Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

Computador lento

Criado por ccmauricio, May 02 2012 11:09 AM

lento

Faça login para responder

8 respostas neste tópico

#1 ccmauricio

Participante
22 mensagens

Publicado 02 May 2012 - 11:09 AM

Estou postando novamente, em virtude de não ter sido publicado.
Meu computador está apresentando uma lentidão muito acima do normal, como se estivesse executando algum processo ininterruptamente.
Passei o Ccleaner e o Malwarebytes e o log do Hyjackthis segue abaixo. Desde já agredeço a ajuda.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:56, on 2/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\arquivos de programas\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\JGsoft\EditPadLite\EditPadLite.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.ita...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP LaserJet Service - HP - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11184 bytes

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59693 mensagens

Publicado 02 May 2012 - 11:23 AM

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.
　
Download Banker FIX
　
Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.
　
Salve ou imprima estas instruções:
　
Dê um duplo-clique em bankerfix.exe . Clique em OK na primeira e na segunda vez que aparecerem Caixas de mensagem. Se você estiver executando o BankerFix pela segunda vez, ele irá pedir para verificar por uma atualização. Diga que Sim e depois clique em OK.
Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.
Ao terminar, leia a mensagem na tela e aperte Enter novamente...........

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + o Relatorio.txt que encontrará em C:\LinhaDefensiva + um novo Log do HijackThis .
Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus..

Ir para o topo

#3 ccmauricio

Participante
22 mensagens

Publicado 02 May 2012 - 11:58 AM

Antes de recorrer ao Forum Baboo, escaneei o computador com o MBAM. Hoje voltei a escanear. Ambos os logs seguem abaixo. Os demais logs seguem também.

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Versão da Base de Dados: v2012.05.01.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Maurício :: DELL [administrador]
1/5/2012 21:09:00
mbam-log-2012-05-01 (21-09-00).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 293631
Tempo decorrido: 27 minuto(s), 5 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 36
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\I WANT THIS (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 4
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: d1da4315991ac7782117ad5da2349a9b -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\I Want This|BundledFirefox (Adware.GamePlayLab) -> Data: 1 -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 147 -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 1
C:\Arquivos de programas\I Want This (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
Arquivos Detectados: 13
C:\Arquivos de programas\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Enviado para a Quarentena e deletado com sucesso.
C:\RECYCLER\S-1-5-21-353129056-2961158672-485389017-1008\Dc38.exe (Trojan.RepackSMS) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\I Want This.ini (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\fb.js (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\I Want This.exe (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\I Want This.ico (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\jquery.js (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\json.js (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
C:\Arquivos de programas\I Want This\I Want This.dll (PUP.GamePlayLab) -> Enviado para a Quarentena e deletado com sucesso.
(fim)

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Versão da Base de Dados: v2012.05.01.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Maurício :: DELL [administrador]
2/5/2012 09:00:08
mbam-log-2012-05-02 (09-00-08).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 293950
Tempo decorrido: 29 minuto(s), 2 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2012-05-02 - 11:38
-------------------------------------------------------
Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1
=======================================================
Proxy/Internet Explorer (HKCU): www.geyserpump.com

----- Fim -------------------------

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:40, on 2/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\arquivos de programas\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\JGsoft\EditPadLite\EditPadLite.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.ita...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP LaserJet Service - HP - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 11085 bytes

Ir para o topo

#4 Mr.Million

Consumer Security MVP

Especialista
59693 mensagens

Publicado 02 May 2012 - 12:05 PM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#5 ccmauricio

Participante
22 mensagens

Publicado 02 May 2012 - 01:39 PM

ComboFix 12-05-02.02 - Maurício 02/05/2012 13:03:11.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1014.344 [GMT -3:00]
Executando de: c:\documents and settings\Maurício\Desktop\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - system32: deleted 4 bytes in 2 streams.
ADS - drivers: deleted 263 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\Mozilla Firefox\components\AskHPRFF.js
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\documents and settings\Daniella\WINDOWS
c:\documents and settings\Mayra\WINDOWS
c:\windows\IsUn0416.exe
c:\windows\iun6002.exe
c:\windows\SET488.tmp
c:\windows\SET577.tmp
c:\windows\SET68D.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET1010.tmp
c:\windows\system32\SET1013.tmp
c:\windows\system32\SET1018.tmp
c:\windows\system32\SET101C.tmp
c:\windows\system32\SET1023.tmp
c:\windows\system32\SET1026.tmp
c:\windows\system32\SET104F.tmp
c:\windows\system32\SET1073.tmp
c:\windows\system32\SET1100.tmp
c:\windows\system32\SET1103.tmp
c:\windows\system32\SET1108.tmp
c:\windows\system32\SET110C.tmp
c:\windows\system32\SET1113.tmp
c:\windows\system32\SET1116.tmp
c:\windows\system32\SET113F.tmp
c:\windows\system32\SET1163.tmp
c:\windows\system32\SET121E.tmp
c:\windows\system32\SET1221.tmp
c:\windows\system32\SET1226.tmp
c:\windows\system32\SET122A.tmp
c:\windows\system32\SET1231.tmp
c:\windows\system32\SET1234.tmp
c:\windows\system32\SET125D.tmp
c:\windows\system32\SET1281.tmp
c:\windows\system32\SET12F0.tmp
c:\windows\system32\SET12F6.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A3.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F7.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET1FE.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22C.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET241.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET269.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET272.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27C.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET282.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET290.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET29F.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A7.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CE.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EE.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET345.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET35C.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B8.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET403.tmp
c:\windows\system32\SET404.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET40B.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET40F.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET41A.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET438.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET43C.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET43E.tmp
c:\windows\system32\SET441.tmp
c:\windows\system32\SET442.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET444.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET44D.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET44F.tmp
c:\windows\system32\SET450.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET45E.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46A.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET46F.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET476.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET499.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET49D.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET4A2.tmp
c:\windows\system32\SET4A3.tmp
c:\windows\system32\SET4A5.tmp
c:\windows\system32\SET4A6.tmp
c:\windows\system32\SET4A7.tmp
c:\windows\system32\SET4A8.tmp
c:\windows\system32\SET4A9.tmp
c:\windows\system32\SET4AD.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4AF.tmp
c:\windows\system32\SET4B0.tmp
c:\windows\system32\SET4B1.tmp
c:\windows\system32\SET4B2.tmp
c:\windows\system32\SET4B3.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4B6.tmp
c:\windows\system32\SET4B8.tmp
c:\windows\system32\SET4BB.tmp
c:\windows\system32\SET4BC.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C4.tmp
c:\windows\system32\SET4C5.tmp
c:\windows\system32\SET4CA.tmp
c:\windows\system32\SET4CC.tmp
c:\windows\system32\SET4CE.tmp
c:\windows\system32\SET4CF.tmp
c:\windows\system32\SET4D0.tmp
c:\windows\system32\SET4D2.tmp
c:\windows\system32\SET4D4.tmp
c:\windows\system32\SET4D9.tmp
c:\windows\system32\SET4DB.tmp
c:\windows\system32\SET4DC.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E6.tmp
c:\windows\system32\SET4E7.tmp
c:\windows\system32\SET4EA.tmp
c:\windows\system32\SET4EF.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F3.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F7.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET4FA.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET4FE.tmp
c:\windows\system32\SET4FF.tmp
c:\windows\system32\SET501.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET503.tmp
c:\windows\system32\SET504.tmp
c:\windows\system32\SET506.tmp
c:\windows\system32\SET509.tmp
c:\windows\system32\SET50B.tmp
c:\windows\system32\SET50F.tmp
c:\windows\system32\SET510.tmp
c:\windows\system32\SET511.tmp
c:\windows\system32\SET518.tmp
c:\windows\system32\SET519.tmp
c:\windows\system32\SET51B.tmp
c:\windows\system32\SET51F.tmp
c:\windows\system32\SET522.tmp
c:\windows\system32\SET523.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET526.tmp
c:\windows\system32\SET527.tmp
c:\windows\system32\SET528.tmp
c:\windows\system32\SET52A.tmp
c:\windows\system32\SET52B.tmp
c:\windows\system32\SET52C.tmp
c:\windows\system32\SET530.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET532.tmp
c:\windows\system32\SET533.tmp
c:\windows\system32\SET534.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET538.tmp
c:\windows\system32\SET53C.tmp
c:\windows\system32\SET53D.tmp
c:\windows\system32\SET542.tmp
c:\windows\system32\SET543.tmp
c:\windows\system32\SET548.tmp
c:\windows\system32\SET54A.tmp
c:\windows\system32\SET54B.tmp
c:\windows\system32\SET54D.tmp
c:\windows\system32\SET550.tmp
c:\windows\system32\SET551.tmp
c:\windows\system32\SET553.tmp
c:\windows\system32\SET554.tmp
c:\windows\system32\SET555.tmp
c:\windows\system32\SET557.tmp
c:\windows\system32\SET559.tmp
c:\windows\system32\SET55D.tmp
c:\windows\system32\SET55F.tmp
c:\windows\system32\SET562.tmp
c:\windows\system32\SET564.tmp
c:\windows\system32\SET57A.tmp
c:\windows\system32\SET580.tmp
c:\windows\system32\SET582.tmp
c:\windows\system32\SET583.tmp
c:\windows\system32\SET589.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET58D.tmp
c:\windows\system32\SET594.tmp
c:\windows\system32\SET597.tmp
c:\windows\system32\SET599.tmp
c:\windows\system32\SET59F.tmp
c:\windows\system32\SET5A9.tmp
c:\windows\system32\SET5AD.tmp
c:\windows\system32\SET5AF.tmp
c:\windows\system32\SET5B0.tmp
c:\windows\system32\SET5B1.tmp
c:\windows\system32\SET5BB.tmp
c:\windows\system32\SET5BF.tmp
c:\windows\system32\SET5C4.tmp
c:\windows\system32\SET5CA.tmp
c:\windows\system32\SET5D2.tmp
c:\windows\system32\SET5DA.tmp
c:\windows\system32\SET5DB.tmp
c:\windows\system32\SET5FA.tmp
c:\windows\system32\SET5FD.tmp
c:\windows\system32\SET600.tmp
c:\windows\system32\SET605.tmp
c:\windows\system32\SET607.tmp
c:\windows\system32\SET60B.tmp
c:\windows\system32\SET60F.tmp
c:\windows\system32\SET610.tmp
c:\windows\system32\SET612.tmp
c:\windows\system32\SET613.tmp
c:\windows\system32\SET614.tmp
c:\windows\system32\SET615.tmp
c:\windows\system32\SET617.tmp
c:\windows\system32\SET619.tmp
c:\windows\system32\SET61A.tmp
c:\windows\system32\SET61C.tmp
c:\windows\system32\SET61F.tmp
c:\windows\system32\SET621.tmp
c:\windows\system32\SET626.tmp
c:\windows\system32\SET627.tmp
c:\windows\system32\SET62F.tmp
c:\windows\system32\SET635.tmp
c:\windows\system32\SET63A.tmp
c:\windows\system32\SET63D.tmp
c:\windows\system32\SET640.tmp
c:\windows\system32\SET642.tmp
c:\windows\system32\SET646.tmp
c:\windows\system32\SET648.tmp
c:\windows\system32\SET649.tmp
c:\windows\system32\SET64A.tmp
c:\windows\system32\SET64D.tmp
c:\windows\system32\SET64E.tmp
c:\windows\system32\SET652.tmp
c:\windows\system32\SET653.tmp
c:\windows\system32\SET658.tmp
c:\windows\system32\SET65E.tmp
c:\windows\system32\SET661.tmp
c:\windows\system32\SET663.tmp
c:\windows\system32\SET666.tmp
c:\windows\system32\SET669.tmp
c:\windows\system32\SET66B.tmp
c:\windows\system32\SET66F.tmp
c:\windows\unin0416.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-02 to 2012-05-02 ))))))))))))))))))))))))))))
.
.
2012-05-02 14:38 . 2012-05-02 14:40 -------- d-----w- C:\LinhaDefensiva
2012-04-13 01:33 . 2012-04-13 01:33 -------- d-----w- c:\documents and settings\Maurício\Configurações locais\Dados de aplicativos\I Want This
2012-04-13 01:32 . 2012-05-02 11:41 -------- d-----w- c:\arquivos de programas\DealPly
2012-04-13 01:31 . 2012-04-13 01:31 251 ----a-w- C:\user.js
2012-04-13 01:31 . 2012-04-13 01:31 -------- d-----w- c:\arquivos de programas\BabylonToolbar
2012-04-13 01:30 . 2011-10-05 01:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-13 01:30 . 2012-04-13 01:30 -------- d-----w- c:\arquivos de programas\GPLGS
2012-04-13 01:29 . 2012-04-13 01:29 -------- d-----w- c:\documents and settings\Maurício\Configurações locais\Dados de aplicativos\Babylon
2012-04-13 01:29 . 2012-04-13 01:29 -------- d-----w- C:\Arquivos1
2012-04-13 01:29 . 2012-04-13 01:29 -------- d-----w- c:\arquivos de programas\PDFCreator
2012-04-13 01:29 . 2012-04-13 01:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon
2012-04-13 01:29 . 2012-04-13 01:29 -------- d-----w- c:\documents and settings\Maurício\Dados de aplicativos\Babylon
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 18:56 . 2010-08-22 00:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 19:40 . 2011-01-12 14:49 47816 ----a-w- c:\windows\system32\drivers\GbpKm.sys
2012-03-13 11:24 . 2011-09-04 18:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2012-01-28 21:41 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-01-28 21:41 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-01-28 21:42 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-01-28 21:42 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-01-28 21:42 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2012-01-28 21:42 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-01-28 21:42 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2012-01-28 21:42 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2012-01-28 21:42 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2012-01-28 21:42 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-04 00:49 . 2005-02-02 02:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-04 00:49 . 2005-02-02 02:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-01 10:59 . 2004-09-17 18:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2004-09-17 18:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2004-09-17 18:26 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2009-03-01 11:34 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:09 . 2004-09-17 18:27 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-09-17 18:26 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:57 . 2009-03-01 11:34 1860224 ----a-w- c:\windows\system32\win32k.sys
2010-12-19 23:17 . 2010-12-19 23:18 774144 ----a-w- c:\arquivos de programas\RngInterstitial.dll
2012-03-02 10:42 . 2012-01-21 14:22 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"TkBellExe"="c:\arquivos de programas\real\realplayer\update\realsched.exe" [2012-03-04 296056]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2012-02-01 601592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-03-29 19:40 621808 ----a-w- c:\arquiv~1\GbPlugin\gbiehAbn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2012-02-01 13:41 601592 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 09:22 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 20:06 421736 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\BitComet\\BitComet.exe"=
"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Arquivos de programas\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25065:TCP"= 25065:TCP:BitComet 25065 TCP
"25065:UDP"= 25065:UDP:BitComet 25065 UDP
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [12/1/2011 11:49 47816]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [25/2/2004 13:19 138118]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/1/2012 18:42 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/1/2012 18:42 337880]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [25/2/2004 13:19 46773]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/1/2012 18:42 20696]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [17/1/2011 14:45 204232]
R2 HP LaserJet Service;HP LaserJet Service;c:\arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe [24/6/2009 09:57 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [9/1/2011 21:33 99896]
R2 SentinelKeysServer;Sentinel Keys Server;c:\arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [17/9/2009 01:03 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [17/9/2009 01:00 292128]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14/2/2007 17:51 47360]
S2 SSIPDDP;SSIPDDP: Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [15/6/2007 00:31 52736]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17/9/2004 15:27 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]
.
2011-03-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
2011-03-31 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\arquivos de programas\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]
.
2012-05-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-353129056-2961158672-485389017-1006.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
2012-05-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-353129056-2961158672-485389017-1008.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
2012-04-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-353129056-2961158672-485389017-1006.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
2012-04-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-353129056-2961158672-485389017-1008.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-11-29 19:02]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bancosantander.com.br\www
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab
FF - ProfilePath - c:\documents and settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=HP_ss&mntrId=0437cfa100000000000000137200afd9
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=KW_ss&mntrId=0437cfa100000000000000137200afd9&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0437cfa100000000000000137200afd9
FF - user.js: extensions.BabylonToolbar_i.hardId - 0437cfa100000000000000137200afd9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:31
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Associação de arquivos/ficheiros -------
.
txtfile="c:\arquivos de programas\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.scr=AutoCADScriptFile
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-QuickTime Task - c:\arquivos de programas\QuickTime\qttask.exe
MSConfigStartUp-TkBellExe - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
AddRemove-Aurélio - Século XXI - c:\windows\IsUn0416.exe
AddRemove-RRF.exe - c:\windows\unin0416.exe
AddRemove-RRTW32.EXE - c:\windows\IsUn0416.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 13:24
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\arquiv~1\GbPlugin\gbiehAbn.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
.
Tempo para conclusão: 2012-05-02 13:33:46
ComboFix-quarantined-files.txt 2012-05-02 16:33
.
Pré-execução: 25 pasta(s) 11,696,336,896 bytes disponíveis
Pós execução: 26 pasta(s) 12,507,271,168 bytes disponíveis
.
- - End Of File - - CAE98EF72E43AE7E34E5543BEA85E471

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:20, on 2/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\arquivos de programas\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\JGsoft\EditPadLite\EditPadLite.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.ita...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP LaserJet Service - HP - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10980 bytes

Ir para o topo

#6 Mr.Million

Consumer Security MVP

Especialista
59693 mensagens

Publicado 02 May 2012 - 01:44 PM

Download AdwCleaner. Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionarExecutar como administrador

Posted Image

Clique [Delete]

Poste o Log criado + um novo Log do HijackThis..

Ir para o topo

#7 ccmauricio

Participante
22 mensagens

Publicado 02 May 2012 - 02:12 PM

# AdwCleaner v1.604 - Logfile created 05/02/2012 at 14:03:42
# Updated 23/04/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Maurício - DELL
# Running from : C:\Documents and Settings\Maurício\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\Maurício\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\Maurício\Dados de aplicativos\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Mayra\Dados de aplicativos\GetRightToGo
Folder Deleted : C:\Documents and Settings\Daniella\Dados de aplicativos\Mozilla\Firefox\Profiles\7qlwslk2.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Documents and Settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\Conduit
Folder Deleted : C:\Documents and Settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Documents and Settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\extensions\engine@conduit.com
Folder Deleted : C:\Documents and Settings\Mayra\Dados de aplicativos\Mozilla\Firefox\Profiles\qetoz3mr.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\Mayra\Dados de aplicativos\Mozilla\Firefox\Profiles\qetoz3mr.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Folder Deleted : C:\Arquivos de programas\BabylonToolbar
Folder Deleted : C:\Arquivos de programas\Conduit
Folder Deleted : C:\Arquivos de programas\DealPly
File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2097962
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=NT_ss&mntrId=0437cfa100000000000000137200afd9 --> hxxp://www.google.fr
-\\ Mozilla Firefox v10.0.2 (pt-BR)
Profile name : default
File : C:\Documents and Settings\Daniella\Dados de aplicativos\Mozilla\Firefox\Profiles\7qlwslk2.default\prefs.js
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Profile name : default
File : C:\Documents and Settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\prefs.js
C:\Documents and Settings\Maurício\Dados de aplicativos\Mozilla\Firefox\Profiles\yqy8jyjg.default\user.js ... Deleted !
Deleted : user_pref("CT2611275.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2611275.CTID", "ct2611275");
Deleted : user_pref("CT2611275.CurrentServerDate", "10-7-2010");
Deleted : user_pref("CT2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.DownloadReferralCookieData", "");
Deleted : user_pref("CT2611275.EMailNotifierPollDate", "Sat Jul 10 2010 13:28:46 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2611275.FirstServerDate", "10-7-2010");
Deleted : user_pref("CT2611275.FirstTime", true);
Deleted : user_pref("CT2611275.FirstTimeFF3", true);
Deleted : user_pref("CT2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2611275.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2611275.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2611275.Initialize", true);
Deleted : user_pref("CT2611275.InitializeCommonPrefs", true);
Deleted : user_pref("CT2611275.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2611275.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2611275.InstalledDate", "Sat Jul 10 2010 13:28:17 GMT-0300 (Hora oficial do Brasil)");
Deleted : user_pref("CT2611275.IsGrouping", false);
Deleted : user_pref("CT2611275.IsMulticommunity", false);
Deleted : user_pref("CT2611275.IsOpenThankYouPage", false);
Deleted : user_pref("CT2611275.IsOpenUninstallPage", true);
Deleted : user_pref("CT2611275.LanguagePackLastCheckTime", "Sat Jul 10 2010 13:28:46 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("CT2611275.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2611275.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2611275.LastLogin_2.6.0.15", "Sat Jul 10 2010 13:28:40 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2611275.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2611275.Locale", "en");
Deleted : user_pref("CT2611275.LoginCache", 4);
Deleted : user_pref("CT2611275.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2611275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2611275.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2611275.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2611275.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2611275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2611275.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2611275.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2611275.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2611275.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.SettingsLastCheckTime", "Sat Jul 10 2010 13:28:16 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2611275.SettingsLastUpdate", "1277320599");
Deleted : user_pref("CT2611275.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Sat Jul 10 2010 13:28:12 GMT-0300 (Hora oficia[...]
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1277320599");
Deleted : user_pref("CT2611275.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2611275.UserID", "UN46717381825365494");
Deleted : user_pref("CT2611275.alertChannelId", "1004080");
Deleted : user_pref("CT2611275.clientLogIsEnabled", false);
Deleted : user_pref("CT2611275.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2611275.components.1000082", false);
Deleted : user_pref("CT2611275.components.1000234", false);
Deleted : user_pref("CT2611275.ct2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.ct2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.ct2611275.LanguagePackLastCheckTime", "Sat Jul 10 2010 13:28:46 GMT-0300 (Hora [...]
Deleted : user_pref("CT2611275.ct2611275.Locale", "en");
Deleted : user_pref("CT2611275.ct2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2611275.ct2611275.SearchInNewTabLastCheckTime", "Sat Jul 10 2010 13:28:46 GMT-0300 (Hor[...]
Deleted : user_pref("CT2611275.ct2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.ct2611275.SettingsLastCheckTime", "Sat Jul 10 2010 13:28:39 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2611275.ct2611275.SettingsLastUpdate", "1277320599");
Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastCheck", "Sat Jul 10 2010 13:28:39 GMT-0300 (H[...]
Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastUpdate", "1277320599");
Deleted : user_pref("CT2611275.myStuffEnabled", true);
Deleted : user_pref("CT2611275.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2611275.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2611275.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2611275.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2611275.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2611275,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2611275");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 13 2011 06:47:22 GMT-03[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 22:06:32 GMT-0300 (Hora [...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 22:06:22 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "07d92996-b929-4f26-919d-6d9e646d6b01");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Jul 10 2010 13:28:46 GMT-0300 (Hor[...]
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 07 2011 18:45:41 GMT-0300 (Hora oficial[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Apr 24 2011 11:05:11 GMT-0300 (Hora ofici[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/29/2011 21");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Mar 29 2011 15:32:00 GMT-0300 (Hora oficial do Brasil)[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 25 2011 19:14:04 GMT-0300 (Hora oficia[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Apr 25 2011 19:14:04 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 25 2011 19:14:04 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("ConduitEngine.UserID", "UN84362054646822468");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "pt-BR");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 25 2011 19:14:04 GMT-0300 (Hora [...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Apr 25 2011 19:14:04 GMT-0300 (Hora[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=[...]
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=050412_30b");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "0437cfa100000000000000137200afd9");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "0437cfa100000000000000137200afd9");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15443");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=05041[...]
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:31:22");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1334280762);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 8);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1334280762");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1334280762");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1335958798");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Tue May 08 2012 20:44:08 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2220646%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2229781%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID = 21;\n\n(function($) { \n\n [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function©{c.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 49);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "1370ac97dabd915d839b382313ec205f");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1335915807);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22265263);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22265265);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1335915890736");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1335915890709");
Deleted : user_pref("extensions.enabledAddons", "{87F8774F-B485-47E2-A755-A40A8A5E8873}:2.6.4.14,{66f2e20d-0da[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&tt=050412_30b&babsrc=KW_ss&mntrId=[...]
Profile name : default
File : C:\Documents and Settings\Mayra\Dados de aplicativos\Mozilla\Firefox\Profiles\qetoz3mr.default\prefs.js
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("browser.search.selectedEngine", "SweetIM Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1334698224);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 8);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1334698224");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1334698224");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1334698232");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Tue Apr 24 2012 18:30:31 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_city%22%3Anull[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2220646%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2230774%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID = 21;\n\n(function($) { \n\n [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(b){b.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function i(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 43);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "136c236a9f0bc64d9387e63b78db71a9");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1334698224);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22244970);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22244984);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1334699008947");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1334699008436");
Deleted : user_pref("extensions.enabledAddons", "{EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2,jqs@sun.com:1.[...]
Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Bing");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.bing.com/search?FORM=IEF[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://go.microsoft.com/fwlink/?Link[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.bing.com/search?FORM=IEFM1&q=");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history", "capricho,orkut");
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{B9E4043A-01F1-4E4D-9031-59D22D5795F9}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");
*************************
AdwCleaner[S1].txt - [37085 octets] - [02/05/2012 14:03:42]
########## EOF - C:\AdwCleaner[S1].txt - [37214 octets] ##########

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:11:52, on 2/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
C:\arquivos de programas\real\realplayer\update\realsched.exe
C:\Arquivos de programas\JGsoft\EditPadLite\EditPadLite.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.ita...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HP LaserJet Service - HP - C:\Arquivos de programas\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Arquivos de programas\Arquivos comuns\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Arquivos de programas\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10893 bytes

Ir para o topo

#8 Mr.Million

Consumer Security MVP

Especialista
59693 mensagens

Publicado 02 May 2012 - 03:40 PM

Ok, o PC está limpo (Y)

Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.
Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marqueDesativar Restauração do Sistema/ Aplicar > OK.
Depois desmarque novamente. Aplicar > OK.

Ir para o topo

#9 ccmauricio

Participante
22 mensagens

Publicado 02 May 2012 - 04:30 PM

Mr. Million,
muito obrigado por me socorrer. Um bom fim de quarta-feira para você e sua silenciosa e trabalhadora equipe.
Um abraço,

Maurício

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
Entrada Não Suportada entrada, nao, suportada, windows	Hardware e Tecnologia	capstgamerq	2 respostas 58 visualizações	Há um minuto capstgamerq
Windows Server 2012 - Ingressando computador no domínio no modo Offline windows server 2012, windows 2012 e 2 mais	Windows Server 2012	strippoli	0 respostas 22 visualizações	há 56 min. strippoli
Como carregar vídeos do YouTube mais rápido Acelerar o youtube	Banda Larga	OteteuTutors	0 respostas 42 visualizações	Hoje, 08:41 PM OteteuTutors
como do ficheiro automático, como fazer? no excel excel, nome automatico	Microsoft Office	zzzzzz2013	2 respostas 62 visualizações	Hoje, 06:41 PM zzzzzz2013
Solicitação de Análise de Log worm, log, wscript.exe e 1 mais	Malwares	Tyler_NWO	9 respostas 74 visualizações	Hoje, 06:32 PM Mr.Million

Tópicos com palavra-chave: lento

Segurança e Redes → Malwares → Análise de Log - PC Lento biantunes18 criou em 29/Apr/2013 lento	7 respostas 226 visualizações	Mr.Million 04/May/2013
Hardware → Hardware e Tecnologia → Duvida sobre Boot korffjr criou em 28/Apr/2013 BOOT, WINDOWS, LENTO, FORMATAR	3 respostas 331 visualizações	nickosoft 29/Apr/2013
Segurança e Redes → Malwares → Análise (PC lento) ayla_as criou em 16/Mar/2013 lento	8 respostas 235 visualizações	ayla_as 16/Mar/2013
Hardware → Hardware e Tecnologia → Dúvida sobre fonte deixando PC lento The Hitsuga criou em 12/Mar/2013 lento	1 reply 223 visualizações	ciro-mota 13/Mar/2013
Windows → Windows 8 → Win8 lento ao ligar celio_f criou em 09/Feb/2013 reinicio, win8, lento 1 2	Quente 17 respostas 1294 visualizações	celio_f 17/Mar/2013

Computador lento

Tópicos Relacionados

Tópicos com palavra-chave: lento

Fazer login