rfsm 0 Denunciar post Postado Julho 5, 2008 Prezados, estou com o virus protejaseudrive e já tentei várias ferramentas sem sucesso, inclusive meu antivirus: mcafee. Se alguém puder me ajudar, eu agradeço. Tenho sistema Vista. coloco abaixo o log que recebi do aplicativo hijackthis. Muito obrigado, Ricardo Logfile of HijackThis v1.99.1 Scan saved at 17:18:23, on 05/07/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\sprscore.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\wpcumi.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\BitComet\BitComet.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\rundys32.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\mobsync.exe C:\Windows\explorer.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\rundll32.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [bM5d8c7c2a] Rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\lqykkvrs.dll",s O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\xxyxWMeF.dll,c O4 - HKCU\..\Run: [5ebf4fb6] rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\vemcbmjt.dll",b O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Julho 6, 2008 Baixe o ComboFix e salve na área de trabalho. Feche todos os programas. Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar. O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção. Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt. Atenção: Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco. Para parar o processo ou sair do ComboFix, tecle "2" e Enter. Aguardo um novo log do HijackThis juntamente com o ComboFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Julho 6, 2008 Prezado Sr. Silas, Executei o procedimento conforme sua orientação. Segue abaixo a listagem de hijackthis.txt e combofix.txt. Aguardo instruções. atenciosamente, Ricardo ComboFix 08-07-05.1 - administrador 2008-07-05 23:35:01.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1932 [GMT -3:00] Running from: C:\Users\administrador\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\administrador\AppData\Roaming\inst.exe C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 ))))))))))))))))))))))))))))))) . 2008-07-02 12:59 . 2008-07-02 12:59 <DIR> d-------- C:\Users\Ana Cecilia\AppData\Roaming\Talkback 2008-06-28 06:45 . 2008-06-28 09:24 <DIR> d-------- C:\SDAT 2008-06-27 17:49 . 2006-12-12 10:04 163,840 --a------ C:\Windows\System32\igfxres.dll 2008-06-23 15:07 . 2008-07-02 10:48 <DIR> dr------- C:\Users\Ana Cecilia\Documents 2008-06-22 22:05 . 2008-06-22 22:23 <DIR> d-------- C:\VundoFix Backups 2008-06-22 21:24 . 2008-06-22 21:24 524,288 --ahs---- C:\ntuser.dat{9cd7b3c0-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000002.regtrans-ms 2008-06-22 21:24 . 2008-06-22 22:51 524,288 --ahs---- C:\ntuser.dat{9cd7b3c0-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000001.regtrans-ms 2008-06-22 21:24 . 2008-06-22 21:24 524,288 --ahs---- C:\ntuser.dat{9cd7b3bc-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000002.regtrans-ms 2008-06-22 21:24 . 2008-06-22 21:24 524,288 --ahs---- C:\ntuser.dat{9cd7b3bc-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000001.regtrans-ms 2008-06-22 21:24 . 2008-06-22 22:42 262,144 --a------ C:\ntuser.dat 2008-06-22 21:24 . 2008-06-22 22:51 65,536 --ahs---- C:\ntuser.dat{9cd7b3c0-4086-11dd-ba02-00188bdef1c0}.TM.blf 2008-06-22 21:24 . 2008-06-22 21:24 65,536 --ahs---- C:\ntuser.dat{9cd7b3bc-4086-11dd-ba02-00188bdef1c0}.TM.blf 2008-06-22 21:24 . 2008-06-22 22:42 5,120 --ah----- C:\ntuser.dat.LOG1 2008-06-22 21:24 . 2008-06-22 21:24 0 --ah----- C:\ntuser.dat.LOG2 2008-06-21 23:42 . 2008-06-21 23:42 <DIR> d-------- C:\Users\All Users\WindowsSearch 2008-06-21 23:42 . 2008-06-21 23:42 <DIR> d-------- C:\ProgramData\WindowsSearch 2008-06-21 23:03 . 2008-06-21 23:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-21 22:33 . 2008-06-27 15:38 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-21 22:33 . 2008-06-27 15:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-21 22:33 . 2008-06-27 15:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-21 20:39 . 2008-06-21 20:39 <DIR> d-------- C:\PerfLogs 2008-06-21 10:43 . 2008-06-21 10:44 <DIR> d-------- C:\Users\Public\fotos ana 21.06.08 2008-06-17 17:35 . 2008-06-17 17:35 <DIR> d-------- C:\Meus documentos WebEx 2008-06-17 17:17 . 2008-06-17 17:17 <DIR> d-------- C:\Users\Ana Cecilia\WebEx 2008-06-17 17:17 . 2008-06-17 17:18 <DIR> d-------- C:\Users\Ana Cecilia\AppData\Roaming\webex 2008-06-17 17:17 . 2008-06-17 17:17 <DIR> d-------- C:\Users\All Users\WebEx 2008-06-17 17:17 . 2008-06-17 17:17 <DIR> d-------- C:\ProgramData\WebEx 2008-06-15 19:05 . 2008-06-15 19:05 <DIR> d-------- C:\Users\Ana Cecilia\AppData\Roaming\Nero 2008-06-15 14:05 . 2008-06-15 14:05 <DIR> d-------- C:\Users\administrador\AppData\Roaming\Talkback 2008-06-15 12:12 . 2008-06-15 12:12 <DIR> d-------- C:\Users\Eduardo\AppData\Roaming\Nero 2008-06-15 10:40 . 2008-06-15 10:40 <DIR> d-------- C:\Users\Pedro\AppData\Roaming\Talkback 2008-06-15 10:34 . 2008-06-15 10:34 <DIR> d-------- C:\Users\Pedro\AppData\Roaming\Nero 2008-06-15 08:53 . 2008-06-15 08:53 <DIR> d-------- C:\Users\Carolina\AppData\Roaming\Talkback 2008-06-15 08:51 . 2008-06-15 08:51 <DIR> d-------- C:\Users\Carolina\AppData\Roaming\Nero 2008-06-14 22:05 . 2008-06-14 22:05 <DIR> d-------- C:\Program Files\NeroInstall.bak 2008-06-14 21:54 . 2008-06-14 21:54 <DIR> d-------- C:\Users\administrador\AppData\Roaming\Nero 2008-06-14 21:52 . 2008-04-23 01:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-14 21:52 . 2008-04-23 01:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-14 21:52 . 2008-04-23 01:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-14 21:52 . 2008-01-19 04:33 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-14 21:52 . 2008-01-19 04:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-14 21:52 . 2008-04-23 01:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-14 21:39 . 2008-06-14 21:39 <DIR> d-------- C:\Users\All Users\Nero 2008-06-14 21:39 . 2008-06-14 21:39 <DIR> d-------- C:\ProgramData\Nero 2008-06-14 21:39 . 2008-06-14 21:39 <DIR> d-------- C:\Program Files\Nero 2008-06-14 21:39 . 2008-06-14 21:47 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-14 21:16 . 2008-06-14 21:16 <DIR> d-------- C:\Windows\Mozilla 2008-06-14 21:16 . 2008-06-14 21:16 0 --a------ C:\Windows\nsreg.dat 2008-06-14 21:05 . 2008-06-14 21:05 <DIR> d-------- C:\Program Files\MediaCoder 2008-06-10 21:10 . 2008-04-24 23:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-10 21:10 . 2008-04-25 01:35 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-10 19:39 . 2008-04-26 05:08 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-10 19:27 . 2008-05-09 22:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-08 22:59 . 2008-06-08 23:48 <DIR> d-------- C:\Users\administrador\AppData\Roaming\Vso 2008-06-08 22:59 . 2008-06-08 22:59 <DIR> d-------- C:\Program Files\DVDFab 5 2008-06-08 22:59 . 2008-06-08 22:59 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys 2008-06-08 22:59 . 2008-06-08 22:59 47,360 --a------ C:\Users\administrador\AppData\Roaming\pcouffin.sys 2008-06-08 22:32 . 2008-06-08 22:32 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-06-08 22:31 . 2000-06-22 13:49 842,240 --a------ C:\Windows\System32\ir414422.rra 2008-06-08 22:31 . 2000-06-23 10:36 745,984 --a------ C:\Windows\System32\ir504931.rra 2008-06-08 22:31 . 2000-06-26 11:57 202,240 --a------ C:\Windows\System32\ir324615.rra 2008-06-08 22:31 . 2000-06-23 14:06 192,000 --a------ C:\Windows\System32\iac2470f.rra 2008-06-08 22:31 . 2000-06-22 18:11 145,408 --a------ C:\Windows\System32\Ivfs4a2a.rra 2008-06-08 22:27 . 2008-06-08 22:27 <DIR> d-------- C:\Program Files\LucasArts 2008-06-07 19:32 . 2008-06-30 22:10 <DIR> d-------- C:\Users\administrador\AppData\Roaming\skypePM 2008-06-07 19:32 . 2008-06-07 19:32 32 --a------ C:\Users\All Users\ezsid.dat 2008-06-07 19:32 . 2008-06-07 19:32 32 --a------ C:\ProgramData\ezsid.dat 2008-06-07 19:12 . 2008-06-07 19:12 <DIR> d-------- C:\Program Files\Common Files\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 11:07 --------- d-----w C:\Program Files\McAfee 2008-07-01 02:34 --------- d-----w C:\Users\administrador\AppData\Roaming\Skype 2008-06-26 14:46 --------- d-----w C:\Users\administrador\AppData\Roaming\SiteAdvisor 2008-06-22 10:08 --------- d-----w C:\Users\administrador\AppData\Roaming\D-Link Media Server 2008-06-22 01:08 --------- d-----w C:\ProgramData\McAfee 2008-06-22 01:01 --------- d-----w C:\Program Files\SiteAdvisor 2008-06-21 23:56 174 --sha-w C:\Program Files\desktop.ini 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Mail 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Journal 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Defender 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Calendar 2008-06-21 23:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-21 23:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-19 22:51 --------- d-----w C:\Users\Pedro\AppData\Roaming\SiteAdvisor 2008-06-09 01:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-07 22:37 --------- d-----w C:\ProgramData\DVD Shrink 2008-06-07 22:12 --------- d-----w C:\ProgramData\Skype 2008-06-07 22:12 --------- d-----w C:\Program Files\Skype 2008-05-27 23:19 --------- d-----w C:\Users\Carolina\AppData\Roaming\SiteAdvisor 2008-05-26 01:21 --------- d-----w C:\Program Files\BitLocker 2008-05-26 01:18 --------- d-----w C:\Program Files\Microsoft Games 2008-05-26 01:17 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-21 18:07 --------- d-----w C:\Users\Ana Cecilia\AppData\Roaming\SiteAdvisor 2008-05-15 06:07 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-11 20:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-02-27 15:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-27 15:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-02-27 15:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 04:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 04:33 125952] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 04:33 202240] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-03-27 04:06 7092024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 10:02 98304] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 10:03 106496] "Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 10:02 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "stezinit"="C:\Windows\sprscore.exe" [2007-04-22 12:38 724992] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 09:33 176128] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-13 15:42 73728] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-13 15:42 8425472] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-13 15:42 81920] C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk] backup=C:\Windows\pss\Event Planner Reminders Tray Icon.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^administrador^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^D-Link Media Server.lnk] backup=C:\Windows\pss\D-Link Media Server.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5ebf4fb6 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5d8c7c2a HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2008-03-27 04:06 7092024 C:\Program Files\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] --a------ 2007-08-03 22:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI] --a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor] --a------ 2007-02-09 14:18 36904 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{509CDB8A-E5C5-4417-B030-5D4F77F649DA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{C916445A-A2E1-485F-9B3F-FA79E6344074}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{F8A21B42-5653-4AE6-9798-407DF8B97686}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{FA1320AA-C7A9-4FD4-A723-45CF7DAB2B93}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{97B09293-C71A-4D38-836F-E2285D69B10C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{79E8AE58-C6C1-4959-8F5E-83C79569A954}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{E4C3E3C2-1E6F-4A98-B5B3-855D5208C33C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8477D68D-E84B-4D13-A323-FCBA534D928A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{491436DF-45C0-49B7-8670-5039A9F2878B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{77D8212F-05E9-4274-B985-650ECCC27804}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2C3306B6-DCF7-4055-94C3-A5E7110A6CC3}"= UDP:18444:BitComet 18444 TCP "{06708002-746F-4DF8-9C8F-E6D2FF12FC82}"= TCP:18444:BitComet 18444 UDP "{FA16A787-E957-460B-8EE1-9AE9FF8B79F7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{6E5F5096-8658-4DF1-A0BB-7C8BBDDEEAD4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 01:25] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Contents of the 'Scheduled Tasks' folder "2008-05-15 13:09:59 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-06-01 04:00:55 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-07-05 19:26:36 C:\Windows\Tasks\User_Feed_Synchronization-{FF3AAD01-EFCD-43F8-B8EE-C6FC21507060}.job" - C:\Windows\system32\msfeedssync.exe . - - - - ORPHANS REMOVED - - - - ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 23:39:34 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-05 23:42:04 ComboFix-quarantined-files.txt 2008-07-06 02:42:01 Pre-Run: 99,092,213,760 bytes free Post-Run: 99,244,834,816 bytes free 230 --- E O F --- 2008-06-25 06:00:35 Logfile of HijackThis v1.99.1 Scan saved at 23:45:36, on 05/07/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\mobsync.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\sprscore.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\rundys32.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\Explorer.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Julho 12, 2008 Execute o Active Scan da Panda, observando os seguintes procedimentos: 1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas; 2) Para iniciar o processo, clique sobre o botão ; 3) Informe os dados solicitados no formulário; 4) Clique sobre o botão "Pesquise agora sem custos"; 5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura; 6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop; 7) Poste o conteúdo do log em sua próxima resposta. Abraços. Processo elaborado e formatado por :Jgarcia Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Julho 13, 2008 Prezado Silas, Segue o log do programa active scan panda. at., Ricardo ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2008-07-13 17:29:33 PROTECTIONS: 3 MALWARE: 90 SUSPECTS: 1 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Windows Defender 1.1.2503.0 No Yes McAfee Internet Security Suite 2007 8.1 No No McAfee VirusScan Plus 12.1 No No ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes1\cv\curricprop.doc 00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes\cv\curricprop.doc 00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes1\cv\curricprop.doc 00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes\cv\curricprop.doc 00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI 00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI 00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI 00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI 00024402 Exploit/iFrame HackTools No 0 Yes No archive folders\deleted items\re: [britishschool-pta] lembrete - pta meeting\att00000.html 00047758 W32/Bagle.AW.worm Virus/Worm No 0 Yes No personal folders\inbox\foto\fotos.zip[foto.htm] 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI789F.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI6556.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIE2BA.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIE492.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIEA6E.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI601C.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI5CEC.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI5014.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI4D38.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIF372.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIFC69.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI6960.tmp 00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PID75F.tmp 00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No rm2004-2\caixa de entrada\0fficiaI Information For CIient Of CitiBank [sat, 18 Sep 2004 18:22:54 -0500] 00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No rm2004-2\caixa de entrada\0fficiaI Information For CIient Of CitiBank [sat, 18 Sep 2004 18:22:54 -0500] 00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\this is the best get well present!\operation flashpoint,age of empires 2,cossacks,+most other games.exe 00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\espetacular\operation flashpoint,age of empires 2,cossacks,+most other games.exe 00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\enc: this is the best get well present!\operation flashpoint,age of empires 2,cossacks,+most other games.exe 00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\this is the best christmas present!\operation flashpoint,age of empires 2,cossacks,+most other games.exe 00116976 W32/Bagle.AW.worm Virus/Worm No 0 Yes No personal folders\inbox\foto\fotos.zip[1/calc.exe] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@trafficmp[1].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/] 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@casalemedia[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@casalemedia[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@casalemedia[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\administrador@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Cookies\eduardo@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@atdmt[2].txt 00139535 Application/Processor HackTools No 0 No No C:\Downloads\VirtumundoBeGone.exe[²ƒÇ] 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@tradedoubler[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@tradedoubler[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@tradedoubler[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@247realmedia[1].txt 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bfast[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@fastclick[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@mediaplex[1].txt 00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@sexlist[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@linksynergy[2].txt 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ccbill[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@revenue[2].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@revenue[2].txt 00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www.myaffiliateprogram[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@yadro[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@yadro[1].txt 00167681 Cookie/Dbbsrv TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@dbbsrv[1].txt 00167681 Cookie/Dbbsrv TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@dbbsrv[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.xiti.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@xiti[1].txt 00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@gostats[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@azjmp[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@azjmp[2].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.toplist.cz/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@toplist[2].txt 00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@toplist[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@statcounter[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@statcounter[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@statcounter[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@statcounter[2].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@counter.hitslink[1].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@counter.hitslink[1].txt 00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter1.sextracker[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\administrador@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/] 00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter10.sextracker[2].txt 00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter4.sextracker[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@apmebf[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@burstnet[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@burstnet[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@burstnet[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.bs.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.bs.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@bs.serving-sys[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www.burstbeacon[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@weborama[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@weborama[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@server.iad.liveperson[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@server.iad.liveperson[1].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@stat.onestat[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@stat.onestat[1].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@fl01.ct2.comclick[1].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@fl01.ct2.comclick[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@advertising[1].txt 00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@sextracker[2].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@media.adrevolver[3].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@statse.webtrendslive[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@statse.webtrendslive[3].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@statse.webtrendslive[4].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/] 00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@de.uol.com[1].txt 00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@de.uol.com[1].txt 00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@de.uol.com[1].txt 00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@de.uol.com[1].txt 00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@fortunecity[2].txt 00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@ig.com[2].txt 00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ig.com[1].txt 00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ig.com[1].txt 00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ig.com[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@realmedia[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@realmedia[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@realmedia[1].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@terra.com[1].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@terra.com[1].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@terra.com[2].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@terra.com[2].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@terra.com[1].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.terra.com.br/] 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@uol.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@uol.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@uol.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\administrador@uol.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.uol.com.br/] 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uol.com[2].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@uol.com[2].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@uol.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.uol.com.br/] 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@uol.com[1].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@uol.com[2].txt 00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www5.addfreestats[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bluestreak[1].txt 00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@c5.zedo[1].txt 00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter2.sextracker[1].txt 00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@xxxcounter[1].txt 00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@phg.hitbox[2].txt 00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@phg.hitbox[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adrevolver[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@adrevolver[1].txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bravenet[1].txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@bravenet[1].txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@bravenet[1].txt 00188043 Cookie/adstat TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ad.stat.4u[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adultfriendfinder[2].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.adultfriendfinder.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@go[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@go[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@searchportal.information[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@searchportal.information[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@target[1].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@did-it[1].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@adviva[2].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adviva[2].txt 00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@adviva[2].txt 00209833 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@acesso.uol.com[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@atwola[2].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www1.addfreestats[1].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@www1.addfreestats[1].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ehg-dig.hitbox[2].txt 00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ehg-dig.hitbox[2].txt 00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ads.addynamix[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@citi.bridgetrack[2].txt 00519333 Application/Processor HackTools No 0 Yes No C:\Downloads\VirtumundoBeGone.exe 01298745 W32/Badtrans.B.worm Virus/Worm No 0 Yes No archive folders\deleted items\re: [britishschool-pta] lembrete - pta meeting\readme.mp3.scr 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.adserver.easyad.info/] 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adserver.easyad[1].txt 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@adserver.easyad[1].txt 02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter12.sextracker[1].txt 02513660 Adware/VideoAddon Adware No 0 No No C:\Users\Pedro\Documents\Favorites\Links\setup.exe[²ÜÇ\refr.dll] 02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@advancedcleaner[1].txt 02901703 Application/DriveProteccion HackTools No 0 No No C:\Downloads\xmoto-0.3.4-win32-setup.exe[sqlite3.dll] ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location %)J@s5 ;=============================================================================== ================================================================================= =================== No C:\VundoFix Backups\nnnMFVoL.dll.bad %)J@s5 ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description %)J@s5 ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Julho 13, 2008 Estarei em breve retornando com uma resposta para você saber como agir Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Julho 14, 2008 muito obrigado. boa noite. Ricardo Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Julho 19, 2008 Baixe o SDFix e e arquive na sua área de trabalho. *Execute o SDFix.exe[/b] clicando duas vezes sobre ele. * Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix * Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança) * Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script. * Aperte Y para iniciar a limpeza do processo. * Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar. * Pressione qualquer tecla e ele irá reiniciar o PC. * Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones. * Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt. *Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal. Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Julho 20, 2008 Prezado Silas, boa tarde. Infelizmente este último procedimento não funcionou. Baixei o SDFIX, reiniciei p WINDOWS VISTA em modo seguro e cliquei duas vezes em RunThis.bat, porém o programa não executa (abre a tela de prompt por 1 segundo, ela fecha e nada acontece). O que devo fazer ? atenciosamente, Ricardo Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Julho 22, 2008 Peço que realize o download do Ad-aware versão 2007 e scaneie o compoutador, tal software (Ad-aware pode ser encontrado no www.baixaki.com.br) Feito isso: Siga as Instruções: Baixe o MSNfix. Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento. Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga. Caso queira interromper o processo aperte a tecla Q Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt. Poste juntamente um novo log do Hijackthis Aguardo o retorno. Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Agosto 10, 2008 Prezado Silas, Bom dia. segue abaixo o log do MSNFIX e do Hijackthis. Aguardo sua orientação. Desde já muito obrigado. Atenciosamente, Ricardo MSNFix 1.737 C:\Downloads\MSNFix\MSNFix Scan done at 10/08/2008 - 7:36:36,56 By administrador normal mode ************************ Checking Files No files found ************************ Checking Folders No Folders Found ************************ Suspect Files No files found ************************ HKLM\...\Winlogon\Userinit Userinit = C:\Windows\system32\userinit.exe, ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:33:15, on 10/08/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\sprscore.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\wpcumi.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\BitComet\BitComet.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Windows\rundys32.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\system32\wuauclt.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Agosto 11, 2008 Baixe o Malwarebytes Anti-Malware * Inicie a instalação clique em "mbam-setup.exe"; * Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir. * Marque "Verificação Rápida" e depois clique em Verificar. * Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log; * Se algo for detectado, veja se tudo está marcado e clique em "Remover"; * O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal; * Copie e cole esse log, juntamente com o novo log do hijacktihis . Aguado o retorno. Off-topic: Delete os arquivos temporários Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Agosto 11, 2008 Prezado Silas, bom dia. Segue o log do Malwarebytes e do Hijackthis. Deletei os arquivos temporários através da tela "propriedades" do disco C. Está correto ? Aguardo sua orientação. atenciosamente, Ricardo Malwarebytes' Anti-Malware 1.24 Database version: 1040 Windows 6.0.6001 Service Pack 1 08:26:15 11/08/2008 mbam-log-8-11-2008 (08-26-11).txt Scan type: Quick Scan Objects scanned: 57169 Time elapsed: 6 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of HijackThis v1.99.1 Scan saved at 08:43:07, on 11/08/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe C:\Windows\sprscore.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\wpcumi.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\D-Link Media Server\MediaGUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\D-Link Media Server\MediaServer.exe C:\Windows\rundys32.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Agosto 12, 2008 Sim esta correto. Siga as instruções abaixo: Faça o download do VundoFix no link : http://www.atribune.org/ccount/click.php?id=4 Clique duas vezes em VundoFix.exee ele ira iniciar. Ao abrir o VundoFix clique em scan for Vundo. Espere acabar o scan. Terminado o scan clique em Remove Vundo Irá aparecer um alerta khe indagando se deseja remover os arquivos. Clique em YES. Suaárea de trabalho irá sumir, mas não se preocupe isto é padrão. Reinicie o pc para que se complete o scan, clique em [OK Retorne com o log do VundoFix que se encontra em C:\vundofix.txt juntamente com um novo log do hijackthis Aguardo Retorno Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Agosto 12, 2008 Prezado Silas, boa noite. o programa fixvundo não acusou a presença de nenhum virus. segue o log do fixvundo e do hijackthis. aguardo orientação. atenciosamente, Ricardo VundoFix V7.0.6 VundoFix V7.0.6 Scan started at 23:19:13 11/08/2008 Listing files found while scanning.... No infected files were found. Logfile of HijackThis v1.99.1 Scan saved at 23:44:12, on 11/08/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe C:\Windows\sprscore.exe C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\wpcumi.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\D-Link Media Server\MediaGUI.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\rundys32.exe C:\Program Files\D-Link Media Server\MediaServer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe C:\Windows\explorer.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Agosto 13, 2008 Baixe o PenClean siga as instruções abaixo para eliminar as ameaças. Selecione a opção verificar computador e clique no botão Verificar. O exame é bem rápido e caso o programa encontre algum programa malicioso surgirá uma janela pedindo para reiniciar o computador, clique em Sim. O relatório do PenClean, ou log, é salvo na pasta C:\PenClean\PenClean.txt, poste também um novo log do hijackthis Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Agosto 15, 2008 Prezado Silas, boa noite. segue os logs do programa penclean e hijackthis. aguardo novas instruções. atenciosamente, Ricardo Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 15/08/2008 20:28:46 ----------------------------------------------------------- Arquivos e chaves excluídos do computador: Malware não detectado no computador! ----------------------------------------------------------- Fim da análise no computador. ----------------------------------------------------------- Arquivos e chaves excluídos do computador: Malware não detectado no computador! ----------------------------------------------------------- Fim da análise no computador. ----------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 20:32:58, on 15/08/2008 Platform: Unknown Windows (WinNT 6.00.1905 SP1) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\sprscore.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\wpcumi.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\D-Link Media Server\MediaGUI.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\D-Link Media Server\MediaServer.exe C:\Windows\rundys32.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\igfxsrvc.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
rfsm 0 Denunciar post Postado Agosto 23, 2008 Prezado Silas, boa tarde. Como devo proceder após o envio do último diagnóstico ? atenciosamente, Ricardo Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Setembro 11, 2008 Delete o combofix, e siga as instruções abaixo: Baixe o ComboFix e salve na área de trabalho. Feche todos os programas. Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar. O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção. Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt. Atenção: Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco. Para parar o processo ou sair do ComboFix, tecle "2" e Enter. Aguardo um novo log do HijackThis juntamente com o ComboFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 11, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
