[Resolvido!] Meu irmão botou uns viruszinho aqui no pc

[Edvan 30]

OBS: esse tópico é meu então vou dar continuidade a ele..

 

 

BankerFix 3.0 VALKYRIE - Banker Trojan Remover

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Date: 2008-10-26 - 12:35

-------------------------------------------------------

Version: 2008-10-08-1 | CORE: 2008-09-30-2

=======================================================

 

Infected file detected: C:\WINDOWS\system32\oobe\dialmgr

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\oobe\msobweb2.dll

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\oobe\oobeinfo.exe

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\oobe\msobe.dll

Infected file successfully removed.

 

 

 

----- End -------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:38, on 10/26/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Banco do Brasil S.A. - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - C:\WINDOWS\system32\oobe\msobe.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 5668 bytes

 

 

Precisa rodar o COMBOFIX?

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[Edvan 30]

Ola Silas beleza cara? pegou algo, conforme mostra a imagem?

 

Ja removi... :thumbsup:

 

Aqui o log:

 

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1335

Windows 5.1.2600 Service Pack 2

 

10/29/aaaa 13:02:02

mbam-log-2008-10-29 (13-02-02).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 43118

Tempo decorrido: 7 minute(s), 14 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 3

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{546d0bb7-6894-48d2-89eb-dfabf5e4ec7d} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{546d0bb7-6894-48d2-89eb-dfabf5e4ec7d} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{546d0bb7-6894-48d2-89eb-dfabf5e4ec7d} (Spyware.Banker) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

Novo Log do HijackThis ... :thumbsup:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:06:16, on 10/29/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 5676 bytes

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta.

 

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

[Edvan 30]

ComboFix 08-10-30.09 - Edvan 2008-10-30 23:39:29.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.153 [GMT -2:00]

Executando de: C:\Documents and Settings\Edvan\Meus documentos\ComboFix.exe

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-31 ))))))))))))))))))))))))))))

.

 

2008-10-30 23:03 . 2008-10-30 23:03 <DIR> d-------- C:\WINDOWS\LastGood

2008-10-29 12:40 . 2008-10-29 12:40 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Malwarebytes

2008-10-29 12:39 . 2008-10-29 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-10-29 12:39 . 2008-10-29 12:40 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-10-29 12:39 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-29 12:39 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-28 23:12 . 2008-10-28 23:52 <DIR> d-------- C:\Edvan

2008-10-26 22:13 . 2008-10-26 22:14 401,720 --a------ C:\HiJackThis.exe

2008-10-26 21:32 . 2008-10-26 21:32 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-10-25 22:30 . 2008-10-25 22:30 1 ---hs---- C:\MSDOS.INF

2008-10-25 20:56 . 2008-10-27 00:57 <DIR> d-------- C:\Linux

2008-10-25 16:47 . 2008-10-25 17:04 19,045,881 --a------ C:\wpc54gv2_driver_utility_v2.02.zip

2008-10-25 08:22 . 2008-10-26 13:43 104,960 --a------ C:\Para instalar AS PLACAS WIRELLES PROCEDIMENTOS.doc

2008-10-25 07:21 . 2008-10-25 08:23 <DIR> d-------- C:\DRIVE WIRELLES PARA LINUX

2008-10-24 21:57 . 2008-10-24 21:57 <DIR> d-------- C:\Arquivos de programas\Zezons Software

2008-10-23 15:34 . 2008-10-30 23:32 <DIR> dr------- C:\Documents and Settings\Edvan\Meus documentos

2008-10-23 15:21 . 2008-10-26 21:32 <DIR> d-------- C:\Pasta de Edvan

2008-10-21 22:54 . 2008-10-21 22:54 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Nokia Multimedia Player

2008-10-15 19:21 . 2008-10-15 19:21 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Watchtower

2008-10-15 19:13 . 2008-10-15 19:13 <DIR> d-------- C:\Arquivos de programas\Watchtower

2008-10-13 23:02 . 2008-10-17 09:28 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-10-13 22:45 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-10-13 22:36 . 2008-10-13 22:36 <DIR> d-------- C:\Arquivos de programas\Xvid

2008-10-13 22:36 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-10-13 22:36 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-10-13 22:36 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-10-13 22:34 . 2008-10-13 22:34 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2008-10-13 00:14 . 2008-10-13 00:14 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-10-11 15:21 . 2008-10-11 15:44 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Ahead

2008-10-11 15:20 . 2008-10-11 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-10-11 15:13 . 2008-10-11 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-10-11 15:13 . 2008-10-11 15:13 <DIR> d-------- C:\Arquivos de programas\Nero

2008-10-11 15:13 . 2008-10-11 15:18 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-10-10 23:58 . 2008-10-27 00:41 <DIR> d-------- C:\downloads

2008-10-10 23:58 . 2008-10-30 22:59 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Orbit

2008-10-10 23:58 . 2008-10-10 23:58 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\GrabPro

2008-10-10 23:58 . 2008-10-28 17:54 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-10-06 14:30 . 2008-10-06 14:30 <DIR> d-------- C:\Arquivos de programas\CoolSMS

2008-10-06 14:05 . 2008-10-06 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-10-06 13:50 . 2008-10-06 13:50 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-10-06 13:50 . 2008-10-06 13:50 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-10-06 13:18 . 2008-10-06 13:19 <DIR> d-------- C:\Arquivos de programas\MessengerPlus! 3

2008-10-04 23:46 . 2008-10-04 23:46 244 --ah----- C:\sqmnoopt02.sqm

2008-10-04 23:46 . 2008-10-04 23:46 232 --ah----- C:\sqmdata02.sqm

2008-10-04 17:34 . 2008-10-04 17:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-04 15:09 . 2008-06-14 15:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-10-04 15:09 . 2008-06-14 15:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-10-04 14:44 . 2008-10-16 00:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-10-04 14:44 . 2005-06-28 11:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-10-04 14:26 . 2008-10-04 14:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-10-02 22:57 . 2008-10-02 22:57 <DIR> d-------- C:\Arquivos de programas\Symantec

2008-10-02 22:57 . 2008-10-02 22:57 <DIR> d-------- C:\Arquivos de programas\InstallShield Installation Information

2008-10-02 22:56 . 2008-10-02 22:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-10-02 12:16 . 2008-10-02 12:16 <DIR> d--h----- C:\Arquivos de programas\Zenographics

2008-10-02 12:16 . 2008-10-02 12:16 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-10-02 12:16 . 2006-07-30 12:00 442,368 -ra------ C:\WINDOWS\system32\zshp1018.exe

2008-10-02 12:16 . 2006-07-30 12:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe

2008-10-02 12:16 . 2006-07-30 12:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img

2008-10-02 12:16 . 2006-07-30 12:00 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll

2008-10-02 12:16 . 2006-07-30 12:00 102,400 -ra------ C:\WINDOWS\system32\zlhp1018.dll

2008-10-02 12:16 . 2006-07-30 12:00 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL

2008-10-02 12:16 . 2006-07-30 12:00 28,672 -ra------ C:\WINDOWS\system32\zlm.dll

2008-10-02 12:16 . 2006-07-30 12:00 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL

2008-10-02 12:16 . 2006-07-30 12:00 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL

2008-10-02 12:16 . 2006-07-30 12:00 7,329 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP

2008-10-02 12:06 . 2008-10-02 12:13 <DIR> d-------- C:\hp_LJ1018_Full_Solution

2008-10-02 12:06 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-10-02 12:06 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-10-02 00:57 . 2008-10-02 00:58 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-29 09:15 . 2008-10-11 14:54 <DIR> d-------- C:\Arquivos de programas\Ahead

2008-09-23 18:50 . 2003-11-04 16:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-09-23 18:49 . 2004-05-14 17:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-09-23 18:49 . 2004-05-14 17:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-09-23 18:49 . 2004-05-14 17:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-09-23 18:49 . 2004-05-14 17:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-09-23 18:49 . 2004-01-12 03:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-09-23 18:49 . 2004-05-14 17:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-09-23 18:49 . 2004-05-14 17:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-09-23 18:17 . 2008-09-23 18:17 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Leadertech

2008-09-23 18:15 . 2008-10-04 15:52 <DIR> d-------- C:\Documents and Settings\Edvan\Phone Browser

2008-09-23 18:15 . 2008-09-23 18:15 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\DataLayer

2008-09-23 18:14 . 2008-09-23 18:14 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Nokia

2008-09-23 18:12 . 2008-09-23 18:12 <DIR> d-------- C:\Arquivos de programas\DIFX

2008-09-23 18:11 . 2008-09-23 18:11 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\PC Suite

2008-09-23 18:11 . 2008-09-23 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-09-23 18:11 . 2008-09-23 18:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-09-23 18:11 . 2008-09-23 18:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-09-23 18:11 . 2006-05-29 09:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-09-23 18:11 . 2006-05-29 09:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-09-23 18:11 . 2006-05-29 09:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-09-23 18:10 . 2008-09-23 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2008-09-23 18:10 . 2008-09-23 18:11 <DIR> d-------- C:\Arquivos de programas\Nokia

2008-09-23 18:10 . 2006-05-29 09:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-09-23 18:10 . 2006-05-29 09:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-09-23 18:10 . 2006-05-29 09:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-09-23 18:10 . 2006-05-29 09:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2008-09-23 18:05 . 2008-09-23 18:05 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\AdobeUM

2008-09-21 23:46 . 2008-10-22 00:21 <DIR> d-------- C:\Arquivos de programas\SpeedFan

2008-09-21 23:46 . 2008-09-21 23:46 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-09-21 12:17 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-09-21 12:17 . 2008-09-21 12:17 421 --a------ C:\WINDOWS\ODBC.INI

2008-09-21 12:14 . 2008-09-21 12:15 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-09-21 12:11 . 2008-09-21 12:11 <DIR> dr-h----- C:\MSOCache

2008-09-21 02:47 . 2008-09-21 02:47 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-21 02:47 . 2003-03-18 19:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-21 02:47 . 2003-03-18 18:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-09-21 02:47 . 2003-02-21 02:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-09-21 02:45 . 2008-09-21 02:45 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-09-21 01:36 . 2008-09-21 01:36 <DIR> d-------- C:\Arquivos de programas\RealVNC

2008-09-21 01:28 . 2008-09-21 02:45 <DIR> d-------- C:\Documents and Settings\Edvan\Dados de aplicativos\Hamachi

2008-09-21 01:27 . 2008-09-21 01:27 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-09-20 22:31 . 2008-09-20 22:31 0 --a------ C:\WINDOWS\nsreg.dat

2008-09-20 21:37 . 2008-09-20 21:37 268 --ah----- C:\sqmdata01.sqm

2008-09-20 21:37 . 2008-09-20 21:37 244 --ah----- C:\sqmnoopt01.sqm

2008-09-20 21:10 . 2008-10-21 21:56 <DIR> d-------- C:\Documents and Settings\Edvan\Contacts

2008-09-20 21:10 . 2008-09-20 21:10 268 --ah----- C:\sqmdata00.sqm

2008-09-20 21:10 . 2008-09-20 21:10 244 --ah----- C:\sqmnoopt00.sqm

2008-09-20 21:08 . 2008-09-23 18:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-09-20 21:08 . 2008-10-06 13:50 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2008-09-20 20:09 . 2008-05-15 11:51 10,294 --ah----- C:\WINDOWS\system32\oemlogo.bmp

2008-09-20 20:09 . 2008-05-26 19:54 310 --ah----- C:\WINDOWS\system32\oeminfo.ini

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-20 21:34 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-09-20 21:29 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-09-20 21:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-09-15 15:40 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-20 05:37 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:45 2,184,576 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:45 2,061,952 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PcSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2008-10-06 190024]

"CoolSMS"="C:\Arquivos de programas\CoolSMS\CoolSMS.exe" [2007-08-28 1067520]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"PCSuiteTrayApplication"="C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]

"OrderReminder"="C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-10-10 1707208]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2004-06-18 386688]

 

*Newly Created Service* - PROCEXP90

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Edvan\Dados de aplicativos\Mozilla\Firefox\Profiles\2k38p7r9.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-30 23:42:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-30 23:46:25

ComboFix-quarantined-files.txt 2008-10-31 01:45:24

 

Pré-execução: 3.706.286.080 bytes disponíveis

Pós execução: 3,721,224,192 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

208 --- E O F --- 2008-10-31 01:08:27

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:50, on 10/30/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [OrderReminder] C:\Arquivos de programas\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Arquivos comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 5634 bytes

[Silas Martins 0]

Log Limpo.

Algum sintoma de infecção é percebido?

[Edvan 30]

Não, na verdade Silas eu não tinha percebido nada de anormal, resolvi passar as ferramentas porque toda vez que meu irmão senta nesse PC é Virus no ato, ele é direto nos sites de mulher pelada cara... vou ter que bloquear algumas coisas aqui é o jeito, vou instalar o BLOK FREE, se não estou lascado vou ficar incomodando vocês direto..

 

Sem mais, agradeço sua ajuda se quiser pode colocar como Resolvido, pois não estou percebendo nada de anormal, você falou que o log esta limpo então para mim sua palavra é um tiro certo.. :) rsrsrsr..

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.