AndreiI

Caros moderadores, boa noite. Meu PC está infectado com o dito vírus e não há anti-vírus que remova o problema. Regedit e Gerenciador de Tarefas não abrem! ("Desativados pelo administrador", sendo que acesso de uma conta com privilégios para tal.) Fora as falhas causadas para abrir alguns programas. Segue log do HijackThis. No aguardo. Abraços. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:00:00, on 14/9/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\locator.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof1.dll O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof1.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D4C45248-757C-47F1-A82A-24346BFA343F}: NameServer = 201.71.128.1,201.71.128.2 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6212 bytes Só pra adiantar, segue também o log do DDS DDS (Ver_10-03-17.01) - NTFSx86 Run by padrão at 3:14:03,65 on ter 14/09/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.73 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\locator.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\padrão\Meus documentos\Downloads\dds.scr C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\tbSof1.dll BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\tbSof1.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquiv~1\gbplugin\gbiehUni.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\tbSof1.dll uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe mRun: [nwiz] nwiz.exe /install mRun: [VTTimer] VTTimer.exe uPolicies-explorer: NoSMMyPictures = 0 (0x0) uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0) uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0) uPolicies-explorer: NoInstrumentation = 0 (0x0) uPolicies-system: DisableTaskMgr = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-explorer: NoSMMyPictures = 0 (0x0) mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0) mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0) mPolicies-explorer: NoInstrumentation = 0 (0x0) mPolicies-explorer: NoSimpleStartMenu = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll Trusted Zone: com.br\www.bancobrasil Trusted Zone: com.br\www.bb Trusted Zone: com.br\www14.bancobrasil Trusted Zone: com.br\www2.bancobrasil DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab TCP: {D4C45248-757C-47F1-A82A-24346BFA343F} = 201.71.128.1,201.71.128.2 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll Notify: GbPluginUni - c:\arquiv~1\gbplugin\gbiehUni.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll se: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\arquivos de programas\microsoft antispyware\shellextension.dll se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquiv~1\gbplugin\gbiehUni.dll se: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\padrão\dadosd~1\mozilla\firefox\profiles\3mt9ljzj.default\ FF - component: c:\arquivos de programas\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\documents and settings\padrão\dados de aplicativos\mozilla\firefox\profiles\3mt9ljzj.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll FF - component: c:\documents and settings\padrão\dados de aplicativos\mozilla\firefox\profiles\3mt9ljzj.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-já", "mozff"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2010-1-18 45472] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-13 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-13 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-13 243024] R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ljrjmn.sys --> c:\windows\system32\drivers\ljrjmn.sys [?] R3 GMFilter;GMFilter HID Filter Driver;c:\windows\system32\drivers\GMFilter.sys [2010-5-2 19840] S3 45806824-2822-4b16-918a-4ceb456fa994;45806824-2822-4b16-918a-4ceb456fa994;\??\e:\player\cds300.dll --> e:\player\cds300.dll [?] S3 lryogemvt;lryogemvt;\??\c:\windows\system322.tmp --> c:\windows\system322.tmp [?] =============== Created Last 30 ================ 2010-09-14 05:45:28 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-09-14 05:45:23 0 d-----w- c:\arquivos de programas\Registrar Registry Manager 2010-09-14 02:20:21 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy 2010-09-14 02:20:21 0 d-----w- c:\arquivos de programas\Spybot - Search & Destroy 2010-09-14 01:52:07 0 d-sha-r- C:\cmdcons 2010-09-14 01:49:08 98816 ----a-w- c:\windows\sed.exe 2010-09-14 01:49:08 77312 ----a-w- c:\windows\MBR.exe 2010-09-14 01:49:08 256512 ----a-w- c:\windows\PEV.exe 2010-09-14 01:49:08 161792 ----a-w- c:\windows\SWREG.exe 2010-09-14 01:24:20 0 d-----w- c:\docume~1\padrão\dadosd~1\Malwarebytes 2010-09-14 01:24:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-14 01:24:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-14 01:24:02 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes 2010-09-14 01:24:02 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-09-13 22:44:31 0 d-----w- C:\$AVG 2010-09-13 22:41:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-09-13 22:40:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-09-13 22:40:42 0 d-----w- c:\windows\system32\drivers\Avg 2010-09-13 22:40:27 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-09-13 22:40:22 0 d-----w- c:\docume~1\alluse~1\dadosd~1\avg9 2010-09-13 22:40:22 0 d-----w- c:\arquivos de programas\AVG 2010-09-13 22:34:14 12 ----a-w- c:\windows\system32\mapisvc.inf 2010-09-13 22:26:38 0 d-----w- c:\windows\pss 2010-09-13 22:23:59 0 d-----w- c:\arquivos de programas\Trend Micro 2010-09-13 22:11:03 662 --sha-r- c:\documents and settings\padrão\ntuser.pol 2010-09-13 21:57:04 0 d--h--w- c:\windows\system32\GroupPolicy 2010-09-10 00:52:05 57344 ----a-w- c:\windows\system32\zlib1i.dll 2010-09-10 00:52:05 57344 ----a-w- c:\windows\system32\CGZipLibrary.dll 2010-09-10 00:52:05 143360 ----a-w- c:\windows\system32\Unzip32.dll 2010-09-10 00:52:05 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX 2010-09-10 00:51:46 49152 ----a-w- c:\windows\system32\DSPing.dll 2010-09-10 00:46:48 0 d-----w- c:\arquivos de programas\Teamspeak2_RC2 2010-09-10 00:46:12 0 d-----w- c:\arquivos de programas\IVAO 2010-09-09 17:33:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-08-30 17:21:47 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys 2010-08-30 17:21:40 0 d-----w- c:\docume~1\alluse~1\dadosd~1\OI 2010-08-30 17:21:40 0 d-----w- c:\arquivos de programas\OI ==================== Find3M ==================== 2010-09-14 04:38:08 110592 ----a-w- c:\windows\system32\VTTimer.exe 2010-09-14 04:37:04 28672 ----a-w- c:\windows\system32\qttask.exe 2010-09-14 04:36:40 1695744 ----a-w- c:\windows\system32\nwiz.exe 2010-09-04 17:04:22 46 ----a-w- c:\documents and settings\padrão\jagex_runescape_preferences.dat 2010-09-04 17:04:15 99 ----a-w- c:\documents and settings\padrão\jagex_runescape_preferences2.dat 2010-07-27 12:20:04 45472 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2010-07-26 22:06:44 18296 ---há-w- c:\windows\system32\mlfcache.dat 2010-07-20 14:10:34 724992 ----a-w- c:\windows\iun6002.exe 2010-07-09 20:06:25 67232 ----a-w- c:\windows\system32\perfc016.dat 2010-07-09 20:06:25 425072 ----a-w- c:\windows\system32\perfh016.dat ============= FINISH: 3:16:25,64 ===============