Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:13, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9
O20 - Winlogon Notify: acpiz - acpiz.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 5048 bytes
opa.. ^^
demorei pq tava com problemas na internet aki
XP
mais passei o scanner e deu isso aki
espero q tenha feito certo :unsure:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 06, 2009 16:35:19
Records in database: 1571912--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 70304
Threat name: 23
Infected objects: 36
Suspicious objects: 0
Duration of the scan: 01:51:52
File name / Threat name / Threats count
C:\Documents and Settings\Administrador\Configurações locais\Temp\MediaBar.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aa 1
C:\Documents and Settings\Administrador\Configurações locais\Temp\Temporary Internet Files\Content.IE5\LWXHWCDN\help[1].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrador\Configurações locais\Temp\msg2AC.tmp Infected: Trojan-Downloader.Win32.VB.bou 1
C:\Documents and Settings\Administrador\Configurações locais\Temp\IH13B.tmp Infected: Trojan.Win32.VB.cyz 1
C:\Documents and Settings\Administrador\Configurações locais\Temp\IH13C.tmp Infected: Trojan.Win32.VB.cyz 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-step maspyke.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3545425-dj bia trixx.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3515163-dj bia trixx - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-dj bia trixx (hot remix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3870556-bia trixx CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP173\A0474581.dll Infected: Packed.Win32.Krap.b 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0503383.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0507459.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0509513.exe Infected: Trojan-Downloader.Win32.Agent.avxv 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0511534.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530792.sys Infected: Trojan-Spy.Win32.Goldun.bdq 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0525446.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530810.cmd Infected: Trojan-GameThief.Win32.Magania.ajjs 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530811.cmd Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530812.cmd Infected: Trojan-GameThief.Win32.Magania.ajmv 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530813.com Infected: Worm.Win32.AutoRun.sbo 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530814.com Infected: Packed.Win32.Krap.b 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530815.exe Infected: Trojan-GameThief.Win32.Magania.akfj 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530816.com Infected: Trojan-GameThief.Win32.Magania.akok 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530817.cmd Infected: Trojan-GameThief.Win32.Magania.akow 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530818.bat Infected: Trojan.Win32.Inject.knt 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530819.bat Infected: Trojan-GameThief.Win32.Magania.altw 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530820.bat Infected: Packed.Win32.Krap.b 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530821.com Infected: Trojan-GameThief.Win32.Magania.amdm 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530822.bat Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530823.bat Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530824.bat Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530825.BAT Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530826.com Infected: Trojan-GameThief.Win32.Magania.aiau 1
C:\FOUND.058\FILE0129.CHK Infected: Worm.Win32.Agent.mf 1
C:\FOUND.062\FILE0008.CHK Infected: Worm.Win32.Agent.mf 1
The selected area was scanned.
• Baixe: < ComboFix.exe >
• Salve-o no Desktop!
• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
• Feche todas as janelas e execute a ferramenta!
• Na solicitação: "Negação de garantia de software" --> Clique em Sim!
• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.-- Salve-a no desktop,renomeada como: Kombo.exe
-- Ps: Nomeie durante o salvamento,e não após salvá-la!
-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.
-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.
• Abrir-se-á a janela Auto Scan. --> Aguarde!
• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.
• Aguarde a conclusão!
• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
• Para parar ou sair do ComboFix,tecle "N" --> Enter.
----------------------
• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.
passei.. ai ficou assim
ComboFix................................................................
ComboFix 09-01-07.02 - Administrador 2009-01-08 14:06:55.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.366.188 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\k86.bin
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))
.
2009-01-07 15:37 . 2009-01-07 15:37 <DIR> d--hs---- C:\FOUND.069
2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\SC888g
2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\Common Files2009-01-07 15:22 . 2008-04-28 15:44 1,314,905 --a------ c:\windows\system32\BemaFI32.dll
2009-01-07 15:22 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe
2009-01-07 15:22 . 2002-10-25 14:42 249,955 --a------ c:\windows\system32\MP2032.dll
2009-01-07 15:22 . 2002-08-21 17:29 240,274 --a------ c:\windows\system32\MP2032.HLP
2009-01-07 15:22 . 2002-08-21 17:29 50,688 --a------ c:\windows\system32\Mp2032.FTS
2009-01-07 15:22 . 2003-07-28 23:07 12,910 --a------ c:\windows\system32\Mp2032.GID
2009-01-07 15:22 . 2003-10-30 10:30 11,369 --a------ c:\windows\system32\BemaFI32.ini
2009-01-07 15:22 . 2000-11-28 18:47 4,256 --a------ c:\windows\system32\UserPort.sys
2009-01-07 15:22 . 2002-08-21 17:27 1,476 --a------ c:\windows\system32\MP2032.cnt
2009-01-07 15:22 . 2001-10-24 13:01 183 --a------ c:\windows\system32\UserPort.reg
2009-01-07 15:21 . 2009-01-07 15:21 438 --a------ c:\windows\system32\44e1e.ini
2009-01-06 14:49 . 2009-01-06 14:49 <DIR> d--hs---- C:\FOUND.068
2009-01-05 13:38 . 2009-01-05 13:38 <DIR> d-------- C:\HiJackThis2009-01-05 12:14 . 2006-03-21 12:14 45,711 --a------ c:\windows\system32\drivers\Capt9160.sys
2009-01-05 12:14 . 2006-04-03 16:37 24,138 --a------ c:\windows\system32\drivers\Camd9160.sys
2009-01-03 12:42 . 2009-01-03 12:42 <DIR> d--hs---- C:\FOUND.067
2009-01-03 10:57 . 2009-01-03 10:57 0 --a------ c:\windows\nsreg.dat
2009-01-01 23:07 . 2009-01-01 23:07 <DIR> d--hs---- C:\FOUND.066
2009-01-01 17:00 . 2009-01-01 17:00 <DIR> d--hs---- C:\FOUND.065
2008-12-30 20:46 . 2008-12-30 20:46 <DIR> d--hs---- C:\FOUND.064
2008-12-29 20:00 . 2008-12-29 20:00 <DIR> d--hs---- C:\FOUND.063
2008-12-28 17:45 . 2008-12-28 17:45 <DIR> d--hs---- C:\FOUND.062
2008-12-28 17:31 . 2008-12-28 17:31 <DIR> d-------- c:\arquivos de programas\Alwil Software2008-12-28 17:31 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-27 18:51 . 2008-12-27 18:51 <DIR> d--hs---- C:\FOUND.061
2008-12-27 10:43 . 2008-12-27 10:43 <DIR> d--hs---- C:\FOUND.0602008-12-26 11:57 . 2005-08-31 05:11 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-26 11:55 . 2008-12-26 11:55 <DIR> d--hs---- C:\FOUND.059
2008-12-23 20:57 . 2008-12-23 20:57 <DIR> d--hs---- C:\FOUND.0582008-12-15 09:31 . 2008-12-15 09:31 268 --ah----- C:\sqmdata02.sqm
2008-12-15 09:31 . 2008-12-15 09:31 244 --ah----- C:\sqmnoopt02.sqm
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:38 3,593,216 ----a-w c:\windows\system32\DllCache\mshtml.dll
2008-11-09 13:35 12,406 ----a-w c:\windows\system32\rfs.bin
2008-10-24 11:10 453,632 ------w c:\windows\system32\DllCache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:15 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
2008-10-15 16:59 332,800 ------w c:\windows\system32\DllCache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\DllCache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
2008-09-16 00:40 4,894,156 ----a-w c:\arquivos de programas\aTube_Catcher_Installer.exe
2008-09-12 21:06 3,921,909 ----a-w c:\arquivos de programas\Tubedownloader10.exe
2008-09-10 20:10 4,860,240 ----a-w c:\arquivos de programas\MsgPlusLive-470.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Ulead AutoDetector"="c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]
"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-28 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-28 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ec898ee-04bc-11dc-a8da-00142ac94f7a}]
\Shell\AutoRun\command - E:\i.bat
\Shell\explore\Command - E:\i.bat
\Shell\open\Command - E:\i.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609862d4-d683-11dd-adf7-00142ac94f7a}]
\Shell\AutoRun\command - F:\mnl6on3.com
\Shell\explore\Command - F:\mnl6on3.com
\Shell\open\Command - F:\mnl6on3.com
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-01-08 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job
.
Notify-acpiz - acpiz.dll
SafeBoot-acup.sys
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.orkut.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {1DB338C4-1149-4387-BF7C-0721E534D6D9} = 200.152.50.4 200.152.58.9
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\zspu48rw.default\
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 14:08:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2009-01-08 14:09:31
ComboFix-quarantined-files.txt 2009-01-08 16:09:30
Pré-execução: 80 pasta(s) 17.284.005.888 bytes disponíveis
Pós execução: 80 pasta(s) 22,185,738,240 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\ = "Sistema operacional nÆo identificado na unidade C."
159 --- E O F --- 2008-12-18 23:25:09
HiJackThis......................................................................
......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:54, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 4333 bytes
Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.
Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
Folder::C:\FOUND.069
C:\FOUND.068
C:\FOUND.067
C:\FOUND.066
C:\FOUND.065
C:\FOUND.064
C:\FOUND.063
C:\FOUND.062
C:\FOUND.061
C:\FOUND.060
C:\FOUND.059
C:\FOUND.058
File::
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
E:\i.bat
F:\mnl6on3.com
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ec898ee-04bc-11dc-a8da-00142ac94f7a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609862d4-d683-11dd-adf7-00142ac94f7a}]
Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />
O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
Poste-o junto com o novo log do hijackthis
ComboFix 09-01-07.02 - Administrador 2009-01-08 16:57:33.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.366.188 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt
* Criado um novo ponto de restauro
FILE ::
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
E:\i.bat
F:\mnl6on3.com
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrador\Configuraþ§es locais\Temporary Internet Files\
c:\documents and settings\LocalService\Configuraþ§es locais\Temporary Internet Files\
c:\documents and settings\NetworkService\Configuraþ§es locais\Temporary Internet Files\
C:\FOUND.058
c:\found.058\FILE0000.CHK
c:\found.058\FILE0001.CHK
c:\found.058\FILE0002.CHK
c:\found.058\FILE0003.CHK
c:\found.058\FILE0004.CHK
c:\found.058\FILE0005.CHK
c:\found.058\FILE0006.CHK
c:\found.058\FILE0007.CHK
c:\found.058\FILE0008.CHK
c:\found.058\FILE0009.CHK
c:\found.058\FILE0010.CHK
c:\found.058\FILE0011.CHK
c:\found.058\FILE0012.CHK
c:\found.058\FILE0013.CHK
c:\found.058\FILE0014.CHK
c:\found.058\FILE0015.CHK
c:\found.058\FILE0016.CHK
c:\found.058\FILE0017.CHK
c:\found.058\FILE0018.CHK
c:\found.058\FILE0019.CHK
c:\found.058\FILE0020.CHK
c:\found.058\FILE0021.CHK
c:\found.058\FILE0022.CHK
c:\found.058\FILE0023.CHK
c:\found.058\FILE0024.CHK
c:\found.058\FILE0025.CHK
c:\found.058\FILE0026.CHK
c:\found.058\FILE0027.CHK
c:\found.058\FILE0028.CHK
c:\found.058\FILE0029.CHK
c:\found.058\FILE0030.CHK
c:\found.058\FILE0031.CHK
c:\found.058\FILE0032.CHK
c:\found.058\FILE0033.CHK
c:\found.058\FILE0034.CHK
c:\found.058\FILE0035.CHK
c:\found.058\FILE0036.CHK
c:\found.058\FILE0037.CHK
c:\found.058\FILE0038.CHK
c:\found.058\FILE0039.CHK
c:\found.058\FILE0040.CHK
c:\found.058\FILE0041.CHK
c:\found.058\FILE0042.CHK
c:\found.058\FILE0043.CHK
c:\found.058\FILE0044.CHK
c:\found.058\FILE0045.CHK
c:\found.058\FILE0046.CHK
c:\found.058\FILE0047.CHK
c:\found.058\FILE0048.CHK
c:\found.058\FILE0049.CHK
c:\found.058\FILE0050.CHK
c:\found.058\FILE0051.CHK
c:\found.058\FILE0052.CHK
c:\found.058\FILE0053.CHK
c:\found.058\FILE0054.CHK
c:\found.058\FILE0055.CHK
c:\found.058\FILE0056.CHK
c:\found.058\FILE0057.CHK
c:\found.058\FILE0058.CHK
c:\found.058\FILE0059.CHK
c:\found.058\FILE0060.CHK
c:\found.058\FILE0061.CHK
c:\found.058\FILE0062.CHK
c:\found.058\FILE0063.CHK
c:\found.058\FILE0064.CHK
c:\found.058\FILE0065.CHK
c:\found.058\FILE0066.CHK
c:\found.058\FILE0067.CHK
c:\found.058\FILE0068.CHK
c:\found.058\FILE0069.CHK
c:\found.058\FILE0070.CHK
c:\found.058\FILE0071.CHK
c:\found.058\FILE0072.CHK
c:\found.058\FILE0073.CHK
c:\found.058\FILE0074.CHK
c:\found.058\FILE0075.CHK
c:\found.058\FILE0076.CHK
c:\found.058\FILE0077.CHK
c:\found.058\FILE0078.CHK
c:\found.058\FILE0079.CHK
c:\found.058\FILE0080.CHK
c:\found.058\FILE0081.CHK
c:\found.058\FILE0082.CHK
c:\found.058\FILE0083.CHK
c:\found.058\FILE0084.CHK
c:\found.058\FILE0085.CHK
c:\found.058\FILE0086.CHK
c:\found.058\FILE0087.CHK
c:\found.058\FILE0088.CHK
c:\found.058\FILE0089.CHK
c:\found.058\FILE0090.CHK
c:\found.058\FILE0091.CHK
c:\found.058\FILE0092.CHK
c:\found.058\FILE0093.CHK
c:\found.058\FILE0094.CHK
c:\found.058\FILE0095.CHK
c:\found.058\FILE0096.CHK
c:\found.058\FILE0097.CHK
c:\found.058\FILE0098.CHK
c:\found.058\FILE0099.CHK
c:\found.058\FILE0100.CHK
c:\found.058\FILE0101.CHK
c:\found.058\FILE0102.CHK
c:\found.058\FILE0103.CHK
c:\found.058\FILE0104.CHK
c:\found.058\FILE0105.CHK
c:\found.058\FILE0106.CHK
c:\found.058\FILE0107.CHK
c:\found.058\FILE0108.CHK
c:\found.058\FILE0109.CHK
c:\found.058\FILE0110.CHK
c:\found.058\FILE0111.CHK
c:\found.058\FILE0112.CHK
c:\found.058\FILE0113.CHK
c:\found.058\FILE0114.CHK
c:\found.058\FILE0115.CHK
c:\found.058\FILE0116.CHK
c:\found.058\FILE0117.CHK
c:\found.058\FILE0118.CHK
c:\found.058\FILE0119.CHK
c:\found.058\FILE0120.CHK
c:\found.058\FILE0121.CHK
c:\found.058\FILE0122.CHK
c:\found.058\FILE0123.CHK
c:\found.058\FILE0124.CHK
c:\found.058\FILE0125.CHK
c:\found.058\FILE0126.CHK
c:\found.058\FILE0127.CHK
c:\found.058\FILE0128.CHK
c:\found.058\FILE0129.CHK
c:\found.058\FILE0130.CHK
c:\found.058\FILE0131.CHK
c:\found.058\FILE0132.CHK
c:\found.058\FILE0133.CHK
c:\found.058\FILE0134.CHK
c:\found.058\FILE0135.CHK
c:\found.058\FILE0136.CHK
c:\found.058\FILE0137.CHK
c:\found.058\FILE0138.CHK
c:\found.058\FILE0139.CHK
c:\found.058\FILE0140.CHK
c:\found.058\FILE0141.CHK
c:\found.058\FILE0142.CHK
c:\found.058\FILE0143.CHK
c:\found.058\FILE0144.CHK
c:\found.058\FILE0145.CHK
c:\found.058\FILE0146.CHK
c:\found.058\FILE0147.CHK
c:\found.058\FILE0148.CHK
c:\found.058\FILE0149.CHK
c:\found.058\FILE0150.CHK
c:\found.058\FILE0151.CHK
c:\found.058\FILE0152.CHK
c:\found.058\FILE0153.CHK
c:\found.058\FILE0154.CHK
c:\found.058\FILE0155.CHK
c:\found.058\FILE0156.CHK
c:\found.058\FILE0157.CHK
c:\found.058\FILE0158.CHK
c:\found.058\FILE0159.CHK
c:\found.058\FILE0160.CHK
c:\found.058\FILE0161.CHK
c:\found.058\FILE0162.CHK
c:\found.058\FILE0163.CHK
c:\found.058\FILE0164.CHK
c:\found.058\FILE0165.CHK
c:\found.058\FILE0166.CHK
c:\found.058\FILE0167.CHK
c:\found.058\FILE0168.CHK
c:\found.058\FILE0169.CHK
c:\found.058\FILE0170.CHK
c:\found.058\FILE0171.CHK
c:\found.058\FILE0172.CHK
c:\found.058\FILE0173.CHK
c:\found.058\FILE0174.CHK
c:\found.058\FILE0175.CHK
c:\found.058\FILE0176.CHK
c:\found.058\FILE0177.CHK
c:\found.058\FILE0178.CHK
c:\found.058\FILE0179.CHK
c:\found.058\FILE0180.CHK
c:\found.058\FILE0181.CHK
c:\found.058\FILE0182.CHK
C:\FOUND.059
c:\found.059\FILE0000.CHK
c:\found.059\FILE0001.CHK
c:\found.059\FILE0002.CHK
C:\FOUND.060
c:\found.060\FILE0000.CHK
C:\FOUND.061
c:\found.061\FILE0000.CHK
c:\found.061\FILE0001.CHK
c:\found.061\FILE0002.CHK
c:\found.061\FILE0003.CHK
c:\found.061\FILE0004.CHK
c:\found.061\FILE0005.CHK
c:\found.061\FILE0006.CHK
c:\found.061\FILE0007.CHK
c:\found.061\FILE0008.CHK
c:\found.061\FILE0009.CHK
c:\found.061\FILE0010.CHK
c:\found.061\FILE0011.CHK
c:\found.061\FILE0012.CHK
c:\found.061\FILE0013.CHK
c:\found.061\FILE0014.CHK
c:\found.061\FILE0015.CHK
c:\found.061\FILE0016.CHK
c:\found.061\FILE0017.CHK
c:\found.061\FILE0018.CHK
c:\found.061\FILE0019.CHK
c:\found.061\FILE0020.CHK
c:\found.061\FILE0021.CHK
c:\found.061\FILE0022.CHK
c:\found.061\FILE0023.CHK
c:\found.061\FILE0024.CHK
c:\found.061\FILE0025.CHK
c:\found.061\FILE0026.CHK
c:\found.061\FILE0027.CHK
C:\FOUND.062
c:\found.062\FILE0000.CHK
c:\found.062\FILE0001.CHK
c:\found.062\FILE0002.CHK
c:\found.062\FILE0003.CHK
c:\found.062\FILE0004.CHK
c:\found.062\FILE0005.CHK
c:\found.062\FILE0008.CHK
c:\found.062\FILE0009.CHK
c:\found.062\FILE0010.CHK
C:\FOUND.063
c:\found.063\FILE0000.CHK
C:\FOUND.064
c:\found.064\FILE0000.CHK
c:\found.064\FILE0001.CHK
c:\found.064\FILE0002.CHK
c:\found.064\FILE0003.CHK
c:\found.064\FILE0004.CHK
c:\found.064\FILE0005.CHK
c:\found.064\FILE0006.CHK
C:\FOUND.065
c:\found.065\FILE0000.CHK
c:\found.065\FILE0001.CHK
C:\FOUND.066
c:\found.066\FILE0000.CHK
c:\found.066\FILE0001.CHK
c:\found.066\FILE0002.CHK
c:\found.066\FILE0003.CHK
c:\found.066\FILE0004.CHK
c:\found.066\FILE0005.CHK
c:\found.066\FILE0006.CHK
c:\found.066\FILE0007.CHK
c:\found.066\FILE0008.CHK
c:\found.066\FILE0009.CHK
c:\found.066\FILE0010.CHK
c:\found.066\FILE0011.CHK
c:\found.066\FILE0012.CHK
c:\found.066\FILE0013.CHK
c:\found.066\FILE0014.CHK
c:\found.066\FILE0015.CHK
c:\found.066\FILE0016.CHK
c:\found.066\FILE0017.CHK
c:\found.066\FILE0018.CHK
c:\found.066\FILE0019.CHK
c:\found.066\FILE0020.CHK
c:\found.066\FILE0021.CHK
c:\found.066\FILE0022.CHK
c:\found.066\FILE0023.CHK
c:\found.066\FILE0024.CHK
c:\found.066\FILE0025.CHK
c:\found.066\FILE0026.CHK
c:\found.066\FILE0027.CHK
c:\found.066\FILE0028.CHK
c:\found.066\FILE0029.CHK
c:\found.066\FILE0030.CHK
c:\found.066\FILE0031.CHK
c:\found.066\FILE0032.CHK
c:\found.066\FILE0033.CHK
c:\found.066\FILE0034.CHK
c:\found.066\FILE0035.CHK
c:\found.066\FILE0036.CHK
c:\found.066\FILE0037.CHK
C:\FOUND.067
c:\found.067\FILE0000.CHK
c:\found.067\FILE0001.CHK
C:\FOUND.068
c:\found.068\FILE0000.CHK
c:\found.068\FILE0001.CHK
c:\found.068\FILE0002.CHK
c:\found.068\FILE0003.CHK
c:\found.068\FILE0004.CHK
c:\found.068\FILE0005.CHK
c:\found.068\FILE0006.CHK
C:\FOUND.069
c:\found.069\FILE0000.CHK
c:\found.069\FILE0001.CHK
c:\found.069\FILE0002.CHK
c:\found.069\FILE0003.CHK
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))
.
2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d-------- c:\windows\system32\xircom
2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d-------- c:\windows\system32\oobe
2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d--hs---- C:\FOUND.070
2009-01-08 15:18 . 2009-01-08 15:18 <DIR> d-------- c:\arquivos de programas\microsoft frontpage
2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\SC888g
2009-01-07 15:22 . 2009-01-07 15:22 <DIR> d-------- c:\arquivos de programas\Common Files2009-01-07 15:22 . 2008-04-28 15:44 1,314,905 --a------ c:\windows\system32\BemaFI32.dll
2009-01-07 15:22 . 1999-03-23 09:12 299,520 --a------ c:\windows\uninst.exe
2009-01-07 15:22 . 2002-10-25 14:42 249,955 --a------ c:\windows\system32\MP2032.dll
2009-01-07 15:22 . 2002-08-21 17:29 240,274 --a------ c:\windows\system32\MP2032.HLP
2009-01-07 15:22 . 2002-08-21 17:29 50,688 --a------ c:\windows\system32\Mp2032.FTS
2009-01-07 15:22 . 2003-07-28 23:07 12,910 --a------ c:\windows\system32\Mp2032.GID
2009-01-07 15:22 . 2003-10-30 10:30 11,369 --a------ c:\windows\system32\BemaFI32.ini
2009-01-07 15:22 . 2000-11-28 18:47 4,256 --a------ c:\windows\system32\UserPort.sys
2009-01-07 15:22 . 2002-08-21 17:27 1,476 --a------ c:\windows\system32\MP2032.cnt
2009-01-07 15:22 . 2001-10-24 13:01 183 --a------ c:\windows\system32\UserPort.reg
2009-01-07 15:21 . 2009-01-07 15:21 438 --a------ c:\windows\system32\44e1e.ini
2009-01-05 13:38 . 2009-01-05 13:38 <DIR> d-------- C:\HiJackThis
2009-01-05 12:14 . 2006-03-21 12:14 45,711 --a------ c:\windows\system32\drivers\Capt9160.sys
2009-01-05 12:14 . 2006-04-03 16:37 24,138 --a------ c:\windows\system32\drivers\Camd9160.sys
2009-01-03 10:57 . 2009-01-03 10:57 0 --a------ c:\windows\nsreg.dat
2008-12-28 17:31 . 2008-12-28 17:31 <DIR> d-------- c:\arquivos de programas\Alwil Software
2008-12-28 17:31 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-26 11:57 . 2005-08-31 05:11 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:38 3,593,216 ----a-w c:\windows\system32\DllCache\mshtml.dll
2008-11-09 13:35 12,406 ----a-w c:\windows\system32\rfs.bin
2008-10-24 11:10 453,632 ------w c:\windows\system32\DllCache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:15 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
2008-10-15 16:59 332,800 ------w c:\windows\system32\DllCache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\DllCache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
2008-09-16 00:40 4,894,156 ----a-w c:\arquivos de programas\aTube_Catcher_Installer.exe
2008-09-12 21:06 3,921,909 ----a-w c:\arquivos de programas\Tubedownloader10.exe
2008-09-10 20:10 4,860,240 ----a-w c:\arquivos de programas\MsgPlusLive-470.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-08_14.08.35,53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-08 17:18:32 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_4f8.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Ulead AutoDetector"="c:\arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]
"Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-28 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-28 20560]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.orkut.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\zspu48rw.default\
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 17:00:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2009-01-08 17:01:22
ComboFix-quarantined-files.txt 2009-01-08 19:01:20
ComboFix3.txt 2009-01-08 16:09:34
ComboFix2.txt 2009-01-08 16:37:44
PrÚ-execuþÒo: 81 pasta(s) 22.104.473.600 bytes dispon¡veis
P¾s execuþÒo: 69 pasta(s) 22,095,298,560 bytes dispon¡veis
438 --- E O F --- 2008-12-18 23:25:09
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:50, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DB338C4-1149-4387-BF7C-0721E534D6D9}: NameServer = 200.152.50.4 200.152.58.9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
--
End of file - 4083 bytes
O log estar limpo algum problema?
apesar de estar bem mais rapido
o pc continua reiniciando =|
e com as mensagens de falsificação d software
e fica dando umas mensagens d memoria virtual baixa
:upset:
Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.
Tutorial Kaspersky Online Scanner
Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 17, 2009 19:16:22
Records in database: 1637846--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 68962
Threat name: 19
Infected objects: 31
Suspicious objects: 0
Duration of the scan: 02:07:08
File name / Threat name / Threats count
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-step maspyke.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3545425-dj bia trixx.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3515163-dj bia trixx - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-5745425-dj bia trixx (hot remix).mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Administrador\Meus documentos\LimeWire\Incomplete\T-3870556-bia trixx CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP173\A0474581.dll Infected: Packed.Win32.Krap.b 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0503383.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP183\A0507459.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0509513.exe Infected: Trojan-Downloader.Win32.Agent.avxv 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP184\A0511534.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530792.sys Infected: Trojan-Spy.Win32.Goldun.bdq 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0525446.INF Infected: Worm.Win32.Agent.mf 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530810.cmd Infected: Trojan-GameThief.Win32.Magania.ajjs 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530811.cmd Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530812.cmd Infected: Trojan-GameThief.Win32.Magania.ajmv 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530813.com Infected: Worm.Win32.AutoRun.sbo 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530814.com Infected: Packed.Win32.Krap.b 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530815.exe Infected: Trojan-GameThief.Win32.Magania.akfj 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530816.com Infected: Trojan-GameThief.Win32.Magania.akok 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530817.cmd Infected: Trojan-GameThief.Win32.Magania.akow 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530818.bat Infected: Trojan.Win32.Inject.knt 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530819.bat Infected: Trojan-GameThief.Win32.Magania.altw 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530820.bat Infected: Packed.Win32.Krap.b 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530821.com Infected: Trojan-GameThief.Win32.Magania.amdm 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530822.bat Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530823.bat Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530824.bat Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530825.BAT Infected: Worm.Win32.AutoRun.thn 1
C:\System Volume Information\_restore{AF128C29-0615-48AB-8864-0BCF58640059}\RP189\A0530826.com Infected: Trojan-GameThief.Win32.Magania.aiau 1
C:\Qoobox\Quarantine\C\FOUND.058\FILE0129.CHK.vir Infected: Worm.Win32.Agent.mf 1
C:\Qoobox\Quarantine\C\FOUND.062\FILE0008.CHK.vir Infected: Worm.Win32.Agent.mf 1
The selected area was scanned.
O log estar limpo, algum problema?
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.
Tutorial Kaspersky Online Scanner
Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.