DidoLaco 0 Denunciar post Postado Setembro 30, 2008 De uns tempos pra cá comecei a perceber que nenhuma alteração de perfil ficava gravada Exemplos: Papel de parede não altera Mouse não altera cor Já tentei por meio das ferramentas nada está bloqueado O estranho é que antes de escolher o usuário O mouse está lá dourado e após entrar volta ao normal Screen do meu Desktop Desktop Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:35, on 30/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\WINDOWS\system32\taskmgr.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6708 bytes Ahhh Antes de mais nada Já Agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 1, 2008 Siga as Instruções: Baixe o MSNfix. Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento. Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga. Caso queira interromper o processo aperte a tecla Q Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt. Poste juntamente um novo log do Hijackthis Aguardo o retorno. Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 2, 2008 Vamos lá! Baixei o Msnfix Fiz como solicitado Apareceu lá Infection Presente Porém ao acabar não abriu o log e Apareceu que ainda haviam arquivos para serem removidos e era necessário reiniciar Dai após eu reiniciar apareceu a janelinha do msnfix novamente Dai ela sumiu e apareceu alguns outros blocos de notas no desktop que não consegui decifrar E também uma pasta Upload_Me Dai tentei reabrir msn fix e apareceu uma mensagem de erro que tirei screen Na primeira vez que upei a imagem apareceu isso http://img46034.pictiger.com/images/16950792/ Dá segunda vez aparareceu a imagem real http://img46034.pictiger.com/images/16950807/ Fikei assustadoo LOG HJT após isto: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:48, on 1/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6556 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 2, 2008 Anti-malware Malwarebytes Baixe o Malwarebytes Anti-Malware * Inicie a instalação clique em "mbam-setup.exe"; * Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir. * Marque "Verificação Rápida" e depois clique em Verificar. * Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log; * Se algo for detectado, veja se tudo está marcado e clique em "Remover"; * O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal; * Copie e cole esse log, juntamente com o novo log do hijacktihis . Aguado o retorno. Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 3, 2008 Como Solicitado, Log MalwareBytes Malwarebytes' Anti-Malware 1.28 Versão do banco de dados: 1225 Windows 5.1.2600 Service Pack 2 3/10/2008 09:45:18 mbam-log-2008-10-03 (09-45-18).txt Tipo de Verificação: Rápida Objetos verificados: 43288 Tempo decorrido: 5 minute(s), 59 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 1 Arquivos infectados: 2 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Arquivos infectados: C:\Documents and Settings\Fernando\Desktop\epp301_en.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.MSNFix (Trojan.Agent) -> Quarantined and deleted successfully. Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:46:46, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6589 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 3, 2008 Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos; 3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção); 4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt; 5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco); 6) Para parar ou sair do ComboFix, tecle "N"; 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta. OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO. Atenção: Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco. Para parar o processo ou sair do ComboFix, tecle "2" e Enter. Aguardo o retorno Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 3, 2008 Combo Fiz não encontrou nada e após ultilizar a ferramente travou minnha internet tive de reiniciar Segue logs ComboFix 08-10-03.01 - Fernando 2008-10-03 16:28:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.703 [GMT -3:00] Executando de: C:\Documents and Settings\Fernando\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((( Ficheiros criados de 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))) . 2008-10-03 09:36 . 2008-10-03 09:36 <DIR> d-------- C:\Documents and Settings\Fernando\Dados de aplicativos\Malwarebytes 2008-10-03 09:36 . 2008-10-03 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2008-10-03 09:36 . 2008-10-03 09:37 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2008-10-03 09:36 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-03 09:36 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-30 00:45 . 2008-09-30 00:45 <DIR> d-------- C:\Arquivos de programas\Total Video Converter 2008-09-29 23:48 . 2008-09-29 23:48 <DIR> d-------- C:\Arquivos de programas\XviD 2008-09-29 23:47 . 2008-09-29 23:47 <DIR> d-------- C:\Apex 2008-09-29 23:47 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-09-29 23:47 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2008-09-29 23:19 . 2008-09-30 21:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-09-29 21:38 . 2008-09-29 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2008-09-29 21:38 . 2008-09-29 21:38 <DIR> d-------- C:\Arquivos de programas\Avira 2008-09-29 21:20 . 2008-09-29 21:20 <DIR> d-------- C:\Documents and Settings\Fernando\Dados de aplicativos\CursorArts 2008-09-29 21:20 . 2008-09-29 21:20 <DIR> d-------- C:\Arquivos de programas\ActivIcons 2008-09-29 21:20 . 2008-09-29 21:20 0 --a------ C:\Default.Bmp 2008-09-29 20:59 . 2008-09-29 20:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-09-28 18:29 . 2008-09-28 18:29 <DIR> d-------- C:\Arquivos de programas\Norton Security Scan 2008-09-28 18:28 . 2008-09-28 18:46 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-09-27 21:17 . 2008-09-27 21:18 <DIR> d-------- C:\Arquivos de programas\Ares 2008-09-25 14:27 . 2008-09-25 14:27 <DIR> d-------- C:\Dev-Cpp 2008-09-25 14:22 . 2008-09-25 14:22 <DIR> d-------- C:\493427c823b2859b3ff6 2008-09-25 14:15 . 2008-09-25 14:15 <DIR> d-------- C:\2a1ca262daa0a30705e574 2008-09-25 13:11 . 2008-09-25 13:11 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack 2008-09-25 13:11 . 2008-07-09 05:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-09-19 00:18 . 2008-09-19 00:18 <DIR> d-------- C:\Intel 2008-09-04 00:07 . 2008-09-04 00:08 <DIR> d-------- C:\LogicBasic65Prof 2008-09-04 00:07 . 2008-09-08 17:17 <DIR> d-------- C:\Arquivos de programas\Logic Basic 6.5 Profissional 2008-09-04 00:07 . 2000-05-22 16:58 647,872 --a-s---- C:\WINDOWS\system32\MSCOMCT2.OCX 2008-09-04 00:07 . 2000-05-22 16:58 608,448 --a-s---- C:\WINDOWS\system32\COMCTL32.OCX 2008-09-04 00:07 . 2004-08-04 00:45 561,179 --a-s---- C:\WINDOWS\system32\DAO360.DLL 2008-09-04 00:07 . 2000-12-03 03:02 260,096 --a-s---- C:\WINDOWS\system32\Richtx32.ocx 2008-09-04 00:07 . 2002-07-09 18:42 140,288 --a-s---- C:\WINDOWS\system32\COMDLG32.OCX 2008-09-04 00:07 . 1998-06-24 00:00 115,016 --a-s---- C:\WINDOWS\system32\MSINET.OCX 2008-09-04 00:07 . 1998-06-24 00:00 108,336 --a-s---- C:\WINDOWS\system32\MSWINSCK.OCX 2008-09-04 00:07 . 2000-07-15 02:00 101,888 --a-s---- C:\WINDOWS\system32\VB6STKIT.DLL 2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Borland 2008-09-03 23:59 . 2008-09-03 23:59 <DIR> d-------- C:\Arquivos de programas\Apoio . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 19:32 93,880,352 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-03 13:00 1,092,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-01 00:42 --------- d-----w C:\Arquivos de programas\PokerStars 2008-09-30 23:21 --------- d-----w C:\Arquivos de programas\Tibia 2008-09-30 03:34 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Ahead 2008-09-30 02:37 98,304 ----a-w C:\WINDOWS\DUMP87ec.tmp 2008-09-28 19:04 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\Tibia 2008-09-28 01:40 --------- d-----w C:\Arquivos de programas\eMule 2008-09-08 22:36 --------- d-----w C:\Arquivos de programas\EditPlus 3 2008-08-30 19:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8 2008-08-30 18:57 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys.prepare 2008-08-26 19:11 987,136 ----a-w C:\WINDOWS\system32\VSFilter.dll 2008-08-25 23:28 --------- d-----w C:\Arquivos de programas\Tibi 2008-08-09 14:23 --------- d-----w C:\Arquivos de programas\Opera 2008-08-07 23:24 --------- d-----w C:\Documents and Settings\Fernando\Dados de aplicativos\EditPlus 3 2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:18 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-05 10:14 456,192 ----a-w C:\WINDOWS\system32\libmplayer.dll 2008-07-05 10:14 3,591,168 ----a-w C:\WINDOWS\system32\libavcodec.dll 2008-07-05 10:13 708,096 ----a-w C:\WINDOWS\system32\ff_x264.dll 2008-02-22 22:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat 2008-02-10 00:24 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008020920080210\index.dat 2008-02-22 22:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat 2008-02-22 22:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat . ------- Sigcheck ------- 2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\ctfmon.exe 2007-07-21 18:40 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\system32\ctfmon.exe 2008-04-13 23:21 26112 a7ea40f680163808d96f89b4ff991876 C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\userinit.exe 2008-06-15 13:38 24576 82499bc86026612c6cef78aba0f633e3 C:\WINDOWS\system32\userinit.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-13_23.40.12.76 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-02 13:33:05 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll + 2008-05-02 14:01:56 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll + 2008-05-02 13:44:58 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll + 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll + 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe + 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll + 2007-11-30 11:18:16 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe + 2007-11-30 12:39:05 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll + 2008-07-07 20:28:46 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:25:26 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:38:57 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:38:57 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll + 2008-04-11 19:05:45 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll + 2008-04-12 03:23:28 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll + 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll + 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe + 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll + 2007-12-03 15:25:15 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe + 2007-11-30 12:39:05 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:18:16 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:18:16 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:18:16 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:39:05 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:39:05 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-05-01 15:06:19 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll + 2008-05-01 14:36:56 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll + 2008-05-01 14:39:19 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll + 2007-11-30 11:18:16 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll + 2007-11-30 11:18:16 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe + 2007-11-30 11:18:16 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll + 2007-11-30 11:18:16 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe + 2007-11-30 11:18:17 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll + 2008-06-24 16:43:36 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:53:55 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:05 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:05 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll + 2007-11-30 12:39:04 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll + 2007-11-30 12:39:04 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe + 2007-11-30 12:39:04 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll + 2007-11-30 12:39:05 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe + 2007-11-30 12:39:05 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll + 2004-08-04 02:56:52 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll + 2007-11-30 12:39:04 233,336 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe + 2007-11-30 12:39:05 395,128 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll + 2007-09-02 17:32:38 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll + 2007-11-30 12:39:04 233,336 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe + 2007-11-30 12:38:57 395,128 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll + 2007-08-21 06:25:40 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll + 2007-11-30 12:39:04 233,336 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe + 2007-11-30 12:39:05 395,128 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll + 2007-11-30 11:18:16 233,336 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe + 2007-11-30 12:39:05 395,128 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll + 2008-06-15 16:38:43 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe + 2007-07-21 21:40:40 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll + 2007-11-30 11:18:16 233,336 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe + 2007-11-30 11:18:17 395,128 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll + 2007-09-02 17:31:38 73,728 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll + 2007-11-30 12:39:04 233,336 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe + 2007-11-30 12:39:05 395,128 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll + 2007-11-30 12:39:04 233,336 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe + 2007-11-30 12:39:05 395,128 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll + 2008-03-01 12:35:02 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll + 2008-03-01 12:35:02 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll + 2008-03-01 12:35:02 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll + 2008-03-01 12:35:02 132,608 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll + 2008-03-01 12:35:02 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll + 2008-02-22 09:39:56 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe + 2008-03-01 12:35:02 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll + 2008-03-01 12:35:02 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll + 2008-03-01 12:35:02 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll + 2008-03-01 12:35:02 388,608 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll + 2008-03-01 12:35:04 6,067,712 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll + 2008-03-01 12:35:04 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll + 2008-03-01 12:35:04 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll + 2008-02-22 09:39:56 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe + 2008-02-22 09:40:22 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe + 2008-03-01 12:35:04 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll + 2008-03-01 12:35:04 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll + 2008-03-01 12:35:04 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll + 2008-03-01 12:35:05 3,593,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll + 2008-03-01 12:35:06 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll + 2008-03-01 12:35:06 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll.000 + 2008-03-01 12:35:06 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll + 2008-03-01 12:35:06 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll + 2008-03-01 12:35:06 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll + 2008-03-01 12:35:06 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll + 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe + 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll + 2008-03-01 12:35:06 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll + 2008-03-01 12:35:07 1,162,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll + 2008-03-01 12:35:07 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll + 2008-03-01 12:35:07 827,392 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll + 2008-09-28 21:29:05 55,296 ----a-r C:\WINDOWS\Installer\{48B82226-75E3-4E90-92CC-D30F79EA6380}\Icon6D246661.exe - 2008-02-10 10:51:25 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-07-29 00:15:34 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-02-10 10:51:25 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-07-29 00:15:35 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-02-10 10:51:25 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-07-29 00:15:35 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-02-10 10:51:25 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-07-29 00:15:34 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-02-10 10:51:25 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-07-29 00:15:35 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-02-10 10:51:25 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-07-29 00:15:35 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-02-10 10:51:25 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-07-29 00:15:35 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-02-10 10:51:25 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-07-29 00:15:36 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-02-10 10:51:25 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-07-29 00:15:34 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-02-10 10:51:25 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-07-29 00:15:34 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-02-10 10:51:25 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-07-29 00:15:36 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-02-10 10:51:24 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-07-29 00:15:34 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-02-10 10:51:24 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-07-29 00:15:34 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-07-27 03:09:42 1,532 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{DF0E1FFE-120B-4930-97E3-540E1876581C}.bin + 2008-08-06 19:22:02 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll + 2008-08-06 19:30:48 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll + 2008-08-06 19:22:42 499,712 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll + 2008-08-06 18:45:40 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll + 2008-08-06 19:22:44 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2008-08-06 18:35:52 706,048 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll + 2008-08-06 18:35:52 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll + 2008-08-06 18:42:04 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll + 2008-08-06 18:35:52 54,656 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\pccuapi.dll + 2008-08-06 19:21:14 266,240 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll + 2008-08-06 19:24:14 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll + 2008-08-06 19:30:30 447,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100465.exe + 2008-08-06 19:24:56 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe + 2008-08-06 19:21:04 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll + 2008-08-06 18:35:52 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 1999-06-25 13:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE - 2008-03-01 12:35:02 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-06-23 15:40:30 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2004-08-10 05:50:22 77,889 ----a-w C:\WINDOWS\system32\atrc.dll + 2004-08-10 05:50:00 65,602 ----a-w C:\WINDOWS\system32\cook.dll - 2008-03-01 12:35:02 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-06-23 15:40:30 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-03-01 12:35:02 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 15:40:30 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 12:35:02 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 15:40:30 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 12:35:02 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 15:40:30 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 12:35:02 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-06-23 15:40:30 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-22 09:39:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-06-23 08:23:18 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 12:35:02 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-06-23 15:40:31 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 12:35:02 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-06-23 15:40:31 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-06-21 05:23:53 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 12:35:02 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-06-23 15:40:31 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 12:35:02 388,608 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-06-23 15:40:31 388,608 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 12:35:04 6,067,712 ------w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-06-23 15:40:33 6,068,736 ------w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 12:35:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-06-23 15:40:33 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 12:35:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-06-23 15:40:33 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 09:39:56 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-06-23 08:23:18 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-22 09:40:22 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-06-23 08:23:52 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-08-21 06:25:40 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 18:40:54 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-03-01 12:35:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 15:40:33 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-05-01 14:32:24 331,776 ------w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-06-24 16:30:35 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll - 2008-03-01 12:35:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-06-23 15:40:34 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 12:35:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-06-23 15:40:34 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 12:35:05 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-23 15:40:35 3,594,240 ------w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-03-01 12:35:06 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 15:40:36 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 12:35:06 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 15:40:36 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 12:35:06 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 15:40:36 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 12:35:06 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll + 2008-06-23 15:40:36 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 12:35:06 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 15:40:36 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2001-08-18 00:56:16 7,552 ----a-w C:\WINDOWS\system32\dllcache\sonypvu1.sys - 2008-03-01 12:35:06 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll + 2008-06-23 15:40:36 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 12:35:07 1,162,752 ------w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 15:40:37 1,162,752 ------w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 12:35:07 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-06-23 15:40:37 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 12:35:07 827,392 ------w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 15:40:38 827,904 ------w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-03-05 14:41:30 148,496 ----a-w C:\WINDOWS\system32\drivers\87277331.sys + 2008-05-09 16:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 21:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-06-27 18:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2001-08-18 00:56:16 7,552 ----a-w C:\WINDOWS\system32\drivers\SONYPVU1.SYS + 2007-03-01 13:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys + 2008-07-27 15:47:56 7,168 ----a-w C:\WINDOWS\system32\drivers\uteznzew.sys + 2004-08-10 05:50:48 102,464 ----a-w C:\WINDOWS\system32\drv1.dll + 2004-08-10 05:51:08 176,195 ----a-w C:\WINDOWS\system32\drv2.dll + 2004-11-24 18:25:52 335,872 ----a-w C:\WINDOWS\system32\drvc.dll - 2008-03-01 12:35:02 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 15:40:30 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 12:35:02 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 15:40:30 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 12:35:02 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 15:40:30 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2004-10-03 16:50:54 129,024 ----a-w C:\WINDOWS\system32\ff_mpeg2enc.dll + 2008-06-22 16:34:00 177,664 ----a-w C:\WINDOWS\system32\ff_theora.dll + 2008-06-12 17:36:38 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll + 2008-06-13 10:39:38 23,552 ----a-w C:\WINDOWS\system32\ff_wmv9.dll - 2008-04-09 16:36:50 162,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-09-30 22:32:40 163,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2004-08-10 05:52:54 241,723 ----a-w C:\WINDOWS\system32\hxltcolor.dll - 2008-03-01 12:35:02 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-06-23 15:40:30 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 12:35:02 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-06-23 15:40:31 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 12:35:02 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-06-23 15:40:31 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 12:35:02 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-06-23 15:40:31 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 12:35:02 388,608 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-06-23 15:40:31 388,608 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 12:35:04 6,067,712 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 15:40:33 6,068,736 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 12:35:04 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-06-23 15:40:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 12:35:04 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 15:40:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-08-21 06:25:40 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:40:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-03-01 12:35:04 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 15:40:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-05-29 19:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-09-02 17:31:38 73,728 ----a-w C:\WINDOWS\system32\mscms.dll + 2008-06-24 16:30:35 74,240 ----a-w C:\WINDOWS\system32\mscms.dll - 2008-03-01 12:35:04 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 15:40:34 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 12:35:04 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 15:40:34 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 12:35:05 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-23 15:40:35 3,594,240 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 12:35:06 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 15:40:36 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 12:35:06 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 15:40:36 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-01 12:35:06 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 15:40:36 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-07-21 21:40:44 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll + 2004-02-23 22:42:40 1,386,496 --s-a-w C:\WINDOWS\system32\MSVBVM60.DLL - 2008-03-01 12:35:06 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-06-23 15:40:36 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2004-04-20 21:00:00 172,032 ----a-w C:\WINDOWS\system32\OptimFROG.dll + 2003-11-25 22:32:02 123,392 ----a-w C:\WINDOWS\system32\pncrt.dll - 2008-03-01 12:35:06 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 15:40:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-06-23 23:27:27 294,140 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2008-07-27 04:38:34 819,164 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2004-08-10 05:50:40 49,216 ----a-w C:\WINDOWS\system32\rv10.dll + 2004-08-10 05:51:00 57,411 ----a-w C:\WINDOWS\system32\rv20.dll + 2004-08-10 05:52:14 49,221 ----a-w C:\WINDOWS\system32\rv30.dll + 2004-08-10 05:52:16 49,221 ----a-w C:\WINDOWS\system32\rv40.dll + 2006-11-02 15:10:16 80,912 ----a-w C:\WINDOWS\system32\sherlock2.exe + 2004-08-10 05:50:12 106,561 ----a-w C:\WINDOWS\system32\sipr.dll + 2008-07-19 01:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 01:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2008-06-15 16:38:43 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe - 2008-03-01 12:35:06 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-06-23 15:40:36 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 12:35:07 1,162,752 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 15:40:37 1,162,752 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 12:35:07 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-06-23 15:40:37 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-03-01 12:35:07 827,392 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 15:40:38 827,904 ----a-w C:\WINDOWS\system32\wininet.dll - 2007-09-02 17:19:56 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll + 2008-06-24 21:12:58 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll + 2007-07-21 21:41:38 221,184 ----a-w C:\WINDOWS\system32\wmpns.dll + 2002-09-10 15:10:05 495,616 ----a-w C:\WINDOWS\system32\xvid.dll + 2008-07-29 11:05:06 161,784 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 06:54:08 225,280 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 11:05:08 572,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 11:05:08 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 11:05:08 3,768,312 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 11:05:10 3,783,672 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 09:07:42 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 09:07:42 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:05:06 38,912 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:05:06 39,936 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 11:05:08 66,560 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 11:05:08 56,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 11:05:06 65,024 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 11:05:08 65,024 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 11:05:06 66,048 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 11:05:08 64,512 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 11:05:08 46,592 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 11:05:08 46,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 11:05:08 62,976 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2007-11-07 05:19:20 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-04-15 17:59:06 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias & legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-21 15360] "msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-06-15 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 5898240] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2008-06-15 132496] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 86016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-06-15 155648] "Lexmark X1100 Series"="C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2008-06-15 57344] "avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SoundMan"="SOUNDMAN.EXE" [2008-06-15 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-21 15360] "msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-06-15 486856] C:\Documents and Settings\Fernando\Menu Iniciar\Programas\Inicializar\ ScreenHunter 5.0 Free.lnk - C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2008-02-13 4878336] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "EditLevel"= 0 (0x0) "NoCommonGroups"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "EditLevel"= 0 (0x0) "NoCommonGroups"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm "vidc.xvid"= xvid.dll [HKLM\~\startupfolder\Atalho para FoxitReader22_setup.lnk] path=Atalho para FoxitReader22_setup.lnk backup=C:\WINDOWS\pss\Atalho para FoxitReader22_setup.lnkCommon Startup [HKLM\~\startupfolder\Minhas Pastas de Compartilhamento.lnk] path=Minhas Pastas de Compartilhamento.lnk backup=C:\WINDOWS\pss\Minhas Pastas de Compartilhamento.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-06-15 13:38 1519616 C:\WINDOWS\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\eMule\\emule.exe"= "C:\\Arquivos de programas\\Ares\\Ares.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= R1 is-VIDI2drv;is-VIDI2drv;C:\WINDOWS\system32\drivers\87277331.sys [2008-03-05 148496] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-15 162432] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-15 12032] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-09-05 86016] R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-28 48928] S2 is-VIDI2;is-VIDI2;C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe [ ] S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574] S3 uteznzew;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uteznzew.sys [2008-07-27 7168] . Conteúdo da pasta 'Tarefas Agendadas' . - - - - ORFAOS REMOVIDOS - - - - MSConfigStartUp-is-VIDI2 - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe . ------- Ccan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\kg0fxrq9.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-03 16:31:35 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-10-03 16:35:30 ComboFix-quarantined-files.txt 2008-10-03 19:35:05 Pre-Run: 9.683.890.176 bytes disponíveis Post-Run: 9,672,196,096 bytes disponíveis 510 --- E O F --- 2008-09-10 21:59:17 Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43:23, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6614 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 3, 2008 Sigas as instruções abaixo: Baixe o Bankerfix. desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção. Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente. Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix. Aguardo o Retorno LINK ATUALIZADO E FUNCIONAL Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 4, 2008 Já utilizei o bankerfix em uma outr oportunidade, porém ele não é mais utilizado, não sei por que não dá masi pra baixar de lugar nenhum. Observe que o link que você colocou é uma página inválida. Aguardo por mais sugestões. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 4, 2008 Este link esta fora mesmo Silas Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 5, 2008 Boa Noite. Não sei se tem haver com os procedimentos adotados, mas quando eu utilizo o windowns media player o sistema fica super lento. Outros reprodutores como Nero ShowTime continuam normal No aguardo de novas respostas! Grato! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 5, 2008 DidoLaco o Silas atualizou o link do BankerFix http://www.linhadefensiva.org/dl/bankerfix Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 6, 2008 Segue Logs Banker Fix BankerFix 3.0 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2008-10-05 - 21:38 ------------------------------------------------------- Lista de Definição: 2008-09-15-1 | CORE: 2008-09-30-2 ======================================================= Arquivo infectado detectado: \autoexec.bat Arquivo infectado removido com sucesso! ----- Fim ------------------------- Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:44:00, on 5/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\MSN Messenger\usnsvc.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6790 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 6, 2008 Baixe o SDFix e e arquive na sua área de trabalho. *Execute o SDFix.exe[/b] clicando duas vezes sobre ele. * Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix * Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança) * Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script. * Aperte Y para iniciar a limpeza do processo. * Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar. * Pressione qualquer tecla e ele irá reiniciar o PC. * Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones. * Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt. *Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal. Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 7, 2008 Fiz como solicitado, Segue Logs: SDFix -1-5-11" "Group7"="S-1-2-0" "Count"=dword:00000008 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0] "Options"=dword:00000000 "Version"=dword:000c000c "DSPath"="LocalGPO" "FileSysPath"="C:\WINDOWS\System32\GroupPolicy\User" "DisplayName"="Diretivas de grupo locais" "Extensions"="[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}]" "Link"="Local" "GPOName"="Diretivas de grupo locais" "GPOLink"=dword:00000001 "lParam"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "Wallpaper"="Fernando" "WallpaperStyle"="0" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Telephony\HandoffPriorities] "RequestMakeCall"="dialer.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] "Status"=dword:00000000 "RsopStatus"=dword:00000000 "LastPolicyTime"=dword:00e6bbdb "PrevSlowLink"=dword:00000000 "PrevRsopLogging"=dword:00000001 "ForceRefreshFG"=dword:00000000 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger" "C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Arquivos de programas\\Ares\\Ares.exe"="C:\\Arquivos de programas\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Sun 15 Jun 2008 1,694,208 A.SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe" Finished! Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:53:44, on 7/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6699 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 7, 2008 Execute o Active Scan da Panda, observando os seguintes procedimentos: 1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas; 2) Para iniciar o processo, clique sobre o botão ; 3) Informe os dados solicitados no formulário; 4) Clique sobre o botão "Pesquise agora sem custos"; 5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura; 6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop; 7) Poste o conteúdo do log em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 8, 2008 Segue Logs Panda ACtiveScan ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2008-10-08 11:08:43 PROTECTIONS: 1 MALWARE: 4 SUSPECTS: 4 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Avira AntiVir PersonalEdition 8.0.1.27 Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Fernando\Cookies\fernando@atdmt[2].txt 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Fernando\Desktop\MSNFix\MSNFix\incl\Process.exe 00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Fernando\Desktop\SDFix.exe[C:\Documents and Settings\Fernando\Desktop\SDFix.exe][sDFix\apps\Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Fernando\Desktop\Nova pasta\MSNFix.zip[MSNFix/incl/Process.exe] 00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fernando\Cookies\fernando@ads.pointroll[2].txt 03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Fernando\Desktop\Nova pasta\ComboFix.exe[327882R2FWJFW\catchme.cfexe] 03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe 03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Fernando\Desktop\SDFix.exe[C:\Documents and Settings\Fernando\Desktop\SDFix.exe][sDFix\catchme.exe] 03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Fernando\Desktop\SDFix.exe[C:\Documents and Settings\Fernando\Desktop\SDFix.exe][sDFix\apps\Cghtme.exe] 03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe 03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{F94EAA3E-A831-437D-BE75-94DD3595F042}\RP355\A0148873.exe[32788R22FWJFW\catchme.cfexe] ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location E ;=============================================================================== ================================================================================= =================== No C:\Documents and Settings\Fernando\Desktop\Nova pasta\tibicam_8.11.zip[TibiCAM/TibiCAM.exe] E No C:\Documents and Settings\Fernando\Meus documentos\TibiCAM.rar[TibiCAM.exe] E No C:\Documents and Settings\Fernando\Meus documentos\TibiCAM.rar[tibicam_8.0.zip][TibiCAM/TibiCAM.exe] E No C:\Documents and Settings\Fernando\Meus documentos\tibicam_8.0.zip[TibiCAM/TibiCAM.exe] E ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description E ;=============================================================================== ================================================================================= =================== 182048 HIGH MS07-069 E 176382 HIGH MS07-057 E ;=============================================================================== ================================================================================= =================== Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:10:57, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6666 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 8, 2008 1º Passo Desative a restauração do sistema, para sigue as intruções: 1. Iniciar -> Programas -> Acessórios -> Windows Explorer 2. Clique com o botão direito em Meu computador e então clique em Propriedades 3. Clique na aba Restauração do Sistema 4. Marque Desativar restauração do sistema 5. Clique em OK. Você verá uma mensagem. Clique em Sim. 2º Passo. Siga as instrçoões: Baixe o Killbox Execute o KillBox,clique em Delete on Reboot. Copie a lista abaixo: C:\Documents and Settings\Fernando\Desktop\Nova pasta\tibicam_8.11.zipC:\Documents and Settings\Fernando\Meus documentos\TibiCAM.rar C:\Documents and Settings\Fernando\Meus documentos\tibicam_8.0.zip 3º Passo.Baixe o ATF cleaner Execute o ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Vai abrir uma janela denominada Done Cleaning clique em OK e após Exit 4º Passo Baixe o Ccleaner aqui Como usar: . Abra o ccleaner clicando no comando limpador e clique no comando analizar , aguarde o scam completo , logo após clique no comando executar cleaner , em seguida clique no comando erros e procurar erros , aguarde o scam , assim q terminar clique na opção corrigir erros selecionados , opte para a opção salvar em alguma pasta as alterações do registro para futuras consultas . Poste novo log do hiajckthis, após execução do Ccleaner. Compartilhar este post Link para o post Compartilhar em outros sites
DidoLaco 0 Denunciar post Postado Outubro 8, 2008 Fiz como Solicitado Segue Log! Log HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:53, on 8/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJAckThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - S-1-5-18 Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe (User 'Default user') O4 - Startup: ScreenHunter 5.0 Free.lnk = C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70C9DD22-6DED-4FDA-9AE6-3C060EB2F3F7}: NameServer = 200.204.0.10 200.204.0.138 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: is-VIDI2 - Unknown owner - C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- End of file - 6633 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Silas Martins 0 Denunciar post Postado Outubro 9, 2008 Você reconhece essa entrada: C:\Arquivos de programas\Kaspersky Lab Tool\is-VIDI2\is-VIDI2.exe lhe pergunto mais você faz uso do Kaspersky? se sim, é original? Aguardo retorno. Compartilhar este post Link para o post Compartilhar em outros sites
