Rafildes 0 Denunciar post Postado Dezembro 19, 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:30:19, on 19/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\KGB\Mpk.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\config\svchost.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\AVPersonal\AVGUARD.EXE C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Arquivos de programas\KGB\Mpk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Distributed Files Services (DBiFsi) - Unknown owner - C:\Arquivos de programas\System\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9057 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 25, 2007 Bom Dia Rafildes! >@< Desinstale: < ADSTechnology > < ActivationManager > >@< Após desinstalar,reinicie o computador e poste um nôvo log do HijackThis. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Dezembro 27, 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:57, on 27/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVPersonal\AVGUARD.EXE C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\KGB\Mpk.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\config\svchost.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Administrador\Local Settings\Application Data\PackageAware\mpa.exe" O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Arquivos de programas\KGB\Mpk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Distributed Files Services (DBiFsi) - Unknown owner - C:\Arquivos de programas\System\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8932 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 29, 2007 Boa Tarde Rafildes! >@< Vá em Iniciar >> Executar >> Digite: msconfig >> Ok. >@< Abrir-se-á o: Utilitário de configuração do sistema. >@< Clique na aba Serviços! >@< Desmarque a caixa referente à êste Serviço: Distributed Files Services. >@< Clique em Aplicar >> Ok. _____________________ >@< Faça o download do Avenger. >@< Descompacte-o e crie uma pasta para o programa! >@< Coloque esta pasta no Disco Local-C ou Desktop! >@< Rode o programa e marque Input script manually. >@< Clique no ícone da lupa! Files to delete:C:\Arquivos de programas\System\svchost.exe C:\WINDOWS\system32\config\svchost.exe C:\Arquivos de programas\ActivationManager\ActivationManager.dll Folders to delete: C:\Arquivos de programas\ActivationManager C:\Arquivos de programas\ADSTechnology >@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima! >@< Clique em Done. >@< Clique no ícone do semáforo! >@< Clique em Ok. >@< O computador irá reiniciar! >@< Aproveite este reboot,e entre em Modo de Segurança. >@< Abra o HijackThis,e clique em Do a system scan only. >@< Marque as entradas,logo abaixo,e clique em Fix checked! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll" >@< Ainda em Modo Seguro,e no HijackThis,clique em: Open the misc tools section. >@< Clique em: Delete an NT Service. >@< Coloque o nome do Serviço: DBiFsi,na caixa. >@< Clique em Ok. >@< Reinicie,normalmente,o computador! ____________________ >@< Poste,na sua resposta: Avenger.txt + Log do HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 3, 2008 Amigo, Quando rodo o Avenger ele aparece o seguinte erro Log do Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:51:08, on 3/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\KGB\Mpk.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\AVPersonal\AVGUARD.EXE C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Administrador\Local Settings\Application Data\PackageAware\mpa.exe" O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Arquivos de programas\KGB\Mpk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8533 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 4, 2008 Bom Dia Rafildes! Quando rodo o Avenger ele aparece o seguinte erro >@< Clique em Ok,para dar continuidade...e,terminando,poste o relatório. ( Avenger.txt ) ______________________ Desinstale: < KGB > Após desinstalar,reinicie o computador! ______________________ >@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nesta entrada: O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Administrador\Local Settings\Application Data\PackageAware\mpa.exe" >@< Poste,na sua resposta: Avenger.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 4, 2008 O Avenger depois q marco a opçao indicada e clico na lupa, aparece uma janela em branco e logo a baixo um botão DONE. LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:59:51, on 4/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\AVPersonal\AVGUARD.EXE C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8498 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 5, 2008 Bom Dia Rafildes! >@< Faça o download do ComboFix. >@< Baixe-o para o Desktop! >@< Feche todas as janelas e execute a ferramenta! >@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado. >@< Abrirá a janela Auto Scan. Aguarde! >@< Digite a opção para continuar e < Enter > >@< Aguarde a conclusão! _______________________ >@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 7, 2008 ComboFix 08-01-04.1 - Administrador 2008-01-07 9:00:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.176 [GMT -2:00] Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1.exe C:\Arquivos de programas\ActivationManager C:\Arquivos de programas\ActivationManager\ActivationManager.dll C:\Arquivos de programas\ActivationManager\ActivationManager.dll.bak C:\Autorun.inf C:\WINDOWS\system32\config\svchost.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((( Ficheiros criados de 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))) . 2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d----c--- C:\Arquivos de programas\microsoft frontpage 2008-01-07 09:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent 2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d----c--- C:\Arquivos de programas\BitTorrent 2008-01-03 13:09 . 2008-01-03 13:09 59,931 --a--c--- C:\lojr075.prt 2007-12-27 22:46 . 2007-12-27 22:46 280 --ah-c--- C:\sqmdata03.sqm 2007-12-27 22:46 . 2007-12-27 22:46 244 --ah-c--- C:\sqmnoopt03.sqm 2007-12-27 15:22 . 2007-12-27 15:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-27 15:22 . 2007-12-27 15:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-27 15:22 . 2007-12-27 15:23 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-27 13:45 . 2007-12-27 13:46 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife 2007-12-27 13:43 . 2007-12-27 13:43 <DIR> d----c--- C:\Arquivos de programas\KAIZEN Games 2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys2.bmp 2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys1.bmp 2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d--h----- C:\Documents and Settings\All Users\Dados de aplicativos\{A3A7BCCE-9005-4A6C-82AB-8D46F544F53B} 2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d----c--- C:\Arquivos de programas\visiosonic 2007-12-20 13:55 . 2007-12-20 14:00 90,243,806 --a--c--- C:\lerda.##r 2007-12-20 13:43 . 2007-12-20 13:53 600,483 --a--c--- C:\matr600.prt 2007-12-20 12:57 . 2007-12-20 13:05 9,670 --a--c--- C:\mata030.prt 2007-12-19 13:41 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2007-12-19 13:41 . 1999-06-21 05:10 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2007-12-19 13:40 . 2007-12-19 13:40 <DIR> d----c--- C:\BDE 2007-12-19 13:34 . 2007-12-19 13:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared 2007-12-19 11:11 . 2007-12-19 11:11 <DIR> d----c--- C:\php 2007-12-19 10:57 . 2007-12-19 13:41 <DIR> d----c--- C:\BDE5202 2007-12-19 10:37 . 2007-12-19 10:37 <DIR> d----c--- C:\Arquivos de programas\PHP 2007-12-19 10:27 . 2007-12-19 10:27 <DIR> d----c--- C:\Arquivos de programas\Apache Group 2007-12-19 10:09 . 2007-12-19 10:09 <DIR> d----c--- C:\Arquivos de programas\Apache Software Foundation 2007-12-19 09:30 . 2007-12-19 09:30 <DIR> d----c--- C:\Arquivos de programas\Trend Micro 2007-12-18 11:23 . 2008-01-05 19:27 <DIR> d----c--- C:\SysLoja 2007-12-18 10:58 . 2007-12-18 10:58 <DIR> d----c--- C:\mtg 2007-12-17 19:26 . 2007-12-21 12:08 5,562 --a--c--- C:\matr580.prt 2007-12-15 09:42 . 2007-12-15 09:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitComet Turbo 2007-12-15 09:39 . 2007-12-15 09:39 <DIR> d-------- C:\WINDOWS\Sun 2007-12-15 09:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-15 09:30 . 2007-12-15 09:31 <DIR> d----c--- C:\Arquivos de programas\Java 2007-12-15 09:29 . 2007-12-15 09:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java 2007-12-13 21:50 . 2007-12-13 21:50 <DIR> d----c--- C:\Arquivos de programas\Nuclear Coffee 2007-12-13 08:59 . 2007-12-13 08:59 <DIR> d----c--- C:\ProgramData 2007-12-13 08:59 . 2007-12-19 15:54 <DIR> d--hs---- C:\Documents and Settings\Administrador\Dados de aplicativos\.# 2007-12-10 13:24 . 2007-12-10 14:19 0 --a------ C:\WINDOWS\system32\pqtmp.fil 2007-12-10 12:55 . 2007-12-10 14:19 <DIR> d----c--- C:\Arquivos de programas\HDD Health 2007-12-10 09:16 . 2007-12-10 13:23 821 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB 2007-12-10 09:14 . 2007-12-10 09:14 <DIR> d----c--- C:\Arquivos de programas\PowerQuest 2007-12-10 09:14 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE 2007-12-10 09:14 . 2001-08-10 07:00 3,252 --------- C:\WINDOWS\system32\drivers\PQNTDRV.SYS . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 10:14 --------- d-----w C:\Arquivos de programas\LogMeIn 2008-01-03 13:12 --------- d-----w C:\Arquivos de programas\MSN Messenger 2007-12-19 17:54 --------- d-sh--w C:\Documents and Settings\Administrador\Dados de aplicativos\.# 2007-12-11 00:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype 2007-12-10 11:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-12-10 11:02 --------- d-----w C:\Arquivos de programas\UltraVNC 2007-12-04 15:18 --------- d-----w C:\Arquivos de programas\Samsung 2007-12-04 15:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software 2007-12-03 20:10 --------- d-----w C:\Arquivos de programas\Fake Webcam 2007-11-24 17:00 --------- d-----w C:\Arquivos de programas\CamStudio 2007-11-24 12:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd3 2007-11-22 16:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2007-11-22 16:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-11-22 16:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motorola Shared 2007-11-19 17:03 --------- d-----w C:\Arquivos de programas\MSXML 4.0 2007-11-16 18:02 --------- d-----w C:\Arquivos de programas\TechnoLogismiki 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 09:59 --------- d-----w C:\Arquivos de programas\eMule . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 14:59 68856] "MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360] "BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2007-06-20 01:28 43008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976] "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 15:03 63048] "googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 15:40 20480] "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 14:43 270336] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-21 14:52 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^EPSON Status Monitor 3 Environment Check(4).lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\EPSON Status Monitor 3 Environment Check(4).lnk backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(4).lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth] C:\Arquivos de programas\HDD Health\hddhealth.exe -wl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "DBiFsi"=2 (0x2) R2 AVWUpSrv;AntiVir Update;"C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE" [2005-10-13 17:32] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 15:00] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55] R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22] R3 avgntdw;avgntdw;C:\Arquivos de programas\AVPersonal\AVGNTDW.SYS [2005-04-29 09:07] R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 14:22] S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 14:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\Auto\command - C:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\Auto\command - D:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523ddfe1-6fbc-11dc-8cc5-000d9d8f1ce9}] \Shell\Auto\command - G:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{804e5b0f-33b8-11da-8cc8-000d9d8f1ce9}] \Shell\Auto\command - H:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad4d7d8-7726-11dc-8ce0-000d9d8f1ce9}] \Shell\Auto\command - G:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe *Newly Created Service* - ASPI32 . Conte£do da pasta 'Tarefas Agendadas' "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-07 11:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 12:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 13:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 14:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 15:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-05 17:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-05 18:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-05 19:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 20:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 21:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 22:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 23:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-07 00:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-07 01:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 05:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 06:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 07:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 08:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-04 09:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\j8Iu0J28.exe "2008-01-06 10:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\j8Iu0J28.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 09:04:09 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusÆo: 2008-01-07 9:05:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-07 11:05:49 . 2007-12-12 21:46:09 --- E O F --- Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:07:56, on 7/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVPersonal\AVGUARD.EXE C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\BitTorrent\bittorrent.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8534 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 8, 2008 Bom Dia Rafildes! Delete: C:\QooBox C:\ComboFix.txt << Log anterior do ComboFix. __________________ >@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas. >@< Salve-o,no Desktop,com o nome: CFScript.txt File::C:\WINDOWS\system32\j8Iu0J28.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix. >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente! >@< Durante a execução,não utilize o teclado ou Mouse! >@< Aguarde a conclusão! ________________________ >@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório. >@< Clique em BitDefender ( Scan OnLine ). >@< Abrirá a página: < BitDefender OnLine Scanner > >@< Clique em I Agree. >@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan. ________________________ >@< Poste,então: Relatório do BitDefender + ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 8, 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:36:16, on 8/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\BitTorrent\bittorrent.exe C:\Arquivos de programas\AVPersonal\AVGUARD.EXE C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8894 bytes ---------------------------------------------------------------------------------------------------------------------------------------------- BitDefender Online Scanner Scan report generated at: Tue, Jan 08, 2008 - 11:25:47 Scan path: C:\;D:\;E:\; Statistics Time 00:46:39 Files 129609 Folders 3953 Boot Sectors 3 Archives 2051 Packed Files 6951 Results Identified Viruses 8 Infected Files 108 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 108 Engines Info Virus Definitions 886469 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 14 Archive plugins 38 Unpack plugins 7 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\ah.exe Infected with: Win32.Worm.Autoruner.W C:\ah.exe Disinfection failed C:\ah.exe Deleted C:\Arquivos de programas\System\svchost.exe Infected with: Backdoor.Hupigon.YLJ C:\Arquivos de programas\System\svchost.exe Deleted C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\9T1BL8HF\gz[1].exe Infected with: Backdoor.Hupigon.YLJ C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\9T1BL8HF\gz[1].exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049851.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049851.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049851.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049880.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049880.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049880.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049883.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049883.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049883.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049887.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049887.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049887.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050821.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050821.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050821.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050825.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050825.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050841.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050841.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050841.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050855.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050855.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050856.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050856.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050856.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050872.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050872.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050872.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050894.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050894.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050894.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050909.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050909.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050909.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050923.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050923.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050923.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050938.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050938.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050938.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050965.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050965.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050966.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050966.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050966.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050980.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050980.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050981.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050981.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050981.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050991.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050991.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050991.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0050998.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0050998.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0050998.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051031.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051031.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051031.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051042.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051042.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051042.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051077.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051077.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051077.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051141.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051141.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051142.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051142.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051142.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0052140.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0052140.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052144.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052144.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052144.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052148.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052148.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052148.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052167.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052167.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052167.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052179.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052179.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052179.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052211.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052211.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052211.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052231.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052231.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052231.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052273.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052273.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052273.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052284.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052284.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052284.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052306.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052306.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052306.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052312.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052312.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052312.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052342.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052342.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052342.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052368.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052368.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052368.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052401.exe Infected with: Dropped:Adware.BHO.WQB C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052401.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052401.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052403.exe Detected with: Adware.BHO.WQB C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052403.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052403.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052411.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052411.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052412.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052412.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052412.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053414.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053414.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053414.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053435.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053435.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053435.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053464.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053464.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053464.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054464.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054464.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054464.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054501.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054501.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054501.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054513.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054513.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054513.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054523.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054523.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054523.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054534.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054534.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054534.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054561.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054561.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054561.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054581.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054581.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054581.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054594.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054594.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054594.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058674.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058674.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058674.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058688.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058688.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059756.exe Infected with: Win32.Worm.Autoruner.W C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059756.exe Disinfection failed C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059756.exe Deleted C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059757.exe Infected with: Backdoor.Hupigon.YLJ C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059757.exe Deleted D:\ah.exe Infected with: Win32.Worm.Autoruner.W D:\ah.exe Disinfection failed D:\ah.exe Deleted D:\Programa\pspv.zip=>pspv.exe Infected with: Trojan.Icqsmiley.E D:\Programa\pspv.zip=>pspv.exe Disinfection failed D:\Programa\pspv.zip=>pspv.exe Deleted D:\Programa\pspv.zip Updated D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049854.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049854.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049854.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049885.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049885.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049885.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049889.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049889.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049889.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050823.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050823.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050823.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050843.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050843.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050843.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050858.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050858.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050858.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050874.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050874.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050874.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050896.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050896.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050896.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050911.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050911.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050911.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050925.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050925.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050925.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050940.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050940.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050940.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050968.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050968.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050968.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050983.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050983.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050983.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050993.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050993.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050993.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0051000.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0051000.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0051000.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051033.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051033.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051033.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051044.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051044.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051044.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051079.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051079.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051079.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051144.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051144.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051144.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052146.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052146.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052146.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052150.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052150.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052150.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052169.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052169.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052169.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052181.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052181.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052181.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052213.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052213.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052213.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052233.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052233.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052233.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052275.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052275.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052275.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052286.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052286.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052286.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052308.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052308.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052308.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052314.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052314.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052314.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052344.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052344.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052344.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052370.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052370.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052370.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052414.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052414.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052414.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053416.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053416.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053416.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053437.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053437.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053437.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053466.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053466.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053466.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054466.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054466.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054466.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054503.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054503.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054503.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054515.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054515.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054515.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054525.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054525.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054525.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054536.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054536.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054536.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054563.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054563.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054563.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054583.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054583.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054583.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054596.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054596.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054596.exe Deleted D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059758.exe Infected with: Win32.Worm.Autoruner.W D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059758.exe Disinfection failed D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059758.exe Deleted D:\You-tube tools\allok_mp4converter liciense by Dr.XJ\allok_mp4converter.exe Infected with: Trojan.Generic.26312 D:\You-tube tools\allok_mp4converter liciense by Dr.XJ\allok_mp4converter.exe Disinfection failed D:\You-tube tools\allok_mp4converter liciense by Dr.XJ\allok_mp4converter.exe Deleted D:\You-tube tools\DVT\Flash2Video.KeyMaker.exe Infected with: Trojan.Packed.2547 D:\You-tube tools\DVT\Flash2Video.KeyMaker.exe Disinfection failed D:\You-tube tools\DVT\Flash2Video.KeyMaker.exe Deleted ---------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 08-01-04.1 - Administrador 2008-01-08 10:24:29.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.119 [GMT -2:00] Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE C:\WINDOWS\system32\j8Iu0J28.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPF ((((((((((((((((((((((( Ficheiros criados de 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))) . 2008-01-07 15:06 . 2008-01-07 15:06 <DIR> d----c--- C:\Arquivos de programas\Palavras-Cruzadas 7.0 2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais 2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais 2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais 2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais 2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\Default User\Configurações locais 2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais 2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d----c--- C:\Arquivos de programas\microsoft frontpage 2008-01-07 09:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent 2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d----c--- C:\Arquivos de programas\BitTorrent 2008-01-03 13:09 . 2008-01-03 13:09 59,931 --a--c--- C:\lojr075.prt 2007-12-27 22:46 . 2007-12-27 22:46 280 --ah-c--- C:\sqmdata03.sqm 2007-12-27 22:46 . 2007-12-27 22:46 244 --ah-c--- C:\sqmnoopt03.sqm 2007-12-27 15:22 . 2007-12-27 15:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-27 15:22 . 2007-12-27 15:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-27 15:22 . 2007-12-27 15:23 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-27 13:45 . 2007-12-27 13:46 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife 2007-12-27 13:43 . 2007-12-27 13:43 <DIR> d----c--- C:\Arquivos de programas\KAIZEN Games 2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys2.bmp 2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys1.bmp 2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d--h----- C:\Documents and Settings\All Users\Dados de aplicativos\{A3A7BCCE-9005-4A6C-82AB-8D46F544F53B} 2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d----c--- C:\Arquivos de programas\visiosonic 2007-12-20 13:55 . 2007-12-20 14:00 90,243,806 --a--c--- C:\lerda.##r 2007-12-20 13:43 . 2007-12-20 13:53 600,483 --a--c--- C:\matr600.prt 2007-12-20 12:57 . 2007-12-20 13:05 9,670 --a--c--- C:\mata030.prt 2007-12-19 13:41 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL 2007-12-19 13:41 . 1999-06-21 05:10 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL 2007-12-19 13:40 . 2007-12-19 13:40 <DIR> d----c--- C:\BDE 2007-12-19 13:34 . 2007-12-19 13:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared 2007-12-19 11:11 . 2007-12-19 11:11 <DIR> d----c--- C:\php 2007-12-19 10:57 . 2007-12-19 13:41 <DIR> d----c--- C:\BDE5202 2007-12-19 10:37 . 2007-12-19 10:37 <DIR> d----c--- C:\Arquivos de programas\PHP 2007-12-19 10:27 . 2007-12-19 10:27 <DIR> d----c--- C:\Arquivos de programas\Apache Group 2007-12-19 10:09 . 2007-12-19 10:09 <DIR> d----c--- C:\Arquivos de programas\Apache Software Foundation 2007-12-19 09:30 . 2007-12-19 09:30 <DIR> d----c--- C:\Arquivos de programas\Trend Micro 2007-12-18 11:23 . 2008-01-05 19:27 <DIR> d----c--- C:\SysLoja 2007-12-18 10:58 . 2007-12-18 10:58 <DIR> d----c--- C:\mtg 2007-12-17 19:26 . 2007-12-21 12:08 5,562 --a--c--- C:\matr580.prt 2007-12-15 09:42 . 2007-12-15 09:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitComet Turbo 2007-12-15 09:39 . 2007-12-15 09:39 <DIR> d-------- C:\WINDOWS\Sun 2007-12-15 09:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-15 09:30 . 2007-12-15 09:31 <DIR> d----c--- C:\Arquivos de programas\Java 2007-12-15 09:29 . 2007-12-15 09:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java 2007-12-13 21:50 . 2007-12-13 21:50 <DIR> d----c--- C:\Arquivos de programas\Nuclear Coffee 2007-12-13 08:59 . 2007-12-13 08:59 <DIR> d----c--- C:\ProgramData 2007-12-13 08:59 . 2007-12-19 15:54 <DIR> d--hs---- C:\Documents and Settings\Administrador\Dados de aplicativos\.# 2007-12-10 13:24 . 2007-12-10 14:19 0 --a------ C:\WINDOWS\system32\pqtmp.fil 2007-12-10 12:55 . 2007-12-10 14:19 <DIR> d----c--- C:\Arquivos de programas\HDD Health 2007-12-10 09:16 . 2007-12-10 13:23 821 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB 2007-12-10 09:14 . 2007-12-10 09:14 <DIR> d----c--- C:\Arquivos de programas\PowerQuest 2007-12-10 09:14 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE 2007-12-10 09:14 . 2001-08-10 07:00 3,252 --------- C:\WINDOWS\system32\drivers\PQNTDRV.SYS . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 10:29 --------- d-----w C:\Arquivos de programas\LogMeIn 2008-01-03 13:12 --------- d-----w C:\Arquivos de programas\MSN Messenger 2007-12-19 17:54 --------- d-sh--w C:\Documents and Settings\Administrador\Dados de aplicativos\.# 2007-12-11 00:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype 2007-12-10 11:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2007-12-10 11:02 --------- d-----w C:\Arquivos de programas\UltraVNC 2007-12-04 15:18 --------- d-----w C:\Arquivos de programas\Samsung 2007-12-04 15:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software 2007-12-03 20:10 --------- d-----w C:\Arquivos de programas\Fake Webcam 2007-11-24 17:00 --------- d-----w C:\Arquivos de programas\CamStudio 2007-11-24 12:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd3 2007-11-22 16:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2007-11-22 16:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-11-22 16:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motorola Shared 2007-11-19 17:03 --------- d-----w C:\Arquivos de programas\MSXML 4.0 2007-11-16 18:02 --------- d-----w C:\Arquivos de programas\TechnoLogismiki 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 09:59 --------- d-----w C:\Arquivos de programas\eMule . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 14:59 68856] "MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360] "BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2007-06-20 01:28 43008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976] "RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 15:03 63048] "googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 15:40 20480] "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 14:43 270336] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-21 14:52 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^EPSON Status Monitor 3 Environment Check(4).lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\EPSON Status Monitor 3 Environment Check(4).lnk backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(4).lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Arquivos de programas\eMule\emule.exe -AutoStart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth] C:\Arquivos de programas\HDD Health\hddhealth.exe -wl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Arquivos de programas\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "DBiFsi"=2 (0x2) R2 AVWUpSrv;AntiVir Update;"C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE" [2005-10-13 17:32] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 15:00] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55] R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22] R3 avgntdw;avgntdw;C:\Arquivos de programas\AVPersonal\AVGNTDW.SYS [2005-04-29 09:07] R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 14:22] S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 14:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523ddfe1-6fbc-11dc-8cc5-000d9d8f1ce9}] \Shell\Auto\command - G:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{804e5b0f-33b8-11da-8cc8-000d9d8f1ce9}] \Shell\Auto\command - H:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad4d7d8-7726-11dc-8ce0-000d9d8f1ce9}] \Shell\Auto\command - G:\ah.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe *Newly Created Service* - ASPI32 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 10:28:50 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializ veis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusÆo: 2008-01-08 10:30:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-08 12:30:43 . 2007-12-12 21:46:09 --- E O F --- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 8, 2008 Boa Tarde Rafildes! >@< Faça o download do Mx One 3.0.0 >@< Para baixar,clique em: Descargar >@< Salve o utilitário em C:\mxone.zip >@< Descompacte-o para uma pasta própria. << Reserve! ________________________ >@< Reinicie o computador em Modo de Segurança. >@< Clique com o direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema. >@< Marque: Desativar Restauração do Sistema >> Aplicar >> Ok. >@< Rode,agora,o seu Antivírus ( AVIRA ) e,tudo que encontrar,envie para a quarentena. >@< Desmarque,novamente,a RS >> Aplicar >> Ok. >@< Reinicie em Modo Normal. ________________________ >@< Faça outro scan em BitDefender,e poste o relatório. Delete o antigo! ________________________ >@< Agora,já podemos instalar a proteção anti-worm,que se instalam em memórias USB. >@< No Asistente de Instalacion Mx One,escolha: Instalador Mx One Guardian >@< Pelo worm detectado,voçê utiliza ou utilizou unidades de drivers removíveis. >@< Mantenha a proteção Mx One Guardian Tiempo Real,ativada. >@< Procure,também,atualizar o programa,sempre que houver disponibilidade! _______________________ >@< Poste,na sua resposta: Relatório do BitDefender + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 9, 2008 BitDefender Online Scanner Scan report generated at: Thu, Dec 27, 2007 - 09:37:30 Scan path: C:\;D:\;E:\;G:\; Statistics Time 00:43:20 Files 112676 Folders 3873 Boot Sectors 8 Archives 1174 Packed Files 6428 Results Identified Viruses 3 Infected Files 4 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 3 Engines Info Virus Definitions 887223 Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36) Scan plugins 14 Archive plugins 38 Unpack plugins 7 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\ah.exe Infected with: Win32.Worm.Autoruner.W C:\ah.exe Disinfection failed C:\ah.exe Deleted C:\WINDOWS\system32\config\svchost.exe Infected with: Win32.Worm.Autoruner.W C:\WINDOWS\system32\config\svchost.exe Disinfection failed C:\WINDOWS\system32\config\svchost.exe Delete failed D:\ah.exe Infected with: Win32.Worm.Autoruner.W D:\ah.exe Disinfection failed D:\ah.exe Deleted G:\ah.exe Infected with: Win32.Worm.Autoruner.W G:\ah.exe Disinfection failed G:\ah.exe Deleted ----------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:41, on 27/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\config\svchost.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\BitTorrent\bittorrent.exe C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Mx One\mogtr.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\v7020\DMMultiView\multiview.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9176 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 9, 2008 Depois dessas alterações feitas, para abrir as paginas de internet está demorando muito. e como a restaudação do sistema tinha sido destivada, não possuo nenhum ponto para retornar. oq posso fazer? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 9, 2008 Depois dessas alterações feitas, para abrir as paginas de internet está demorando muito. e como a restaudação do sistema tinha sido destivada, não possuo nenhum ponto para retornar. oq posso fazer? _______________ Boa Tarde Rafildes! >@< De quantos segundos,é o tempo de espera,para a abertura das páginas? _______________ >@< Cole,todo o conteúdo que está abaixo da palavra quote,para o Bloco de Notas. @echo offDEL /Q /S C:\WINDOWS\system32\config\svchost.exe @pause >@< Salve-o,no Desktop,como "Del.bat" >@< É importante que o nome fique,entre aspas. >@< Reinicie o computador,em Modo de Segurança. >@< Dê um duplo clique em "Del.bat",para executá-lo. >@< Ps:Execute-o apenas uma vez! >@< Abra o HijackThis e clique em,Do a system scan only. >@< Marque a entrada,logo abaixo,e clique em Fix checked. O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe >@< Reinicie em Modo Normal! _______________ >@< Poste,na sua resposta,um novo Log do HijackThis. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 10, 2008 É uma questão que quase um minuto, coisa muito lenta mesmo, tipo abre o IE, ai trava fica como "IE Não Responde", ai depois de mais de 40s abre a pagina e começa a carregar. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:15:40, on 27/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\Arquivos de programas\Mx One\mogtr.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ntvdm.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8549 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 10, 2008 Boa Tarde Rafildes! >@< Desinstale: < Google > >@< Após desinstalar,reinicie o computador. <!> Este procedimento,muitas vezes,concorre para um significativo aumento,na abertura do IE. _______________________ >@< Vá ao Editor do Registro e,navegue até: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace >@< Busque na coluna,à direita,a chave: Classld Key {D6277990-4C6A-11CF-8D87-00AA0060F5BF} >@< Procure deletar essa chave! >@< Saia do Registro e veja se houve um aumento,no carregamento do IE. ______________________ >@< Aguardo retorno! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Rafildes 0 Denunciar post Postado Janeiro 15, 2008 Não fiz nenhuma das alterações pedidas, meu pc ja ta a 101%, fico muito agradecido pela ajuda. Rafael Schmidt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 15, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico. Compartilhar este post Link para o post Compartilhar em outros sites
