.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DrvIcon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '63' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\pablo\Configurações locais\Dados de aplicativos\PunkBuster\COD4\pb\PnkBstrK.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '4ac961c4.qua' ( QUARANTINE )
[NOTE] The file was renamed to 'PnkBstrK.sys.VIR'!
C:\WINDOWS\system32\drivers\PnkBstrK.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '4ac962c6.qua' ( QUARANTINE )
[NOTE] The file was renamed to 'PnkBstrK.sys.VIR00'!
C:\WINDOWS\system32\drivers\PnkBstrK.sys.VIR
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '4c8f0cff.qua' ( QUARANTINE )


End of the scan: quarta-feira, 15 de julho de 2009 20:13
Used time: 10:20 Minute(s)

The scan has been done completely.

4453 Scanned directories
168556 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
2 Files were renamed
1 Files cannot be scanned
168552 Files not concerned
2105 Archives were scanned
1 Warnings
4 Notes
28637 Objects were scanned with rootkit scan
0 Hidden objects were found"
 
Wolf me ajuda a detectar qual virus no meu PC desesdeprado estou!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:29, on 16/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\psg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Software Informer\softinfo.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\WinAVI Video Converter 9.0\WinAVI 9.0.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O1 - Hosts: 174.37.152.220 santander.com.br
O1 - Hosts: 174.37.152.221 www.itau.com.br
O1 - Hosts: 174.37.152.221 itau.com.br
O1 - Hosts: 174.37.152.221 www.itaupersonnalite.com.br
O1 - Hosts: 174.37.152.221 itaupersonnalite.com.br
O1 - Hosts: 174.37.152.221 www.itauprivatebank.com.br
O1 - Hosts: 174.37.152.221 itauprivatebank.com.br
O1 - Hosts: 174.37.152.222 www.bradesco.com.br
O1 - Hosts: 174.37.152.222 bradesco.com.br
O1 - Hosts: 174.37.152.222 www.bradescoprime.com.br
O1 - Hosts: 174.37.152.222 bradescoprime.com.br
O1 - Hosts: 174.37.152.222 www.bradescoprivate.com.br
O1 - Hosts: 174.37.152.222 bradescoprivate.com.br
O1 - Hosts: 174.37.152.222 www.bradescouniversitario.com.br
O1 - Hosts: 174.37.152.222 bradescouniversitario.com.br
O1 - Hosts: 174.37.152.222 www.bradescocelular.com.br
O1 - Hosts: 174.37.152.222 bradescocelular.com.br
O1 - Hosts: 174.37.152.222 www.shopfacil.com.br
O1 - Hosts: 174.37.152.222 shopfacil.com.br
O1 - Hosts: 174.37.152.223 www.nossacaixa.com.br
O1 - Hosts: 174.37.152.223 nossacaixa.com.br
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [psg] C:\WINDOWS\system32\psg.exe \u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9692 bytes
 
Alguém pode me ajudar a remover o virus e descobrir qual é? o meu internet explore dá erro e fecha todas as telas dele assim como progrmas em uso
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:29, on 16/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\psg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Software Informer\softinfo.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\WinAVI Video Converter 9.0\WinAVI 9.0.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O1 - Hosts: 174.37.152.220 santander.com.br
O1 - Hosts: 174.37.152.221 www.itau.com.br
O1 - Hosts: 174.37.152.221 itau.com.br
O1 - Hosts: 174.37.152.221 www.itaupersonnalite.com.br
O1 - Hosts: 174.37.152.221 itaupersonnalite.com.br
O1 - Hosts: 174.37.152.221 www.itauprivatebank.com.br
O1 - Hosts: 174.37.152.221 itauprivatebank.com.br
O1 - Hosts: 174.37.152.222 www.bradesco.com.br
O1 - Hosts: 174.37.152.222 bradesco.com.br
O1 - Hosts: 174.37.152.222 www.bradescoprime.com.br
O1 - Hosts: 174.37.152.222 bradescoprime.com.br
O1 - Hosts: 174.37.152.222 www.bradescoprivate.com.br
O1 - Hosts: 174.37.152.222 bradescoprivate.com.br
O1 - Hosts: 174.37.152.222 www.bradescouniversitario.com.br
O1 - Hosts: 174.37.152.222 bradescouniversitario.com.br
O1 - Hosts: 174.37.152.222 www.bradescocelular.com.br
O1 - Hosts: 174.37.152.222 bradescocelular.com.br
O1 - Hosts: 174.37.152.222 www.shopfacil.com.br
O1 - Hosts: 174.37.152.222 shopfacil.com.br
O1 - Hosts: 174.37.152.223 www.nossacaixa.com.br
O1 - Hosts: 174.37.152.223 nossacaixa.com.br
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [psg] C:\WINDOWS\system32\psg.exe \u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9692 bytes
 
Alguém pode me ajudar a remover o virus e descobrir qual é? o meu internet explore dá erro e fecha todas as telas dele assim como progrmas em uso
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:29, on 16/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\psg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Software Informer\softinfo.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\WinAVI Video Converter 9.0\WinAVI 9.0.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O1 - Hosts: 174.37.152.220 santander.com.br
O1 - Hosts: 174.37.152.221 www.itau.com.br
O1 - Hosts: 174.37.152.221 itau.com.br
O1 - Hosts: 174.37.152.221 www.itaupersonnalite.com.br
O1 - Hosts: 174.37.152.221 itaupersonnalite.com.br
O1 - Hosts: 174.37.152.221 www.itauprivatebank.com.br
O1 - Hosts: 174.37.152.221 itauprivatebank.com.br
O1 - Hosts: 174.37.152.222 www.bradesco.com.br
O1 - Hosts: 174.37.152.222 bradesco.com.br
O1 - Hosts: 174.37.152.222 www.bradescoprime.com.br
O1 - Hosts: 174.37.152.222 bradescoprime.com.br
O1 - Hosts: 174.37.152.222 www.bradescoprivate.com.br
O1 - Hosts: 174.37.152.222 bradescoprivate.com.br
O1 - Hosts: 174.37.152.222 www.bradescouniversitario.com.br
O1 - Hosts: 174.37.152.222 bradescouniversitario.com.br
O1 - Hosts: 174.37.152.222 www.bradescocelular.com.br
O1 - Hosts: 174.37.152.222 bradescocelular.com.br
O1 - Hosts: 174.37.152.222 www.shopfacil.com.br
O1 - Hosts: 174.37.152.222 shopfacil.com.br
O1 - Hosts: 174.37.152.223 www.nossacaixa.com.br
O1 - Hosts: 174.37.152.223 nossacaixa.com.br
O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com
O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [psg] C:\WINDOWS\system32\psg.exe \u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 9692 bytes
 
Olá pessoal, boa tarde a todos! Vou responder aos logs neste mesmo post para não floodar. Vou por ordem de postagens ok.



Tiagoquiroga, poste um novo log do HijackThis.

Como está o PC Tiago?

__________________________________________


jvictorpaiva, o computador de sua avó continua travando?

Siga os procedimentos abaixo:

Baixe o ATF-Cleaner e salve-o no desktop.
Dê um duplo clique no programa e marque a opção "Select All". Clique no botão Empty Selected > OK.
Clique em Exit para fechar.


- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação, reinicie o computador em Modo de Segurança;
● Já em modo seguro, execute o programa. Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis (feito em modo normal).
__________________________________________


JulianoT, o AskBar é um adware de simples remoção. Bastando ir em Adicionar ou Remover Programas e removê-lo normalmente, como qualquer programa.

O log está ok Juliano. O ESET continua alertando esta infecção?

__________________________________________


cassianomsi, siga as instruções abaixo:

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.
__________________________________________


Etdet, poderia postar uma screen desses alertas do NOD32 ESET Smart?

Siga as instruções abaixo amigo Etdet:

Faça o download do DDS e salve no desktop

• Desative temporariamente seu antivirus e dê um duplo clique em dds.scr;
• Abrirá uma tela do DOS para você. Apenas aguarde;
• Ao término, serão abertos automaticamente dois logs. Um com o nome DDS.txt e outro Attach.txt. Estes logs também estarão salvos no desktop.

Cole os logs em sua próxima resposta.
__________________________________________


Olá P_I_N_G_A, esta detecção do Avira trata-se de um falso-positivo, ou seja, uma detecção errônea do antivirus. Os arquivos não são vírus. Veja que os arquivos detectados pelo Avira são do PunkBuster:

C:\Documents and Settings\pablo\Configurações locais\Dados de aplicativos\PunkBuster\COD4\pb\PnkBstrK.sys <- arquivo responsável por manter o programa aberto quando está executando

C:\WINDOWS\system32\drivers\PnkBstrK.sys <- arquivo de serviço do programa

Não delete os arquivos para que não tenha problemas com o PunkBuster. Dê uma lida neste link abaixo P_I_N_G_A:

http://forum.avira.com/wbb/index.php?page=Thread&threadID=94754

O arquivo já foi reportado para a Avira e a correção para o falso-positivo virá nas próximas atualizações.

Não há com que se preocupar amigo P_I_N_G_A.

Se quiser ter uma confirmação ainda maior, envie os arquivos para o VirusTotal, onde serão analisados por mais de trinta antivirus:

http://www.virustotal.com/pt/

__________________________________________


Olá rbbb33, você está infectado com Trojans Bankers. Este tipo de vírus captura as senhas digitadas na máquina e as enviam para o cracker criador da praga. Recomendo que após a remoção deste vírus, troque rapidamente todas as senhas que digitou no computador. Seja do Orkut, MSN, e-mail, internet banking (principalmente), fóruns, etc...

Siga as instruções abaixo no spoiler rbbb33:

- Faça o download do HostsXpert e salve-o no desktop;
- Extraia o arquivo para seu desktop e execute o HostsXpert.exe;
- Clique no botão Restore MS Hosts Files e feche o programa.


- Faça o download do BankerFix e salve-o no desktop;

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;
● Dê um duplo clique em bankerfix.exe;
● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;
● Clique em OK > OK. Tecle Enter e aguarde o término do scan;
● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.
● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.
 
Sonny disse:
Fala Mr.Wolf, como vai ?

Belo texto, e explicou muito bem como e porque essas coisas acontecem e funcionam.

Não adianta né, tudo vai ser na base do interesse e "reconhecimento" por dinheiro. Uma coisa leva a outra, os hackers e as empresas. Mas a pior delas, na minha opinião, é a Micro$oft, que sabe de tudo isso e deixa rolar, porque ela sabe que se ela fizer alguma coisa, muitas empresas rompem contrato (dinheiro) com ela, e ai os "lucros" em relação a vírus e a brechas no sistema vai diminuir. Sem falar que o principal argumento de venda é exatamente isso, ou seja... usando o que os hackers fazem, e tudo isso vira uma bola de neve.

Mas mesmo assim, isso tudo é muito interessante. Parece um jogo, de quem ganha mais com maior invenção e genialidade (no mundo da ganância).
Clique para expandir...
Opa amigo Sonny, concordo quando você diz:

Mas a pior delas, na minha opinião, é a Micro$oft, que sabe de tudo isso e deixa rolar, porque ela sabe que se ela fizer alguma coisa, muitas empresas rompem contrato (dinheiro) com ela, e ai os "lucros" em relação a vírus e a brechas no sistema vai diminuir.
Clique para expandir...
Claro que a Microsoft estava a par desses acontecimentos. E é verdade, a Microsoft deixa muitas brechas no Windows para lucrar em cima disso. Aliás, foi assim com o Worm Conficker.

Quando descobrimos que o worm se aproveita do recurso autorun do Windows para afetar a máquina, e em alguns casos mesmo desativando o recurso não obtemos êxito, enviamos um e-mail à Microsoft comunicando-a sobre este problema, e pedímos que se possível tomassem alguma providência quanto à isto. No primeiro momento a Microsoft recusou qualquer alteração neste recurso. Alguns dias após isto, a empresa nos enviou um outro comunicado dizendo que o recurso realmente estava relacionado com a infecção, e nisso, mais de mil usuários já tinham sido infectados pelo worm. Três dias depois a Microsoft lançou uma atualização de desativação total do autorun no Windows. Um dia depois disto, a Microsoft relatou publicamente que, o único antivirus que poderia proteger o computador do conficker era o Norton da Symantec. Vejamos: A principal "aliada" e "doadora", se é que me entende, da Microsoft, é a Symantec. Estranho, não! E, de fato, isso é pura mentira.

Agora pergunto: Você acha que a Microsoft já não sabia que este recurso ajuda o worm na infecção? A resposta é sim. Pois era uma coisa óbvia, e isso estava claro nos testes e reports que a enviamos sobre o assunto.

Enfim, é Microsoft né.

______________________________________________


Gustavo MPO disse:
Olá Mr.Wolf.
Me responda uma coisa, esses codigos abaixo significam algo?

Código: 
Gbt+8FZ6gOwZqF7qxinrtZB5WrdfA6yrgjytLspHlQw=
Gbt+8FZ6gOwZqF7qxinrtZB5WrdfA6yrgjmtSchf+Et75j0=
Gbt+8FZ6gOwZqF7qxinrtZB5WrdfA6yrgjmtSchf+EiqgVI=
Gbt+8FZ6gPpE8b9FVql78X9e2QoS8enmjQjdH37AuTizRuMr/d+X8VJ3

Esse era o conteúdo de uma ADS da pasta system32\drivers
Clique para expandir...
Gustavo, todo conteúdo ADS com início "Gbt+" quer dizer que o arquivo está coletando informações temporárias de seu sistema através do arquivo index.dat (arquivo que armazena todos os endereços de sites acessados pelo usuário, bem como os cookies e histórico de sites visitados). A pasta em que a ADS está é o de menos, pois pode estar em qualquer diretório do sistema.

Já removeu esta ADS amigo Gustavo? Se ainda não, recomendo que remova-a e também que limpe o histórico do arquivo index.dat. :thumbs_up

___________________________________________


gutobach disse:
Mr. Wolf, tudo bem?

É meu primeiro post aqui, estava com um pressentimento de que as paginas da caixa economica aqui em meu micro eram falsas, e realmente era um malware eu acho.

Ja instalei o programa que removeu 11 vírus...

Acontece que eu só fui perceber isso depois que o Hacker fez 3 tranferencias que totalizam cerca de R$ 1.000,00 e ainda fez um crédito no celular pré-pago dele no valor de R$ 50,00 tenho tudo anotado aqui, inclusive o numero de celular.

O que eu posso fazer para me resguardar dessa situação?
Se possível mande por mensagem privada seu telefone pra eu ligar e discutir com vc o melhor a fazer.

ps: meu problema foi o mesmo do |St1ng3r|, na pagina 260 deste mesmo tópico, poderia colocar aqui alguns prints, mas não sei fazer isso, se puder me mandar um e-mail talvez, eu te respondo com os prints. (gutobach@hotmail.com)

Desde já, muito obrigado!!
Clique para expandir...
Olá gutobach

Em casos assim, a primeira coisa que deve ser feita é entrar em contato com o gerente de seu banco (Caixa Econômica) e pedir urgentemente a modificação da senha de sua conta. O mesmo com sua conta do celular.

Infelizmente, roubos como este ocorrem todos os dias. São crackers mal-intencionados que criam Trojans Bankers (vírus que roubam senhas) e criam também páginas de bancos falsas para enganar o usuário que é redirecionado para as mesmas. Este golpe está mais frequente atualmente, pois os crackers estão utilizando uma técnica nova para que isso ocorra da forma mais perfeita do mundo. Até agora registramos mais de cem casos de golpes como este em menos de dois meses.

Você, com certeza, foi vítima da nova técnica desses criminosos, que está descrita no artigo abaixo pelo meu amigo Einstein (perito de análises do fórum Linha Defensiva):

http://www.linhadefensiva.org/forum/index.php?showtopic=100015&st=0&#entry507649

Enfim, na verdade, não há muito a se fazer, amigo gutobach. Infelizmente!

Porém recomendo que:

1º) Entre em contato com o gerente do banco imediatamente e relate o ocorrido;

2º) Tenha a total certeza de que seu computador está livre destas pragas - se quiser posso lhe ajudar nisso;

3º) Troque todas as suas senhas, não somente a do banco;

4º) Quando for acessar uma página de banco, atente-se bem - isso está descrito no artigo que lhe passei acima. Preferencialmente, acesse à página utilizando o navegador Opera

Qualquer dúvida entre em contato.

Abraços
 
BankerFix 3.0 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2009-07-16 - 15:49
-------------------------------------------------------
Lista de Definição: 2009-06-26-1 | CORE: 2009-01-21-1
=======================================================



----- Fim -------------------------





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:30, on 16/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Software Informer\softinfo.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Arquivos de programas\Eazel-PR\tbEaze.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8878 bytes


e agora tudo ok?
 
Mr.Wolf disse:
Gustavo, todo conteúdo ADS com início "Gbt+" quer dizer que o arquivo está coletando informações temporárias de seu sistema através do arquivo index.dat (arquivo que armazena todos os endereços de sites acessados pelo usuário, bem como os cookies e histórico de sites visitados). A pasta em que a ADS está é o de menos, pois pode estar em qualquer diretório do sistema.

Já removeu esta ADS amigo Gustavo? Se ainda não, recomendo que remova-a e também que limpe o histórico do arquivo index.dat. :thumbs_up
Clique para expandir...
Sim, removi sim Mr.Wolf, já fiz uma limpeza da máquina também.
Bom, talvez essa ADS tenha vindo de meu amiguinho svchosts.exe que tinha nessa máquina, que aliás, já foi removido também, junto a outros malwares.

Obrigado pela explicação Mr.Wolf.
Abraço.
 
rbbb33, siga as instruções abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
 
Gustavo MPO disse:
Sim, removi sim Mr.Wolf, já fiz uma limpeza da máquina também.
Bom, talvez essa ADS tenha vindo de meu amiguinho svchosts.exe que tinha nessa máquina, que aliás, já foi removido também, junto a outros malwares.

Obrigado pela explicação Mr.Wolf.
Abraço.
Clique para expandir...
Gustavo, aqui temos alguns poréns quanto à localização do malware svchosts.exe. Pois veja bem:

C:\WINDOWS\system32\svchosts.exe <- cavalo de tróia que vem acompanhado de backdoors e diversas ADS no sistema. Neste caso recomendaria o uso da ferramenta ADS Spy integrada com o HijackThis em: Open the Misc Tools Section > Open ADS Spy

C:\WINDOWS\svchosts.exe ou C:\svchosts.exe <- worms que contaminam a rede e criam um autorun.inf em C:\. Desabilitam o recurso de ver pastas e arquivos ocultos do sistema

C:\Arquivos de programas\svchosts.exe <- trojan banker, é necessário a troca das senhas digitadas no sistema para evitar furto das mesmas

C:\Documents and Settings\Dados de Aplicativos\svchosts.exe <- backdoor trazido por um trojan downloader chamado VCT.dll

Em qual dos diretórios acima este malware estava localizado amigo Gustavo?
 
Mr Wolf me ajuda tambem com este topico como faço pra mandar msg privada pra vc
Problema pra assistir formato .Ts (HD)
Bem galera espero contar muito com a ajuda de vocês que sabem de tudo, me indicaram este forum pra solucionar meus problemas é o seguinte: Quero assistir um Video formato.ts no caso HD do meu PC pra TV já instalei todos programas possiveis como o GOM, VLC, Cyber Link, e todos rodaam mas ficam travando, me indicaram o Media Classic cinema com o K-Lite Mega Codec instalei-os e ele foi o mlehorzinho de todos começa rodar normal e depois perde a sincronia entre audio e video e depois fica travando e aparecendo uns quadrados de distorção,instalei o EEEC + o core avc e ficou pior, tneho um Celeron de 1.64HZ e Memoria de 1.21GB, algujma pessoa caridosa poderia me orientar como solucionar meu problema? Eu pensei q era o processador mas meu amigo tem um core-duo e 2Gb de memoria esta com o memso problema, ficarei muito agradecido pela atenção e compreensão de todos!
 
M.Wolf.
Eu deletei esse AskBar na pasta temp das configurações locais (la tinha um apasta do NERO com esse adware.
Qnd eue entrava nessa pasta o eset ja dava de cara umas 10 detected threads.
Depois que eu deletei manualmente (não está nos arquivos de programas), ele paraou de acusar thread.
Obrigado Mr. Wolf =)
JulianoT
 
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1247.772 [GMT -3:00]
Executando de: c:\downloads\Software\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\MyWay
c:\documents and settings\Ricardo\ytvrqut.exe
c:\recycler\S-1-5-21-299502267-117609710-839522115-1003
C:\restore
c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini
c:\windows\isRS-000.tmp
c:\windows\system32\kr_done1
c:\windows\system32\secupdat.dat

A cópia de c:\windows\explorer.exe foi encontrada e desinfectada
Cópia restaurada de - c:\windows\ServicePackFiles\i386\explorer.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))
.

2009-07-16 17:29 . 2009-07-16 17:29 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:29 . 2009-07-16 17:29 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:28 . 2009-07-16 17:28 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:28 . 2009-07-16 17:28 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:21 . 2009-07-16 17:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-16 17:15 . 2009-07-16 17:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-16 17:15 . 2009-07-16 17:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-16 17:14 . 2009-07-16 19:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-07-16 17:14 . 2009-07-16 17:14 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-07-16 15:57 . 2009-07-16 15:57 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-07-16 03:23 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-16 03:23 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-16 03:23 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-16 03:23 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-16 03:23 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-16 03:23 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-16 03:23 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-16 03:23 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-16 03:23 . 2009-07-16 03:23 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-07-16 02:58 . 2009-07-16 02:58 -------- d-----w- c:\arquivos de programas\Conduit
2009-07-16 02:58 . 2009-07-16 02:58 -------- d-----w- c:\arquivos de programas\Eazel-PR
2009-07-16 00:55 . 2009-07-16 00:55 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink
2009-07-16 00:48 . 2009-07-16 00:48 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-16 00:48 . 2009-07-16 00:58 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-07-16 00:32 . 2009-07-16 00:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-15 23:49 . 2009-07-15 23:49 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-07-15 15:50 . 2009-07-15 15:50 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Uniblue
2009-07-15 15:44 . 2009-07-15 15:44 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nero
2009-07-15 15:06 . 2009-07-15 23:29 -------- d-----w- c:\arquivos de programas\GRETECH
2009-07-15 12:22 . 2009-07-15 13:13 -------- d-----w- c:\arquivos de programas\DVDlabPro2
2009-07-15 09:52 . 2009-07-15 11:59 -------- d-----w- c:\arquivos de programas\Aiseesoft Studio
2009-07-15 09:41 . 2009-07-15 14:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\dvdcss
2009-07-15 09:37 . 2009-07-15 09:37 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-07-10 23:34 . 2009-07-15 11:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\uTorrent
2009-07-10 21:59 . 2009-07-15 13:29 -------- d-----w- C:\DVDVolume
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\arquivos de programas\MySearch
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Desktopicon
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeRIP
2009-07-10 21:37 . 2009-07-15 11:52 -------- d-----w- c:\arquivos de programas\FreeRIP3
2009-07-10 04:22 . 2009-07-16 19:44 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Free Download Manager
2009-07-10 04:22 . 2009-07-10 04:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG
2009-07-10 02:45 . 2009-07-10 02:45 -------- d-----w- c:\arquivos de programas\Ask.com
2009-07-10 02:45 . 2009-07-10 02:45 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator
2009-07-10 02:28 . 2009-07-10 15:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-07-10 02:27 . 2009-07-10 15:29 -------- d-----w- c:\arquivos de programas\DAP
2009-07-08 21:24 . 2009-07-16 17:57 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Software Informer
2009-07-08 21:24 . 2009-07-08 21:24 -------- d-----w- c:\arquivos de programas\Software Informer
2009-07-08 21:23 . 2009-07-16 17:12 -------- d-----w- c:\arquivos de programas\Free Download Manager
2009-07-07 17:06 . 2009-07-07 17:06 488960 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-07-07 17:05 . 2009-07-07 17:05 320000 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\OCTOSHAPE.EXE
2009-07-07 01:01 . 2009-07-16 00:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-07 00:45 . 2009-07-07 00:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-07 00:42 . 2009-07-15 12:47 -------- d-----w- C:\temp
2009-07-07 00:42 . 2009-07-07 00:43 -------- d-----w- c:\temp\google
2009-07-03 16:26 . 2003-11-04 18:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-07-03 16:26 . 2004-01-12 05:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nokia
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\PC Suite
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\DIFX
2009-06-25 20:07 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-06-25 20:07 . 2009-02-09 10:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-25 20:07 . 2009-07-07 02:44 -------- d-----w- c:\arquivos de programas\Nokia
2009-06-25 20:07 . 2009-06-25 20:06 34511040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_wu_por_br.exe
2009-06-25 20:06 . 2009-06-25 20:06 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-25 20:06 . 2009-06-25 20:06 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-25 20:06 . 2009-06-25 20:06 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-25 20:06 . 2009-06-25 20:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-06-25 19:41 . 2009-06-25 19:41 -------- d-sh--w- c:\windows\ftpcache
2009-06-20 05:04 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-20 05:04 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-20 05:04 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-20 05:04 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:29 . 2009-05-24 18:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-16 03:31 . 2009-06-16 03:43 -------- d-----w- c:\arquivos de programas\Google
2009-07-16 02:10 . 2009-05-25 04:40 -------- d-----w- c:\arquivos de programas\FreeRIP2
2009-07-16 00:51 . 2009-03-22 21:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-16 00:48 . 2009-05-18 22:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 11:54 . 2009-07-15 11:54 16998 ----a-w- c:\windows\system32\427D.tmp
2009-07-15 11:53 . 2009-07-15 11:53 164 ----a-w- c:\windows\system32\424C.tmp
2009-07-15 11:53 . 2009-07-15 11:53 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-15 11:53 . 2004-08-04 02:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-07-13 22:50 . 2009-03-22 21:23 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Ahead
2009-07-13 22:35 . 2009-03-22 22:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-06-25 19:36 . 2009-06-12 04:54 -------- d-----w- c:\arquivos de programas\ScannerP
2009-06-25 19:36 . 2009-03-30 23:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-06-25 12:02 . 2009-03-30 23:45 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-06-15 22:19 . 2009-03-30 23:46 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-12 04:55 . 2009-06-12 04:55 -------- d-----w- c:\arquivos de programas\Common Files
2009-06-08 08:56 . 2009-06-08 08:56 64072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\Spanish\setup.exe
2009-06-04 01:04 . 2001-10-28 12:07 67450 ----a-w- c:\windows\system32\perfc016.dat
2009-06-04 01:04 . 2001-10-28 12:07 425426 ----a-w- c:\windows\system32\perfh016.dat
2009-06-03 12:35 . 2009-06-03 12:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-25 08:21 . 2009-05-25 08:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 08:18 . 2009-05-25 08:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-21 05:34 . 2009-05-21 05:34 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter
2009-05-18 22:02 . 2009-05-18 22:02 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Media Player Classic
2009-05-16 23:59 . 2009-05-16 23:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 20:46 . 2009-05-13 20:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2004-08-04 03:45 668672 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2009-03-23 01:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 18:01 . 2009-04-19 18:01 0 ----a-w- c:\arquivos de programas\INSO042009.log
2009-04-19 18:01 . 2009-04-19 18:01 504832 ----a-w- C:\INSO.EXE
2009-06-24 18:03 . 2009-07-10 10:56 137208 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\drivers\TCPIP.SYS

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:21 26112 4352437014F966BDB031563314941A0E c:\windows\system32\USERINIT.EXE
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\arquivos de programas\Eazel-PR\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
2009-07-02 13:18 2215960 ----a-w- c:\arquivos de programas\Eazel-PR\tbEaze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 22:50 809864 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\arquivos de programas\Eazel-PR\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"= "c:\arquivos de programas\Eazel-PR\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2009-07-09 1937477]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2009-07-15 27660]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"InstantAccess"="c:\arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe" [1998-07-08 37376]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-22 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [30/3/2009 20:46 27056]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2009 20:45 53552]
R2 uvnc_service;uvnc_service;c:\arquivos de programas\UltraVNC\winvnc.exe [22/3/2009 20:05 1519168]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/5/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/5/2009 20:59 19472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-07-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-04-02 22:50]
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
HKCU-Run-fsm - (no file)


.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2097962
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.br\www2.bancobrasil
TCP: {02942639-828C-4F33-BBBE-FCA410E7894F} = 200.202.193.75,200.202.193.76
FF - ProfilePath - c:\documents and settings\Ricardo\Dados de aplicativos\Mozilla\Firefox\Profiles\gbefks5e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 16:46
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\arquivos de programas\GBPLUGIN\gbieh.dll

- - - - - - - > 'explorer.exe'(2252)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquiv~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\arquivos de programas\Mozilla Firefox\firefox.exe
c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-16 16:50 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-16 19:49

Pré-execução: 8.858.841.088 bytes disponíveis
Pós execução: 9.591.160.832 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

350 --- E O F --- 2009-06-11 00:25
 
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1247.772 [GMT -3:00]
Executando de: c:\downloads\Software\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\MyWay
c:\documents and settings\Ricardo\ytvrqut.exe
c:\recycler\S-1-5-21-299502267-117609710-839522115-1003
C:\restore
c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini
c:\windows\isRS-000.tmp
c:\windows\system32\kr_done1
c:\windows\system32\secupdat.dat

A cópia de c:\windows\explorer.exe foi encontrada e desinfectada
Cópia restaurada de - c:\windows\ServicePackFiles\i386\explorer.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))
.

2009-07-16 17:29 . 2009-07-16 17:29 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:29 . 2009-07-16 17:29 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:28 . 2009-07-16 17:28 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:28 . 2009-07-16 17:28 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:21 . 2009-07-16 17:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-16 17:15 . 2009-07-16 17:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-16 17:15 . 2009-07-16 17:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-16 17:14 . 2009-07-16 19:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-07-16 17:14 . 2009-07-16 17:14 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-07-16 15:57 . 2009-07-16 15:57 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-07-16 03:23 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-16 03:23 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-16 03:23 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-16 03:23 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-16 03:23 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-16 03:23 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-16 03:23 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-16 03:23 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-16 03:23 . 2009-07-16 03:23 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-07-16 02:58 . 2009-07-16 02:58 -------- d-----w- c:\arquivos de programas\Conduit
2009-07-16 02:58 . 2009-07-16 02:58 -------- d-----w- c:\arquivos de programas\Eazel-PR
2009-07-16 00:55 . 2009-07-16 00:55 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink
2009-07-16 00:48 . 2009-07-16 00:48 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-16 00:48 . 2009-07-16 00:58 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-07-16 00:32 . 2009-07-16 00:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-15 23:49 . 2009-07-15 23:49 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-07-15 15:50 . 2009-07-15 15:50 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Uniblue
2009-07-15 15:44 . 2009-07-15 15:44 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nero
2009-07-15 15:06 . 2009-07-15 23:29 -------- d-----w- c:\arquivos de programas\GRETECH
2009-07-15 12:22 . 2009-07-15 13:13 -------- d-----w- c:\arquivos de programas\DVDlabPro2
2009-07-15 09:52 . 2009-07-15 11:59 -------- d-----w- c:\arquivos de programas\Aiseesoft Studio
2009-07-15 09:41 . 2009-07-15 14:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\dvdcss
2009-07-15 09:37 . 2009-07-15 09:37 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-07-10 23:34 . 2009-07-15 11:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\uTorrent
2009-07-10 21:59 . 2009-07-15 13:29 -------- d-----w- C:\DVDVolume
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\arquivos de programas\MySearch
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Desktopicon
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeRIP
2009-07-10 21:37 . 2009-07-15 11:52 -------- d-----w- c:\arquivos de programas\FreeRIP3
2009-07-10 04:22 . 2009-07-16 19:44 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Free Download Manager
2009-07-10 04:22 . 2009-07-10 04:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG
2009-07-10 02:45 . 2009-07-10 02:45 -------- d-----w- c:\arquivos de programas\Ask.com
2009-07-10 02:45 . 2009-07-10 02:45 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator
2009-07-10 02:28 . 2009-07-10 15:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-07-10 02:27 . 2009-07-10 15:29 -------- d-----w- c:\arquivos de programas\DAP
2009-07-08 21:24 . 2009-07-16 17:57 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Software Informer
2009-07-08 21:24 . 2009-07-08 21:24 -------- d-----w- c:\arquivos de programas\Software Informer
2009-07-08 21:23 . 2009-07-16 17:12 -------- d-----w- c:\arquivos de programas\Free Download Manager
2009-07-07 17:06 . 2009-07-07 17:06 488960 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-07-07 17:05 . 2009-07-07 17:05 320000 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\OCTOSHAPE.EXE
2009-07-07 01:01 . 2009-07-16 00:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-07 00:45 . 2009-07-07 00:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-07 00:42 . 2009-07-15 12:47 -------- d-----w- C:\temp
2009-07-07 00:42 . 2009-07-07 00:43 -------- d-----w- c:\temp\google
2009-07-03 16:26 . 2003-11-04 18:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-07-03 16:26 . 2004-01-12 05:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nokia
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\PC Suite
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\DIFX
2009-06-25 20:07 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-06-25 20:07 . 2009-02-09 10:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-25 20:07 . 2009-07-07 02:44 -------- d-----w- c:\arquivos de programas\Nokia
2009-06-25 20:07 . 2009-06-25 20:06 34511040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_wu_por_br.exe
2009-06-25 20:06 . 2009-06-25 20:06 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-25 20:06 . 2009-06-25 20:06 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-25 20:06 . 2009-06-25 20:06 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-25 20:06 . 2009-06-25 20:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-06-25 19:41 . 2009-06-25 19:41 -------- d-sh--w- c:\windows\ftpcache
2009-06-20 05:04 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-20 05:04 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-20 05:04 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-20 05:04 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:29 . 2009-05-24 18:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-16 03:31 . 2009-06-16 03:43 -------- d-----w- c:\arquivos de programas\Google
2009-07-16 02:10 . 2009-05-25 04:40 -------- d-----w- c:\arquivos de programas\FreeRIP2
2009-07-16 00:51 . 2009-03-22 21:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-16 00:48 . 2009-05-18 22:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 11:54 . 2009-07-15 11:54 16998 ----a-w- c:\windows\system32\427D.tmp
2009-07-15 11:53 . 2009-07-15 11:53 164 ----a-w- c:\windows\system32\424C.tmp
2009-07-15 11:53 . 2009-07-15 11:53 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-15 11:53 . 2004-08-04 02:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-07-13 22:50 . 2009-03-22 21:23 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Ahead
2009-07-13 22:35 . 2009-03-22 22:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-06-25 19:36 . 2009-06-12 04:54 -------- d-----w- c:\arquivos de programas\ScannerP
2009-06-25 19:36 . 2009-03-30 23:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-06-25 12:02 . 2009-03-30 23:45 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-06-15 22:19 . 2009-03-30 23:46 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-12 04:55 . 2009-06-12 04:55 -------- d-----w- c:\arquivos de programas\Common Files
2009-06-08 08:56 . 2009-06-08 08:56 64072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\Spanish\setup.exe
2009-06-04 01:04 . 2001-10-28 12:07 67450 ----a-w- c:\windows\system32\perfc016.dat
2009-06-04 01:04 . 2001-10-28 12:07 425426 ----a-w- c:\windows\system32\perfh016.dat
2009-06-03 12:35 . 2009-06-03 12:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-25 08:21 . 2009-05-25 08:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 08:18 . 2009-05-25 08:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-21 05:34 . 2009-05-21 05:34 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter
2009-05-18 22:02 . 2009-05-18 22:02 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Media Player Classic
2009-05-16 23:59 . 2009-05-16 23:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 20:46 . 2009-05-13 20:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2004-08-04 03:45 668672 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2009-03-23 01:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-19 18:01 . 2009-04-19 18:01 0 ----a-w- c:\arquivos de programas\INSO042009.log
2009-04-19 18:01 . 2009-04-19 18:01 504832 ----a-w- C:\INSO.EXE
2009-06-24 18:03 . 2009-07-10 10:56 137208 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\drivers\TCPIP.SYS

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:21 26112 4352437014F966BDB031563314941A0E c:\windows\system32\USERINIT.EXE
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\arquivos de programas\Eazel-PR\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
2009-07-02 13:18 2215960 ----a-w- c:\arquivos de programas\Eazel-PR\tbEaze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 22:50 809864 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\arquivos de programas\Eazel-PR\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"= "c:\arquivos de programas\Eazel-PR\tbEaze.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2009-07-09 1937477]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2009-07-15 27660]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"InstantAccess"="c:\arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe" [1998-07-08 37376]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-22 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [30/3/2009 20:46 27056]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2009 20:45 53552]
R2 uvnc_service;uvnc_service;c:\arquivos de programas\UltraVNC\winvnc.exe [22/3/2009 20:05 1519168]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/5/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/5/2009 20:59 19472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-07-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-04-02 22:50]
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
HKCU-Run-fsm - (no file)


.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2097962
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.br\www2.bancobrasil
TCP: {02942639-828C-4F33-BBBE-FCA410E7894F} = 200.202.193.75,200.202.193.76
FF - ProfilePath - c:\documents and settings\Ricardo\Dados de aplicativos\Mozilla\Firefox\Profiles\gbefks5e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 16:46
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\arquivos de programas\GBPLUGIN\gbieh.dll

- - - - - - - > 'explorer.exe'(2252)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquiv~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\arquiv~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\arquivos de programas\Mozilla Firefox\firefox.exe
c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-16 16:50 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-16 19:49

Pré-execução: 8.858.841.088 bytes disponíveis
Pós execução: 9.591.160.832 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

350 --- E O F --- 2009-06-11 00:25
 
rbbb33 disse:
Executando de: c:\downloads\Software\ComboFix.exe
Clique para expandir...
Amigo rbbb33, seu ComboFix não está salvo no desktop, que é o local correto onde a ferramenta deve estar salva.

Por favor, delete este ComboFix que está aí. Baixe-o AQUI novamente e salve no desktop (área de trabalho). :thumbs_up

Após baixá-lo, siga as instruções do spoiler abaixo:

Selecione e copie este texto abaixo. Cole no Bloco de Notas do computador e salve no desktop como CFScript.txt

Código: 
Folder::
c:\arquivos de programas\MySearch
c:\arquivos de programas\Ask.com
c:\arquivos de programas\Eazel-PR
File::
c:\windows\system32\427D.tmp
c:\windows\system32\424C.tmp
c:\arquivos de programas\INSO042009.log
C:\INSO.EXE
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"=- -
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
Driver::
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
P.S.: Quanto ao problema com os vídeos .ts, veja se após a remoção dos vírus de seu computador, o problema irá persistir.
 
ola olf o pc ainda esta meio lento e desconectando toda hora a net n sei se é virus aí vai o log novo do hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:54, on 16/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Arquivos de programas\Winamp\winampa.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pesbrasil.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE LG webpro2 Camera
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8540 bytes
 
Mr Wolf,

Obrigado pela resposta acima hoje pesquisei com mais calma e confirma seu diagnóstico preciso.

Vlw
 
Bom, Parabeniso pela iniciativa de ajudar-nos, é muito bom isso. Bom, é o meu primeiro post aki, portanto, vou avisando os primeiros erros que estão surgindo, kuando vou faser uma pesquisa no google, e digitar a palavra da pesquisa, Carros, por exemplo, daí surge um aviso pelo próprio site do google: Infelizmente, sua consulta é semelhante a solicitações automatizadas de um vírus de computador ou aplicativospyware, o outro problema, é que para uma internet de 2mb, ela está muito lenta :eek: atualmente estou usando o NOD32 como anti-vírus, mas confesso ter deficiencias para usá-lo, gostaria de saber se é virus, e se for ou não, o que eu posso fasêr para ter meu pc voando como estava a pouco tempo atrás.
agradeço desde já.
o Log está abaixo

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1046
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Arquivos de Programas\Adobe\Acrobat Rader 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "I:\Arquivos de Programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Dados de aplicativos\Admin Inter 1 Mags\stupid bind.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "I:\Arquivos de Programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [UserName] C:\Documents and Settings\UserName\UserName.exe /i
O4 - HKCU\..\Run: [DeafNurb] C:\DOCUME~1\UserName\DADOSD~1\DRVLIE~1\Surf Admin Curb.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')
O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')
O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe
O4 - Startup: rncsys32.exe
O4 - Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe
O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O23 - Service: Serviço de transferência inteligente de plano de fundo (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate1c9fbf616e9d1de) (gupdate1c9fbf616e9d1de) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: nHancer Support (nhancer) - KSE - Korndörfer Software Engineering - C:\Arquivos de programas\nHancer\nHancerService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Atualizações Automáticas (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7769 bytes
 
grandemr wolf semper salvando a patria queria ver se tem algo aki pois anda meio estranho.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:31, on 16/07/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Fraps\fraps.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar por Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll
O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.29.0\gears.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EBF6F80-27C9-418C-A319-AFFAB985F6D5}: NameServer = 201.10.128.3 201.10.1.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9f9aebc9b7305) (gupdate1c9f9aebc9b7305) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8578 bytes
 
omboFix 09-07-14.08 - Ricardo 16/07/2009 23:45.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1247.789 [GMT -3:00]
Executando de: c:\documents and settings\Ricardo\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Ricardo\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\arquivos de programas\INSO042009.log"
"C:\INSO.EXE"
"c:\windows\system32\424C.tmp"
"c:\windows\system32\427D.tmp"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Ask.com
c:\arquivos de programas\Ask.com\config.xml
c:\arquivos de programas\Ask.com\GenericAskToolbar.dll
c:\arquivos de programas\Ask.com\mupcfg.xml
c:\arquivos de programas\Ask.com\UpdateTask.exe
c:\arquivos de programas\Eazel-PR
c:\arquivos de programas\Eazel-PR\Eazel-PRToolbarHelper.exe
c:\arquivos de programas\Eazel-PR\INSTALL.LOG
c:\arquivos de programas\Eazel-PR\tbEaze.dll
c:\arquivos de programas\Eazel-PR\toolbar.cfg
c:\arquivos de programas\Eazel-PR\UNWISE.EXE
c:\arquivos de programas\INSO042009.log
c:\arquivos de programas\MySearch
C:\INSO.EXE
c:\windows\system32\424C.tmp
c:\windows\system32\427D.tmp
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-17 to 2009-07-17 ))))))))))))))))))))))))))))
.

2009-07-16 17:29 . 2009-07-16 17:29 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:29 . 2009-07-16 17:29 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:28 . 2009-07-16 17:28 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:28 . 2009-07-16 17:28 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:21 . 2009-07-16 17:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-16 17:15 . 2009-07-16 17:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-16 17:15 . 2009-07-16 17:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-16 17:14 . 2009-07-17 02:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-07-16 17:14 . 2009-07-16 17:14 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-07-16 15:57 . 2009-07-16 15:57 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-07-16 03:23 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-16 03:23 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-16 03:23 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-16 03:23 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-16 03:23 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-16 03:23 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-16 03:23 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-16 03:23 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-16 03:23 . 2009-07-16 03:23 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-07-16 02:58 . 2009-07-16 02:58 -------- d-----w- c:\arquivos de programas\Conduit
2009-07-16 00:55 . 2009-07-16 00:55 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink
2009-07-16 00:48 . 2009-07-16 00:48 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-16 00:48 . 2009-07-16 00:58 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-07-16 00:32 . 2009-07-16 00:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-15 23:49 . 2009-07-15 23:49 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-07-15 15:50 . 2009-07-15 15:50 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Uniblue
2009-07-15 15:44 . 2009-07-15 15:44 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nero
2009-07-15 15:06 . 2009-07-15 23:29 -------- d-----w- c:\arquivos de programas\GRETECH
2009-07-15 12:22 . 2009-07-15 13:13 -------- d-----w- c:\arquivos de programas\DVDlabPro2
2009-07-15 09:52 . 2009-07-15 11:59 -------- d-----w- c:\arquivos de programas\Aiseesoft Studio
2009-07-15 09:41 . 2009-07-15 14:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\dvdcss
2009-07-15 09:37 . 2009-07-15 09:37 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-07-10 23:34 . 2009-07-15 11:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\uTorrent
2009-07-10 21:59 . 2009-07-15 13:29 -------- d-----w- C:\DVDVolume
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Desktopicon
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeRIP
2009-07-10 21:37 . 2009-07-15 11:52 -------- d-----w- c:\arquivos de programas\FreeRIP3
2009-07-10 04:22 . 2009-07-17 02:46 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Free Download Manager
2009-07-10 04:22 . 2009-07-10 04:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG
2009-07-10 02:45 . 2009-07-10 02:45 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator
2009-07-10 02:28 . 2009-07-10 15:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-07-10 02:27 . 2009-07-10 15:29 -------- d-----w- c:\arquivos de programas\DAP
2009-07-08 21:24 . 2009-07-17 02:21 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Software Informer
2009-07-08 21:24 . 2009-07-08 21:24 -------- d-----w- c:\arquivos de programas\Software Informer
2009-07-08 21:23 . 2009-07-16 17:12 -------- d-----w- c:\arquivos de programas\Free Download Manager
2009-07-07 17:06 . 2009-07-07 17:06 488960 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-07-07 17:05 . 2009-07-07 17:05 320000 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\OCTOSHAPE.EXE
2009-07-07 01:01 . 2009-07-16 00:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-07 00:45 . 2009-07-07 00:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-07 00:42 . 2009-07-15 12:47 -------- d-----w- C:\temp
2009-07-07 00:42 . 2009-07-07 00:43 -------- d-----w- c:\temp\google
2009-07-03 16:26 . 2003-11-04 18:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-07-03 16:26 . 2004-01-12 05:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nokia
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\PC Suite
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\DIFX
2009-06-25 20:07 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-06-25 20:07 . 2009-02-09 10:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-25 20:07 . 2009-07-07 02:44 -------- d-----w- c:\arquivos de programas\Nokia
2009-06-25 20:07 . 2009-06-25 20:06 34511040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_wu_por_br.exe
2009-06-25 20:06 . 2009-06-25 20:06 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-25 20:06 . 2009-06-25 20:06 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-25 20:06 . 2009-06-25 20:06 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-25 20:06 . 2009-06-25 20:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-06-25 19:41 . 2009-06-25 19:41 -------- d-sh--w- c:\windows\ftpcache
2009-06-20 05:04 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-20 05:04 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-20 05:04 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-20 05:04 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:29 . 2009-05-24 18:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-16 03:31 . 2009-06-16 03:43 -------- d-----w- c:\arquivos de programas\Google
2009-07-16 02:10 . 2009-05-25 04:40 -------- d-----w- c:\arquivos de programas\FreeRIP2
2009-07-16 00:51 . 2009-03-22 21:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-16 00:48 . 2009-05-18 22:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 11:53 . 2009-07-15 11:53 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-15 11:53 . 2004-08-04 02:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-07-13 22:50 . 2009-03-22 21:23 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Ahead
2009-07-13 22:35 . 2009-03-22 22:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-06-25 19:36 . 2009-06-12 04:54 -------- d-----w- c:\arquivos de programas\ScannerP
2009-06-25 19:36 . 2009-03-30 23:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-06-25 12:02 . 2009-03-30 23:45 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-28 12:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 22:19 . 2009-03-30 23:46 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-12 04:55 . 2009-06-12 04:55 -------- d-----w- c:\arquivos de programas\Common Files
2009-06-08 08:56 . 2009-06-08 08:56 64072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\Spanish\setup.exe
2009-06-04 01:04 . 2001-10-28 12:07 67450 ----a-w- c:\windows\system32\perfc016.dat
2009-06-04 01:04 . 2001-10-28 12:07 425426 ----a-w- c:\windows\system32\perfh016.dat
2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 12:35 . 2009-06-03 12:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-25 08:21 . 2009-05-25 08:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 08:18 . 2009-05-25 08:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-21 05:34 . 2009-05-21 05:34 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter
2009-05-18 22:02 . 2009-05-18 22:02 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Media Player Classic
2009-05-16 23:59 . 2009-05-16 23:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 20:46 . 2009-05-13 20:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2004-08-04 03:45 668672 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2009-03-23 01:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 18:03 . 2009-07-10 10:56 137208 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\drivers\TCPIP.SYS

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:21 26112 4352437014F966BDB031563314941A0E c:\windows\system32\USERINIT.EXE
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_19.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 02:42 . 2009-07-17 02:42 16384 c:\windows\Temp\Perflib_Perfdata_688.dat
+ 2009-06-16 14:39 . 2009-06-16 14:39 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-03-22 21:32 . 2009-06-11 00:25 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-16 14:39 . 2009-06-16 14:39 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-03-22 21:32 . 2009-06-11 00:25 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-07 05:11 . 2009-06-03 19:10 1295872 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-30 14:30 . 2009-06-30 14:30 5520384 c:\windows\Installer\1b78ca.msp
+ 2009-03-23 01:01 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2009-07-09 1937477]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2009-07-15 27660]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"InstantAccess"="c:\arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe" [1998-07-08 37376]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-22 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [30/3/2009 20:46 27056]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2009 20:45 53552]
R2 uvnc_service;uvnc_service;c:\arquivos de programas\UltraVNC\winvnc.exe [22/3/2009 20:05 1519168]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/5/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/5/2009 20:59 19472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2097962
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.br\www2.bancobrasil
TCP: {02942639-828C-4F33-BBBE-FCA410E7894F} = 200.202.193.75,200.202.193.76
FF - ProfilePath - c:\documents and settings\Ricardo\Dados de aplicativos\Mozilla\Firefox\Profiles\gbefks5e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 23:49
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2009-07-17 23:51
ComboFix-quarantined-files.txt 2009-07-17 02:51
ComboFix2.txt 2009-07-17 02:39

Pré-execução: 9.532.985.344 bytes disponíveis
Pós execução: 9.517.678.592 bytes disponíveis

336 --- E O F --- 2009-07-16 20:16





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:05, on 16/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Software Informer\softinfo.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8082 bytes

Você é nosso salvador Mr.Wolf não vejo a hora de retirar esse maldito virus e vê se consigo assitir o video em HD, Meus meritos a vc! rsrs
 
omboFix 09-07-14.08 - Ricardo 16/07/2009 23:45.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1247.789 [GMT -3:00]
Executando de: c:\documents and settings\Ricardo\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Ricardo\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\arquivos de programas\INSO042009.log"
"C:\INSO.EXE"
"c:\windows\system32\424C.tmp"
"c:\windows\system32\427D.tmp"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\Ask.com
c:\arquivos de programas\Ask.com\config.xml
c:\arquivos de programas\Ask.com\GenericAskToolbar.dll
c:\arquivos de programas\Ask.com\mupcfg.xml
c:\arquivos de programas\Ask.com\UpdateTask.exe
c:\arquivos de programas\Eazel-PR
c:\arquivos de programas\Eazel-PR\Eazel-PRToolbarHelper.exe
c:\arquivos de programas\Eazel-PR\INSTALL.LOG
c:\arquivos de programas\Eazel-PR\tbEaze.dll
c:\arquivos de programas\Eazel-PR\toolbar.cfg
c:\arquivos de programas\Eazel-PR\UNWISE.EXE
c:\arquivos de programas\INSO042009.log
c:\arquivos de programas\MySearch
C:\INSO.EXE
c:\windows\system32\424C.tmp
c:\windows\system32\427D.tmp
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-17 to 2009-07-17 ))))))))))))))))))))))))))))
.

2009-07-16 17:29 . 2009-07-16 17:29 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:29 . 2009-07-16 17:29 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:28 . 2009-07-16 17:28 296976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-16 17:28 . 2009-07-16 17:28 128016 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-16 17:21 . 2009-07-16 17:21 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-16 17:15 . 2009-07-16 17:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-16 17:15 . 2009-07-16 17:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-16 17:14 . 2009-07-17 02:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-07-16 17:14 . 2009-07-16 17:14 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-07-16 15:57 . 2009-07-16 15:57 -------- d-----w- c:\arquivos de programas\Trend Micro
2009-07-16 03:23 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-16 03:23 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-07-16 03:23 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-16 03:23 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-16 03:23 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-16 03:23 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-07-16 03:23 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-07-16 03:23 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-16 03:23 . 2009-07-16 03:23 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-07-16 02:58 . 2009-07-16 02:58 -------- d-----w- c:\arquivos de programas\Conduit
2009-07-16 00:55 . 2009-07-16 00:55 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2009-07-16 00:51 . 2009-07-16 00:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink
2009-07-16 00:48 . 2009-07-16 00:48 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-16 00:48 . 2009-07-16 00:58 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-07-16 00:32 . 2009-07-16 00:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-15 23:49 . 2009-07-15 23:49 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2009-07-15 15:50 . 2009-07-15 15:50 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Uniblue
2009-07-15 15:44 . 2009-07-15 15:44 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nero
2009-07-15 15:06 . 2009-07-15 23:29 -------- d-----w- c:\arquivos de programas\GRETECH
2009-07-15 12:22 . 2009-07-15 13:13 -------- d-----w- c:\arquivos de programas\DVDlabPro2
2009-07-15 09:52 . 2009-07-15 11:59 -------- d-----w- c:\arquivos de programas\Aiseesoft Studio
2009-07-15 09:41 . 2009-07-15 14:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\dvdcss
2009-07-15 09:37 . 2009-07-15 09:37 -------- d-----w- c:\arquivos de programas\VideoLAN
2009-07-10 23:34 . 2009-07-15 11:58 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\uTorrent
2009-07-10 21:59 . 2009-07-15 13:29 -------- d-----w- C:\DVDVolume
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Desktopicon
2009-07-10 21:37 . 2009-07-10 21:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeRIP
2009-07-10 21:37 . 2009-07-15 11:52 -------- d-----w- c:\arquivos de programas\FreeRIP3
2009-07-10 04:22 . 2009-07-17 02:46 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Free Download Manager
2009-07-10 04:22 . 2009-07-10 04:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG
2009-07-10 02:45 . 2009-07-10 02:45 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator
2009-07-10 02:28 . 2009-07-10 15:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit
2009-07-10 02:27 . 2009-07-10 15:29 -------- d-----w- c:\arquivos de programas\DAP
2009-07-08 21:24 . 2009-07-17 02:21 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Software Informer
2009-07-08 21:24 . 2009-07-08 21:24 -------- d-----w- c:\arquivos de programas\Software Informer
2009-07-08 21:23 . 2009-07-16 17:12 -------- d-----w- c:\arquivos de programas\Free Download Manager
2009-07-07 17:06 . 2009-07-07 17:06 488960 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-07-07 17:05 . 2009-07-07 17:05 320000 ----a-w- c:\documents and settings\Ricardo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\OCTOSHAPE.EXE
2009-07-07 01:01 . 2009-07-16 00:48 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-07 00:45 . 2009-07-07 00:45 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-07 00:42 . 2009-07-15 12:47 -------- d-----w- C:\temp
2009-07-07 00:42 . 2009-07-07 00:43 -------- d-----w- c:\temp\google
2009-07-03 16:26 . 2003-11-04 18:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-07-03 16:26 . 2004-05-14 19:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-07-03 16:26 . 2004-01-12 05:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Nokia
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\PC Suite
2009-06-25 20:08 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\DIFX
2009-06-25 20:07 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-25 20:07 . 2009-06-25 20:07 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-06-25 20:07 . 2009-02-09 10:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-25 20:07 . 2009-07-07 02:44 -------- d-----w- c:\arquivos de programas\Nokia
2009-06-25 20:07 . 2009-06-25 20:06 34511040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_wu_por_br.exe
2009-06-25 20:06 . 2009-06-25 20:06 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-25 20:06 . 2009-06-25 20:06 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-25 20:06 . 2009-06-25 20:06 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-25 20:06 . 2009-06-25 20:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-06-25 19:41 . 2009-06-25 19:41 -------- d-sh--w- c:\windows\ftpcache
2009-06-20 05:04 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-20 05:04 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-20 05:04 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-20 05:04 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:29 . 2009-05-24 18:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-16 03:31 . 2009-06-16 03:43 -------- d-----w- c:\arquivos de programas\Google
2009-07-16 02:10 . 2009-05-25 04:40 -------- d-----w- c:\arquivos de programas\FreeRIP2
2009-07-16 00:51 . 2009-03-22 21:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-07-16 00:48 . 2009-05-18 22:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-15 11:53 . 2009-07-15 11:53 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-15 11:53 . 2004-08-04 02:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-07-13 22:50 . 2009-03-22 21:23 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Ahead
2009-07-13 22:35 . 2009-03-22 22:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2009-06-25 19:36 . 2009-06-12 04:54 -------- d-----w- c:\arquivos de programas\ScannerP
2009-06-25 19:36 . 2009-03-30 23:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-06-25 12:02 . 2009-03-30 23:45 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-28 12:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 22:19 . 2009-03-30 23:46 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-12 04:55 . 2009-06-12 04:55 -------- d-----w- c:\arquivos de programas\Common Files
2009-06-08 08:56 . 2009-06-08 08:56 64072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\Spanish\setup.exe
2009-06-04 01:04 . 2001-10-28 12:07 67450 ----a-w- c:\windows\system32\perfc016.dat
2009-06-04 01:04 . 2001-10-28 12:07 425426 ----a-w- c:\windows\system32\perfh016.dat
2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 12:35 . 2009-06-03 12:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-25 08:21 . 2009-05-25 08:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 08:18 . 2009-05-25 08:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-21 05:34 . 2009-05-21 05:34 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter
2009-05-18 22:02 . 2009-05-18 22:02 -------- d-----w- c:\documents and settings\Ricardo\Dados de aplicativos\Media Player Classic
2009-05-16 23:59 . 2009-05-16 23:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 20:46 . 2009-05-13 20:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2004-08-04 03:45 668672 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2009-03-23 01:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 18:03 . 2009-07-10 10:56 137208 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-07-15 11:53 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:\windows\system32\drivers\TCPIP.SYS

[7] 2004-08-04 03:45 24576 4CA695EC1EE4C7CF2144DFA00EA0E1F7 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 02:21 26112 A7EA40F680163808D96F89B4FF991876 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 02:21 26112 4352437014F966BDB031563314941A0E c:\windows\system32\USERINIT.EXE
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_19.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 02:42 . 2009-07-17 02:42 16384 c:\windows\Temp\Perflib_Perfdata_688.dat
+ 2009-06-16 14:39 . 2009-06-16 14:39 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-03-22 21:32 . 2009-06-11 00:25 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-16 14:39 . 2009-06-16 14:39 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-03-22 21:32 . 2009-06-11 00:25 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-03-22 21:32 . 2009-06-11 00:25 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-22 21:32 . 2009-07-16 20:15 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-07 05:11 . 2009-06-03 19:10 1295872 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-30 14:30 . 2009-06-30 14:30 5520384 c:\windows\Installer\1b78ca.msp
+ 2009-03-23 01:01 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Software Informer"="c:\arquivos de programas\Software Informer\softinfo.exe" [2009-07-09 1937477]
"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2009-07-15 27660]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"InstantAccess"="c:\arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe" [1998-07-08 37376]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-3-22 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [30/3/2009 20:46 27056]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20:41 33808]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [30/3/2009 20:45 53552]
R2 uvnc_service;uvnc_service;c:\arquivos de programas\UltraVNC\winvnc.exe [22/3/2009 20:05 1519168]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/5/2009 17:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/5/2009 20:59 19472]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2097962
IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.br\www2.bancobrasil
TCP: {02942639-828C-4F33-BBBE-FCA410E7894F} = 200.202.193.75,200.202.193.76
FF - ProfilePath - c:\documents and settings\Ricardo\Dados de aplicativos\Mozilla\Firefox\Profiles\gbefks5e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.orkut.com
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 23:49
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
.
Tempo para conclusão: 2009-07-17 23:51
ComboFix-quarantined-files.txt 2009-07-17 02:51
ComboFix2.txt 2009-07-17 02:39

Pré-execução: 9.532.985.344 bytes disponíveis
Pós execução: 9.517.678.592 bytes disponíveis

336 --- E O F --- 2009-07-16 20:16





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:05, on 16/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Software Informer\softinfo.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2097962
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\Arquivos de programas\ScannerP\TBRIDGE\BIN\InstantAccess.exe /h
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{02942639-828C-4F33-BBBE-FCA410E7894F}: NameServer = 200.202.193.75,200.202.193.76
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8082 bytes

Você é nosso salvador Mr.Wolf não vejo a hora de retirar esse maldito virus e vê se consigo assitir o video em HD, Meus meritos a vc! rsrs
 
Mr.Wolf disse:
Opa amigo Sonny, concordo quando você diz:


Claro que a Microsoft estava a par desses acontecimentos. E é verdade, a Microsoft deixa muitas brechas no Windows para lucrar em cima disso. Aliás, foi assim com o Worm Conficker.

Quando descobrimos que o worm se aproveita do recurso autorun do Windows para afetar a máquina, e em alguns casos mesmo desativando o recurso não obtemos êxito, enviamos um e-mail à Microsoft comunicando-a sobre este problema, e pedímos que se possível tomassem alguma providência quanto à isto. No primeiro momento a Microsoft recusou qualquer alteração neste recurso. Alguns dias após isto, a empresa nos enviou um outro comunicado dizendo que o recurso realmente estava relacionado com a infecção, e nisso, mais de mil usuários já tinham sido infectados pelo worm. Três dias depois a Microsoft lançou uma atualização de desativação total do autorun no Windows. Um dia depois disto, a Microsoft relatou publicamente que, o único antivirus que poderia proteger o computador do conficker era o Norton da Symantec. Vejamos: A principal "aliada" e "doadora", se é que me entende, da Microsoft, é a Symantec. Estranho, não! E, de fato, isso é pura mentira.

Agora pergunto: Você acha que a Microsoft já não sabia que este recurso ajuda o worm na infecção? A resposta é sim. Pois era uma coisa óbvia, e isso estava claro nos testes e reports que a enviamos sobre o assunto.

Enfim, é Microsoft né.
Clique para expandir...

Nossa, que empresa mais imunda.

Desde que a Symantec se juntou com ela, ficou uma porcaria esse esquema de "segurança" por parte dela. Na verdade (como você bem disse) a empresa sabe de tudo isso, alem do que sabe também que a Symantec precisa dela e ela da Symantec. Para poder ter maiores vendas e assim deixar o "cliente" na mão. Isto é um absurdo mesmo.

Para nós, ainda mais para você que trabalha com isso, sabe muito bem que isso é uma sacanagem. Mas imagina para as pessoas que não tem conhecimento dessas coisas. E, mesmo se você tenta falar sobre isso, elas não irão acreditar, porque o marketing da empresa é tão forte, ainda mais sendo aliada a Micro$oft.

Infelizmente a realidade doi, ainda mais vindo da Micro$oft, que adora esses tipo de coisa. Este tipo de atitude, mesmo sendo a errada, da muitos lucros a empresa e nunca que eles vão deixar isso de lado, pensar nos clientes que compra o Windows? pra que...?

Enfim... é uma palhaçada sem tamanho mesmo.
 
Mr.Wolf disse:
Gustavo, aqui temos alguns poréns quanto à localização do malware svchosts.exe...
Em qual dos diretórios acima este malware estava localizado amigo Gustavo?
Clique para expandir...

Na system32 mesmo amigo Mr.Wolf.
Passei o ADS Spy o qual encontrou apenas ADSs nos favoritos referentes à alguns ícones.
Bom, por garantia, estou colocando o log do HiJackThis abaixo, peço que por gentileza analize-o p/ mim.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:03, on 17/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Arquivos de programas\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Arquivos de programas\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\McAfee\Common Framework\McTray.exe
C:\Arquivos de programas\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
\st-01\D - Programas\Ferramentas de Segurança Avançada\RSIT\RSIT.exe
\st-01\D - Programas\HiJackThis\internet-novo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: USB FireWall.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209987140855
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\Software\..\Telephony: DomainName = www.arthi-server.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB7EF997-5482-4E69-B08D-CFF0CD2EC3B3}: NameServer = 192.168.10.10,192.168.10.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.arthi-server.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{7ABA396C-9CC4-4E5B-A28C-9751DED46115}: NameServer = 192.168.10.10,192.168.10.2
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: uvnc_service - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

--
End of file - 6879 bytes
Abraço.
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 4 (membros: 0, visitantes: 4)
Voltar
Topo