Iexplore.exe vírus novamente!

davejess00 · #1 10 out 2008, 19:08

Oi eu acho que também têm o vírus e iexplore experimentaram vários programas para se livrar dele, mas nenhum trabalho! Tenho visto que o seu site está a ajudar um monte de ppl talvez eu também? Aqui está o meu hijack este log:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 1:01:32, em 11/10/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ acs.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe
C: \ HP \ KBD \ KBD.EXE
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WLLoginProxy.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.limewire.com/inclient/?st...ows + XP & osv = 5,1
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll (file missing)
O2 - BHO: Malicious Scripts Scanner - (55EA1964-F5E4-4D6A-B9B2-125B37655FCB) - C: \ Documents and Settings \ All Users \ Application Data \ Prevx \ pxbho.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ Imjpmig.exe" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [TWCU] "C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe"-nogui
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [EPSON Stylus CX3700 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CP.EXE / F "C: \ WINDOWS \ TEMP \ E_SC4.tmp" / EF "HKLM"
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Bandeira Tem Grim Live] C: \ Documents and Settings \ All Users \ Application Data \ Software regra pavilhão possui \ Primeira obj.exe
O4 - HKLM \ .. \ Run: [PrevxOne] "C: \ Program Files \ Prevx2 \ PXConsole.exe"
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKCU \ .. \ Run: [MODO REAL] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Baixar com & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: & Google Search - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Instantâneo da página em cache - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O8 - Extra context menu item: Páginas semelhantes - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Traduzir para Inglês - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (B205A35E-1FC4-4CE3-818B-899DBBB3388C) - C: \ Program Files \ Common Files \ Microsoft Shared \ Encarta Search Bar \ ENCSBAR.DLL
O9 - Extra button: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = E.U. \ IEButton \ support.htm
O9 - Extra 'Tools' menuitem: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = E.U. \ IEButton \ support.htm
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: (96EEC7FF-106A-47F3-90D6-B4BB754AA40E) (POLI Pay Online) -- https: / / autxn.paywithpoli.com / ewcust...iPayOnline.cab
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C: \ WINDOWS \ system32 \ acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PREVXAgent - Prevx - C: \ Program Files \ Prevx2 \ PXAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
--
Fim do arquivo - 10831 bytes

**evilfantasy** · #2 10 out 2008, 23:12

Baixar Esgalhar S & D pelo Eric_71 e salvá-lo em seu desktop.
Esgalhar S & D será executado apenas no Windows XP e Windows Vista

Desabilite seu antivírus e antimalware programas para que eles não interferem com o funcionamento do esgalhar S & D.
Para ver como desativar programas de segurança visite este tutorial:
Como desativar temporariamente seu anti-vírus, firewall e anti-malware Programas

Dê um clique duplo Esgalhar S & D.exe
Escolha o idioma de digitação da letra correspondente e pressione Enter
Clique OK na janela informativa
Tipo 1, Para escolher Opção 1 (Pesquisa), em seguida, pressione Enter
Aguarde até o final do exame
Um relatório será gerado, o conteúdo do post-la em sua próxima resposta.

Uma cópia do relatório pode ser encontrado neste local:% systemdrive% \ lopR.txt, na maioria dos casos C: \lopR.txt

davejess00 · #3 11. De outubro de 2008, 00:15

Eis os resultados da pesquisa esgalhar S & D:

-------------------- \ \ Esgalhar S & D 4.2.4-5 XP / Vista
Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
X86-based PC (Uniprocessor Free: AMD Sempron (tm) Processador 3200 +)
BIOS: Phoenix - Award BIOS v6.00PG
UTILIZADOR: Compaq_Owner (Administrador)
BOOT: Normal boot
Antivírus: AVG 7.5.524 7.5.524 (não ativada)
Firewall: ZoneAlarm Firewall 7.0.483.000 (não ativada)
C: \ (Local Disk) - NTFS - Total: 68 Go Free: 10 Go
D: \ (Local Disk) - FAT32 - Total: 5 Go Free: 1 Go
E: \ (CD ou DVD)
F: \ (CD ou DVD)
G: \ (USB)
H: \ (USB)
I: \ (USB)
J: \ (USB)
"C: \ esgalhar SD" (MAJ: 02/10/2008 | 23:42)
Opção: [1] (sábado 11/10/2008 | 18:11)

-------------------- \ \ Lista de pastas Applic ~ 1
[11/10/2008 | 04:05] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Adobe
[03/10/2007 | 01:28] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Apple
[12/09/2005 | 09:27] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Apple Computer
[28/08/2007 | 04:28] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Autodesk
[03/09/2008 | 10:46] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Avg7
[10/06/2008 | 12:37] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Avg8
[02/07/2006 | 01:52] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> DVD Shrink
[15/07/2006 | 12:35] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> EnterNHelp
[27/03/2007 | 10:25] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Google
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Grisoft <dir>
[23/10/2007 | 12:15] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Instalações
[12/09/2005 | 09:21] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> InstallShield
[11/10/2008 | 12:29] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> MailFrontier
[18/08/2008 | 04:05] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Microsoft <dir>
[10/09/2008 | 07:07] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Microsoft <dir> Ajuda
[10/09/2007 | 04:25] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Nero <dir>
[11/10/2008 | 03:51] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> SOE
[21/05/2008 | 12:55] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> PC Drivers HeadQuarters
[12/09/2005 | 09:27] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> QuickTime
[24/11/2007 | 02:56] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Real
[12/09/2005 | 09:04] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> SBSI
[02/02/2008 | 05:17] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Seagate
[09/10/2008 | 11:53] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Software <dir> regra pavilhão possui
[01/11/2006 | 01:13] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Sophos
[14/09/2008 | 02:08] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Spybot - Search & Destroy
[19/05/2008 | 07:41] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Symantec <dir>
[11/10/2008 | 06:00] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ TEMP <dir>
[15/02/2006 | 01:11] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> UDL
[15/07/2006 | 12:35] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Ultima_T15
[08/04/2006 | 02:27] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> Windows Genuine Advantage
[22/06/2008 | 11:01] C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ <dir> WLInstaller
[17/03/2008 | 09:32] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Adobe
[11/10/2008 | 03:55] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> AdobeUM
[13/09/2007 | 05:26] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Ahead
[13/06/2008 | 07:29] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Apple Computer
[02/10/2007 | 12:55] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> ArcSoft
[18/06/2006 | 11:34] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Atari
[21/05/2007 | 07:47] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Autodesk
[11/10/2008 | 11:11] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> AVG7
[19/05/2008 | 02:40] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> AVGTOOLBAR
[08/10/2008 | 01:29] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> BitTorrent
[21/05/2007 | 12:09] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Command & Conquer 3 Tiberium Wars
[01/09/2006 | 08:52] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Datalayer
[28/05/2007 | 02:25] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> dvdcss
[13/08/2007 | 03:00] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> EPSON
[03/05/2007 | 02:12] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Google
[07/09/2006 | 02:08] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Ajuda
[26/06/2008 | 12:16] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> HPQ
[16/12/2004 | 04:22] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ Identities <dir>
[19/02/2006 | 05:44] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> InterVideo
[23/04/2008 | 11:49] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> iWin
[03/05/2008 | 03:20] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Joost
[28/01/2006 | 03:15] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Leadertech
[13/09/2008 | 08:45] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ LimeWire <dir>
[14/02/2006 | 05:22] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Macromedia
[24/11/2007 | 03:04] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Media Player Classic
[19/05/2008 | 06:44] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ Microsoft <dir>
[09/04/2008 | 06:13] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ Mozilla <dir>
[15/07/2006 | 12:31] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Nikon
[01/09/2006 | 08:52] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Nokia
[01/09/2006 | 08:54] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Nokia Multimedia Player
[01/09/2006 | 08:41] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> PC Suite
[19/05/2008 | 07:32] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Real
[12/09/2005 | 09:30] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> SampleView
[21/05/2007 | 12:07] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Securom
[09/10/2008 | 11:54] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> SabÃo mentiras amor
[28/01/2006 | 03:16] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Sonic
[23/04/2008 | 11:45] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> SpinTop
[14/09/2008 | 06:04] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> SPORE
[15/04/2008 | 05:04] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> Spybot - Search & Destroy
[14/02/2006 | 05:49] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> domingo
[12/09/2005 | 09:41] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ Symantec <dir>
[16/04/2008 | 06:42] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> U3
[26/05/2008 | 11:14] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> uTorrent
[27/05/2006 | 09:46] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> vlc
[20/05/2008 | 10:26] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ <dir> WinBatch
[12/09/2005 | 09:27] C: \ DOCUME ~ 1 \ DEFAUL ~ 1 \ Applic ~ 1 \ <dir> Apple Computer
[16/12/2004 | 04:22] C: \ DOCUME ~ 1 \ DEFAUL ~ 1 \ Applic ~ 1 \ Identities <dir>
[12/09/2005 | 09:51] C: \ DOCUME ~ 1 \ DEFAUL ~ 1 \ Applic ~ 1 \ Microsoft <dir>
[12/09/2005 | 09:21] C: \ DOCUME ~ 1 \ DEFAUL ~ 1 \ Applic ~ 1 \ <dir> Real
[12/09/2005 | 09:30] C: \ DOCUME ~ 1 \ DEFAUL ~ 1 \ Applic ~ 1 \ <dir> SampleView
[12/09/2005 | 09:41] C: \ DOCUME ~ 1 \ DEFAUL ~ 1 \ Applic ~ 1 \ Symantec <dir>
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ LOCALS ~ 1 \ Applic ~ 1 \ <dir> AVG7
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ LOCALS ~ 1 \ Applic ~ 1 \ Microsoft <dir>
[18/08/2008 | 07:44] C: \ DOCUME ~ 1 \ NETWOR ~ 1 \ Applic ~ 1 \ Microsoft <dir>

-------------------- \ \ Tarefas Agendadas localizado em C: \ WINDOWS \ Tasks
[11/10/2008 06:00] [- ah -----] C: \ WINDOWS \ Tasks \ A396018B9185B27B.job
[11/10/2008 06:11] [- a ------] C: \ WINDOWS \ Tasks \ Symantec NetDetect.job
[11/10/2008 05:00] [- a ------] C: \ WINDOWS \ Tasks \ RegCure Program Check.job
[28/08/2008 04:00 PM] [- a ------] C: \ WINDOWS \ Tasks \ RegCure.job
[11/10/2008 04:07] [- ah -----] C: \ WINDOWS \ Tasks \ SA.DAT
[05/08/2004 05:00] [-rah -----] C: \ WINDOWS \ Tasks \ desktop.ini
(A396018B9185B27B.job) = (C: \ DOCUME ~ 1 \ compaq ~ 1 \ applic ~ 1 \ soapli ~ 1 \ Axisgreatex tra.exe)
-------------------- \ \ Lista pastas em C: \ Program Files
[27/07/2008 | 05:02] C: \ Program Files \ <dir> Activision
[11/10/2008 | 04:05] C: \ Arquivos de Programas \ Adobe <dir>
[15/06/2008 | 12:20] C: \ Program Files \ <dir> Ahead
[20/05/2007 | 11:20] C: \ Program Files \ Alcohol Soft <dir>
[03/06/2008 | 09:01] C: \ Program Files \ Apple Software Update <dir>
[15/07/2006 | 12:27] C: \ Program Files \ <dir> ArcSoft
[12/09/2005 | 09:13] C: \ Program Files \ ATI Technologies <dir>
[21/05/2007 | 07:36] C: \ Program Files \ <dir> Autodesk
[27/05/2008 | 04:42] C: \ Program Files \ <dir> AVG
[20/06/2008 | 04:54] C: \ Program Files \ BitTorrent <dir>
[11/10/2008 | 04:05] C: \ Arquivos de Programas \ Arquivos Comuns <dir>
[24/11/2004 | 01:06] C: \ Program Files \ <dir> ComPlus Applications
[21/05/2008 | 12:51] C: \ Program Files \ <dir> DAP
[08/11/2006 | 02:07] C: \ Program Files \ <dir> DivX
[30/09/2008 | 09:12] C: \ Program Files \ <dir> DominateGame
[21/05/2007 | 10:35] C: \ Program Files \ <dir> Drug Lord 2
[18/08/2008 | 03:56] C: \ Program Files \ <dir> D-Tools
[08/11/2006 | 12:56] C: \ Program Files \ <dir> DVD Shrink
[19/05/2008 | 07:12] C: \ Program Files \ <dir> Easy Internet Signup
[14/09/2008 | 06:02] C: \ Program Files \ <dir> Electronic Arts
[15/02/2006 | 01:11] C: \ Program Files \ <dir> epson
[26/05/2008 | 11:15] C: \ Program Files \ <dir> eToro
[30/09/2008 | 09:12] C: \ Program Files \ <dir> EV Nova
[13/11/2006 | 09:39] C: \ Program Files \ <dir> FLVPlayer
[26/06/2008 | 12:13] C: \ Program Files \ <dir> GameSpy Arcade
[12/09/2005 | 09:37] C: \ Program Files \ <dir> Google
[27/11/2006 | 10:19] C: \ Program Files \ <dir> Gráfico
[08/11/2007 | 06:44] C: \ Program Files \ <dir> Griffin Technology
[18/08/2008 | 07:44] C: \ Program Files \ Grisoft <dir>
[27/03/2006 | 09:17] C: \ Program Files \ <dir> GustoSoft
[29/09/2008 | 04:41] C: \ Program Files \ <dir> Hp
[05/12/2007 | 01:09] C: \ Program Files \ Infogrames Interactive <dir>
[14/09/2008 | 06:03] C: \ Program Files \ InstallShield <dir> Informações de instalação
[17/08/2008 | 09:45] C: \ Arquivos de Programas \ Internet Explorer <dir>
[12/09/2005 | 09:23] C: \ Program Files \ InterVideo <dir>
[03/06/2008 | 09:04] C: \ Program Files \ <dir> iPod
[14/02/2006 | 05:20] C: \ Program Files \ <dir> iPrimus
[03/06/2008 | 09:05] C: \ Program Files \ <dir> iTunes
[30/09/2008 | 08:51] C: \ Program Files \ Java <dir>
[14/09/2008 | 05:43] C: \ Program Files \ <dir> John Deere American Farmer Deluxe
[09/04/2008 | 06:13] C: \ Program Files \ <dir> Joost
[24/11/2007 | 02:56] C: \ Program Files \ <dir> K-Lite Codec Pack
[20/03/2008 | 05:13] C: \ Program Files \ LimeWire <dir>
[31/08/2008 | 05:28] C: \ Program Files \ <dir> MAXIS
[18/08/2008 | 02:14] C: \ Program Files \ Messenger <dir>
[15/05/2007 | 11:48] C: \ Program Files \ Microsoft CAPICOM 2.1.0.2 <dir>
[12/09/2005 | 09:19] C: \ Program Files \ Microsoft Encarta <dir>
[16/12/2004 | 04:23] C: \ Program Files \ Microsoft FrontPage <dir>
[26/06/2008 | 12:17] C: \ Program Files \ Microsoft Games <dir>
[12/09/2005 | 09:25] C: \ Program Files \ <dir> Microsoft Money 2005
[29/06/2008 | 10:10] C: \ Arquivos de Programas \ Microsoft Office <dir>
[15/02/2006 | 12:29] C: \ Arquivos de Programas \ Microsoft Visual Studio <dir>
[03/06/2008 | 03:51] C: \ Arquivos de Programas \ Microsoft Works <dir>
[14/02/2008 | 10:22] C: \ Program Files \ Microsoft.NET <dir>
[14/03/2008 | 09:22] C: \ Program Files \ <dir> MindArk
[18/08/2008 | 02:11] C: \ Program Files \ <dir> Movie Maker
[11/10/2008 | 11:09] C: \ Program Files \ Mozilla Firefox <dir>
[16/12/2004 | 04:23] C: \ Program Files \ <dir> MSN
[16/12/2004 | 04:23] C: \ Program Files \ <dir> MSN Gaming Zone
[18/10/2006 | 01:19] C: \ Program Files \ MSXML 4.0 <dir>
[02/02/2008 | 05:16] C: \ Program Files \ MSXML 6.0 <dir>
[10/09/2007 | 04:25] C: \ Arquivos de Programas \ Nero <dir>
[18/08/2008 | 02:10] C: \ Program Files \ NetMeeting <dir>
[15/07/2006 | 12:30] C: \ Program Files \ <dir> Nikon
[11/10/2008 | 03:51] C: \ Program Files \ <dir> NOS
[15/02/2006 | 12:42] C: \ Arquivos de Programas \ OfficeUpdate11 <dir>
[14/09/2008 | 02:59] C: \ Program Files \ <dir> Serviços Online
[18/08/2008 | 02:10] C: \ Program Files \ Outlook Express <dir>
[26/06/2007 | 09:29] C: \ Program Files \ PartyGaming <dir>
[12/09/2005 | 09:34] C: \ Program Files \ <dir> PC-Doctor para DOS
[17/06/2007 | 08:43] C: \ Program Files \ <dir> PokerRoom.com
[31/05/2007 | 01:55] C: \ Program Files \ <dir> Pokerstars
[03/06/2008 | 09:04] C: \ Program Files \ <dir> QuickTime
[21/04/2008 | 08:30] C: \ Program Files \ <dir> RegCure
[02/02/2008 | 05:17] C: \ Program Files \ <dir> Seagate
[23/04/2008 | 01:20] C: \ Program Files \ <dir> Sean O'Connor's Windows Jogos
[24/07/2008 | 06:08] C: \ Program Files \ <dir> SEGA
[18/08/2008 | 03:56] C: \ Program Files \ <dir> Sierra Entertainment
[08/02/2007 | 11:24] C: \ Program Files \ <dir> SLD Codec Pack
[09/10/2008 | 11:53] C: \ Program Files \ <dir> Soap mentiras amor
[14/03/2008 | 06:16] C: \ Program Files \ <dir> Sophos
[15/04/2008 | 09:22] C: \ Program Files \ <dir> Spybot - Search & Destroy
[24/11/2007 | 02:59] C: \ Program Files \ <dir> StrongDC + +
[19/05/2008 | 07:41] C: \ Program Files \ Symantec <dir>
[13/09/2008 | 10:03] C: \ Program Files \ <dir> TeaTimer (Spybot - Search & Destroy)
[14/02/2006 | 05:39] C: \ Program Files \ <dir> Telstra
[19/06/2007 | 09:45] C: \ Program Files \ <dir> TexasCalculatem
[30/05/2008 | 01:43] C: \ Program Files \ <dir> Theorica Divx ;-) Codecs
[29/02/2008 | 06:25] C: \ Program Files \ <dir> TP-LINK
[11/10/2008 | 12:33] C: \ Program Files \ <dir> Trend Micro
[03/04/2008 | 12:17] C: \ Program Files \ <dir> Trymedia
[24/11/2004 | 01:07] C: \ Program Files \ Uninstall Information <dir>
[27/05/2006 | 08:19] C: \ Program Files \ VideoLAN <dir>
[10/09/2008 | 01:44] C: \ Program Files \ <dir> VUGames
[11/10/2008 | 05:57] C: \ Program Files \ <dir> Warcraft III
[05/06/2008 | 01:07] C: \ Program Files \ <dir> Weatherzone Tracker
[13/09/2006 | 12:25] C: \ Program Files \ WinAVI <dir> Free
[14/03/2008 | 06:35] C: \ Program Files \ Windows Live <dir>
[10/10/2007 | 11:18] C: \ Arquivos de Programas \ Windows Media Connect 2 <dir>
[25/08/2008 | 06:37] C: \ Program Files \ <dir> Windows Media Player
[14/09/2008 | 02:59] C: \ Arquivos de Programas \ Windows NT <dir>
[03/10/2007 | 03:00] C: \ Program Files \ <dir> Windows XP Fun Pack
[24/11/2004 | 01:07] C: \ Program Files \ WindowsUpdate <dir>
[14/09/2008 | 05:41] C: \ Program Files \ WinRAR <dir>
[16/12/2004 | 04:24] C: \ Program Files \ <dir> xerox
[11/10/2008 | 12:29] C: \ Program Files \ <dir> Zone Labs
[11/10/2008 | 12:31] C: \ Program Files \ <dir> ZoneAlarmSB
-------------------- \ \ Lista pastas em C: \ Arquivos de Programas \ Arquivos Comuns
[11/10/2008 | 04:05] C: \ Program Files \ Common Files \ Adobe <dir>
[11/10/2008 | 04:05] C: \ Program Files \ Common Files \ <dir> Adobe AIR
[10/09/2007 | 04:28] C: \ Program Files \ Common Files \ Ahead <dir>
[03/10/2007 | 01:28] C: \ Program Files \ Common Files \ <dir> Apple
[28/08/2007 | 04:28] C: \ Program Files \ Common Files \ Autodesk Shared <dir>
[03/06/2008 | 03:50] C: \ Program Files \ Common Files \ <dir> DESIGNER
[12/09/2005 | 09:27] C: \ Program Files \ Common Files \ InstallShield <dir>
[12/09/2005 | 09:06] C: \ Program Files \ Common Files \ Java <dir>
[19/05/2008 | 07:25] C: \ Program Files \ Common Files \ Microsoft Shared <dir>
[16/12/2004 | 04:23] C: \ Program Files \ Common Files \ <dir> MSSoap
[15/07/2006 | 12:30] C: \ Program Files \ Common Files \ <dir> muvee Technologies
[15/07/2006 | 12:31] C: \ Program Files \ Common Files \ <dir> Nikon
[16/12/2004 | 04:23] C: \ Program Files \ Common Files \ ODBC <dir>
[19/05/2008 | 07:32] C: \ Program Files \ Common Files \ <dir> Real
[20/05/2008 | 11:24] C: \ Program Files \ Common Files \ <dir> Serviços
[16/12/2004 | 04:23] C: \ Program Files \ Common Files \ <dir> SpeechEngines
[19/05/2008 | 07:41] C: \ Program Files \ Common Files \ Symantec Shared <dir>
[18/08/2008 | 02:10] C: \ Program Files \ Common Files \ System <dir>
[11/03/2007 | 11:10] C: \ Program Files \ Common Files \ <dir> Thraex Software
[14/03/2008 | 06:34] C: \ Program Files \ Common Files \ WindowsLiveInstaller <dir>
-------------------- \ \ Process
(41 Processos)
IEXPLORE.EXE ~ [PID: 2612]
IEXPLORE.EXE ~ [PID: 2640]
iexplore.exe ~ [PID: 3160]
IEXPLORE.EXE ~ [PID: 2940]
-------------------- \ \ Procurando com S_Lop
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ bis9A.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ Axis grande extra.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ ilouimpk.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ jvuyskje.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ lfbsabiw.ex e

-------------------- \ \ Procurando esgalhar Files - Pastas
C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Software regra pavilhão possui
C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Software regra pavilhão possui \ Primeira obj.exe
C: \ DOCUME ~ 1 \ ALLUSE ~ 1 \ Applic ~ 1 \ Software regra pavilhão possui \ Passar proc.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ soapli ~ 1
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ soapli ~ 1 \ ATOM DASH.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ soapli ~ 1 \ Axis grande extra.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ soapli ~ 1 \ ilouimpk.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ soapli ~ 1 \ jvuyskje.ex e
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ soapli ~ 1 \ lfbsabiw.ex e
C: \ Program Files \ soapli ~ 1
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp \ TorrentSpeeder. zip
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ adultfri endfinder [1]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ publicidade ing [2]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ ero-publicidade [1]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner@adopt.eu roclick [2]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ partypok er [1]. Txt
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies \ compaq_owner @ 888 [2]. Txt
C: \ WINDOWS \ Tasks \ A396018B9185B27B.job

-------------------- \ \ Procura no Registro
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Uninstall \ Segure wma ref]
"DisplayName" = "Ajuda Cid"
"UninstallString" = "C: \ \ DOCUME ~ 1 \ \ COMPAQ ~ 1 \ \ Applic ~ 1 \ \ SOAPLI ~ 1 \ \ ATOM DASH.exe-uninstall"
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"MODO REAL" = "C: \ \ DOCUME ~ 1 \ \ COMPAQ ~ 1 \ \ Applic ~ 1 \ \ SOAPLI ~ 1 \ \ ATOM DASH.exe"
"MODO REAL" = "C: \ \ DOCUME ~ 1 \ \ COMPAQ ~ 1 \ \ Applic ~ 1 \ \ SOAPLI ~ 1 \ \ ATOM DASH.exe"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Tem Bandeira Live Grim" = "C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Software regra pavilhão possui \ \ Primeira obj.exe"
-------------------- \ \ Verificando o arquivo Hosts
Arquivo Hosts LIMPO

-------------------- \ \ Procurando por arquivos ocultos com CatchMe

CatchMe 0.3.1353 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 18:12:47
5/1/2600 Windows Service Pack 3 NTFS
digitalizar processos escondidos ...
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
processos ocultos: 0
ficheiros ocultos: 0

-------------------- \ \ Procurando por outras infecções
-------------------- \ \ Cracks & Keygens ..
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Local Settings \ Temp \ Rar $ EX02.922 \ Crack
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Local Settings \ Temp \ Rar $ EX02.922 \ Crack \ DLR-spor.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Local Settings \ Temp \ Rar $ EX02.922 \ Crack \ SporeApp.exe
C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Recent \ Spore.GENERIC_KEYGEN-FFF.lnk

[F: 343] [D: 29] -> C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ Temp
[F: 200] [D: 0] -> C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Cookies
[F: 18285] [D: 24] -> C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ LOCALS ~ 1 \ tempor ~ 1 \ Content.IE5
1 - "C: \ esgalhar SD \ LopR_1.txt" - Sáb 11/10/2008 | 18:07 - Option: [1]
2 - "C: \ esgalhar SD \ LopR_2.txt" - Sáb 11/10/2008 | 18:14 - Option: [1]
-------------------- \ \ Scan concluída em 18:14:22

**evilfantasy** · #4 11. De outubro de 2008, 22:29

Download NoLop para o seu desktop. NoLop.exe

Feche quaisquer programas em execução desde que tenha uma reinicialização é necessária
Dê um clique duplo NoLop.exe para executá-lo
Em seguida, clique no botão: Search and Destroy
- O computador será agora digitalizado para ficheiros infectados
Quando a pesquisa estiver concluída, se infectada, é-lhe pedido para reiniciar
Clique em OK
Agora, clique em: REBOOT
Uma mensagem deverá popup de NoLop. Se não, faça duplo clique no programa novamente e ele irá terminar.
Publique o conteúdo da C: \ NoLop.log na próxima resposta.

Nota: Se você receber um erro ", Mscomctl.ocx ou uma de suas dependências não estão correctamente registados," faça o download para o seu Mscomctl.ocx pasta system32 então execute novamente o programa.

Também executar uma novo HijackThis scan e post o log.

davejess00 · #5 11. De outubro de 2008, 22:46

Ok aqui estão os logs:

Nolop

NoLop! Entrar pela Skate_Punk_21

Fix correr a partir de: C: \ Documents and Settings \ Compaq_Owner \ Desktop
[12/10/2008]
[4:33:52]

--- Infection Files Found/Removed---
C: \ WINDOWS \ Tasks \ A396018B9185B27B.job

Início Remoção ...
Reiniciando ...
Removendo esgalhar's ficado arquivos / pastas ...
Editando Secretaria ...
** Fix Complete! **

--- --- Listing AppData sub-diretórios

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Autodesk
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Avg8 - directório vazio
C: \ Documents and Settings \ All Users \ Application Data \ DVD Shrink
C: \ Documents and Settings \ All Users \ Application Data \ Enternhelp
C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Google
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Instalações
C: \ Documents and Settings \ All Users \ Application Data \ Installshield
C: \ Documents and Settings \ All Users \ Application Data \ Mailfrontier - directório vazio
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
C: \ Documents and Settings \ All Users \ Application Data \ Nero
C: \ Documents and Settings \ All Users \ Application Data \ n
C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers Headquarters
C: \ Documents and Settings \ All Users \ Application Data \ Quicktime
C: \ Documents and Settings \ All Users \ Application Data \ Real - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Sbsi
C: \ Documents and Settings \ All Users \ Application Data \ Seagate
C: \ Documents and Settings \ All Users \ Application Data \ Software artigo Tem Bandeira
C: \ Documents and Settings \ All Users \ Application Data \ Sophos
C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
C: \ Documents and Settings \ All Users \ Application Data \ Symantec
C: \ Documents and Settings \ All Users \ Application Data \ Temp - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ udl
C: \ Documents and Settings \ All Users \ Application Data \ Ultima_t15
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Adobe
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Adobeum
C: \ Documents and Settings \ Compaq_owner \ Dados de aplicativos \ Ahead
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Apple Computer
C: \ Documents and Settings \ Compaq_owner \ Application Data \ software Arcsoft
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Atari
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Autodesk
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Avg7
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Avgtoolbar
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Bittorrent
C: \ Documents and Settings \ Compaq_owner \ Dados de aplicativos \ Command & Conquer 3 Tiberium Wars
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Datalayer
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Dvdcss
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Epson
C: \ Documents and Settings \ Compaq_owner \ Dados de aplicativos \ Google
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Help - EMPTY Directory
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Hpq
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Identities
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Intervideo
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Iwin
C: \ Documents and Settings \ Compaq_owner \ Dados de aplicativos \ Joost
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Leadertech
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Limewire
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Macromedia
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Media Player Classic
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Microsoft
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Mozilla
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Nikon
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Nokia
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Nokia Multimedia Player
C: \ Documents and Settings \ Compaq_owner \ Application Data \ PC Suite
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Real
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Sampleview - directório vazio
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Securom
C: \ Documents and Settings \ Compaq_owner \ Application Data \ SabÃo Lies Love
C: \ Documents and Settings \ Compaq_owner \ Dados de aplicativos \ Sonic
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Spintop
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Esporo
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Spybot - Search & Destroy
C: \ Documents and Settings \ Compaq_owner \ Application Data \ domingo
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Symantec - EMPTY Directory
C: \ Documents and Settings \ Compaq_owner \ Application Data \ U3
C: \ Documents and Settings \ Compaq_owner \ Application Data \ uTorrent
C: \ Documents and Settings \ Compaq_owner \ Application Data \ vlc
C: \ Documents and Settings \ Compaq_owner \ Application Data \ Winbatch
C: \ Documents and Settings \ Default User \ Application Data \ Apple Computer
C: \ Documents and Settings \ Default User \ Application Data \ Identities
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Default User \ Application Data \ Real
C: \ Documents and Settings \ Default User \ Application Data \ Sampleview - directório vazio
C: \ Documents and Settings \ Default User \ Application Data \ Symantec - EMPTY Directory
C: \ Documents and Settings \ LocalService \ Application Data \ Avg7 - directório vazio
C: \ Documents and Settings \ LocalService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft

HijackThis:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 4:44:14, em 12/10/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ acs.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe
C: \ HP \ KBD \ KBD.EXE
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Arquivos de Programas \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Arquivos de Programas \ Internet Explorer \ IEXPLORE.EXE
C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.limewire.com/inclient/?st...ows + XP & osv = 5,1
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ Imjpmig.exe" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [TWCU] "C: \ Program Files \ TP-LINK \ TWCU \ TWCU.exe"-nogui
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [EPSON Stylus CX3700 Series] C: \ WINDOWS \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_FATIA CP.EXE / F "C: \ WINDOWS \ TEMP \ E_SC4.tmp" / EF "HKLM"
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Bandeira Tem Grim Live] C: \ Documents and Settings \ All Users \ Application Data \ Software regra pavilhão possui \ Primeira obj.exe
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKCU \ .. \ Run: [MODO REAL] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Arquivos de Programas \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_1_0-reboot 1
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C: \ Program Files \ Nikon \ PictureProject \ NkbMonitor.exe
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Baixar com & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: & Google Search - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Instantâneo da página em cache - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O8 - Extra context menu item: Páginas semelhantes - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Traduzir para Inglês - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (B205A35E-1FC4-4CE3-818B-899DBBB3388C) - C: \ Program Files \ Common Files \ Microsoft Shared \ Encarta Search Bar \ ENCSBAR.DLL
O9 - Extra button: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = E.U. \ IEButton \ support.htm
O9 - Extra 'Tools' menuitem: Connection Help - (E2D4D26B-0180-43a4-B05F-462D6D54C789) - C: \ WINDOWS \ PCHealth \ HelpCtr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = E.U. \ IEButton \ support.htm
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (0CCA191D-13A6-4E29-B746-314DEE697D83) (Facebook Photo Uploader 5) -- http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: (96EEC7FF-106A-47F3-90D6-B4BB754AA40E) (POLI Pay Online) -- https: / / autxn.paywithpoli.com / ewcust...iPayOnline.cab
O16 - DPF: (CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7) (get_atlcom Classe) -- http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C: \ WINDOWS \ system32 \ acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: getPlus (R) Helper - NOS Microsystems Ltd. - C: \ Program Files \ NOS \ bin \ getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe

--
Fim do arquivo - 10505 bytes

**evilfantasy** · #6 11. De outubro de 2008, 22:53

Abrir HijackThis e escolha Faça um sistema de verificação só.

Coloque uma marca de verificação ao lado dos seguintes entradas: (se houver)

O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [Bandeira Tem Grim Live] C: \ Documents and Settings \ All Users \ Application Data \ Software regra pavilhão possui \ Primeira obj.exe
O4 - HKCU \ .. \ Run: [MODO REAL] C: \ DOCUME ~ 1 \ COMPAQ ~ 1 \ Applic ~ 1 \ SOAPLI ~ 1 \ ATOM DASH.exe

Importante: Feche todas as janelas excepto no HijackThis e clique em Fix controlados.

Sair HijackThis.

----------

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não é esse usuário, NÃO siga estas instruções, uma vez que poderia danificar o funcionamento de seu sistema

Ir para Iniciar> Executar e tipo notepad.exe clique em OK

Copie e cole a seguir no Bloco de notas e salve como fixme.reg a sua Desktop

Código:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =- "Tem Bandeira Live Grim" =- [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run] "MODO REAL" =-

Localize fixme.reg em seu desktop e dê um duplo clique nele. Resposta Sim quando perguntado se fundir com a Secretaria.

Certifique-se de que você me diga se você receber uma mensagem de êxito sobre como adicionar o acima para o registro. Se você não receber uma mensagem de êxito, não funcionou.

Excluir a fixme.reg a partir do desktop.

Reinicie o computador

----------

Baixar CCleaner Slim e guardá-la para o seu desktop.
Quando o arquivo foi salvo, vá para o seu desktop e dê um duplo clique sobre ccsetupxxx_slim.exe
Siga as instruções para instalar o programa.
Complete a instalação em seguida:

Dê um duplo clique no CCleaner atalho na área de trabalho para iniciar o programa.
Clique sobre a Opções bloco de esquerda, em seguida, escolha Cookies.
- Sob Excluir cookies para, Realce quaisquer cookies que você gostaria de manter permanentemente
- Clique na seta direita > para movê-las para o "Cookies" para manter janela.
Vá em Opções > Avançado unverificar Apenas apagar arquivos no Windows Temp pastas com mais de 48 horas
Clique Limpador à esquerda, em seguida, Executar Cleaner sobre o direito de executar o programa.
Importante: Certifique-se de que TODOS janelas do navegador estão fechados antes de escolher Executar Cleaner
Cuidado: Não é recomendado que você use o "Registro" recurso a menos que você esteja muito familiarizado com o registro.
Sair CCleaner depois de ter concluído o seu processo.

----------

Baixar Malwarebytes' Anti-Malware (MBAM)

Dê um clique duplo mbam-setup.exe e siga as instruções para instalar o programa.
Ao final, certifique-se de uma marca de verificação é colocada ao lado da seguinte forma:
- Actualizar Malwarebytes' Anti-Malware
- Lançamento Malwarebytes' Anti-Malware
Em seguida, clique em Concluir.
Se uma atualização for encontrada, ela vai baixar e instalar a versão mais recente.
Uma vez carregado o programa, selecione Execute verificação rápidaE, em seguida, clique em Scan.
Quando a pesquisa estiver concluída, clique em OKE, em seguida, Mostrar resultados para ver os resultados.
Tenha certeza de que tudo está marcada, e clique em Remover Selecionados.
Desinfecção Quando estiver concluída, será aberto um log no Bloco de Notas e você pode ser solicitado a reiniciar. (Veja Nota Extra)
O log é automaticamente salvo pelo MBAM e pode ser visualizada clicando no separador no MBAM Logs.
Copie e cole todo o relatório em sua próxima resposta.

Nota adicional: Se MBAM encontrar um arquivo que é difícil de remover, você será presenteado com 1 de 2 solicitações, clique em OK para deixar MBAM e quer avançar com o processo de desinfecção, se solicitado para reiniciar o computador, faça-o imediatamente.

davejess00 · #7 11. De outubro de 2008, 23:26

Eu recebi a mensagem de sucesso fixme.reg o arquivo, e aqui é o MBAM log:

Malwarebytes' Anti-Malware 1/28
Database version: 1259
5/1/2600 Windows Service Pack 3

12/10/2008 5:24:27
mbam-log-2008-10-12 (17-24-27). txt

Scan type: Quick Scan
Objetos digitalizados: 45849
Tempo decorrido: 2 minuto (s), 43 segundo (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Valores do Registro infectados: 0
Dados de Registro Items Infected: 0
Pastas infectadas: 0
Arquivos infectados: 0

Memory Processes Infected:
(N º itens maliciosos detectados)

Memory Modules Infected:
(N º itens maliciosos detectados)

Registry Keys Infected:
(N º itens maliciosos detectados)

Valores do Registro infectados:
(N º itens maliciosos detectados)

Dados de Registro Items Infected:
(N º itens maliciosos detectados)

Folders Infected:
(N º itens maliciosos detectados)

Arquivos Infectados:
(N º itens maliciosos detectados)

**evilfantasy** · #8 11. De outubro de 2008, 23:29

Como se tudo agora?

davejess00 · #9 11. De outubro de 2008, 23:33

Correr mais rápido, mas no Gerenciador de tarefas em processos iexplore.exe ainda está lá e quando eu terminar ela volte. Por cerca de 5 minutos ele usa quase 99% da CPU depois de um tempo ele cai para 0 mas mem uso estadias até cerca de 100.000 K.

**evilfantasy** · #10 12 out 2008, 11:41

Download ComboFix por subcategorias de um dos links abaixo. Certifique-se de guardá-lo para o topo Desktop.

Link # 1
Link # 2

** Nota: É importante que ele é guardado directamente para o seu desktop

Feche todos os browsers abertos. (Firefox, Internet Explorer, etc) antes de iniciar ComboFix.

Temporariamente desabilitar seu antivírus, E qualquer antispyware proteção em tempo real antes realizar uma varredura. Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los.

Dê um clique duplo combofix.exe e siga as instruções.
Quando terminar ComboFix irá produzir um log para você.
Publicar a Log ComboFix e um novo HijackThis log na sua próxima resposta.

Importante: Não mouseclick ComboFix da janela enquanto ele está sendo executado. Isso pode fazer com que a barraca.

Lembre-se de reativar a sua protecção antivírus e antispyware ComboFix quando estiver completa.