jmarceu 0 Denunciar post Postado Novembro 10, 2008 Bem, o problema é o seguinte: Meu antivírus (avast 4.8) parou de atualizar e não desinstalava e nem conseguia instalar outro AV. Resolvi formatar a máquina e o fiz. Fiz o backup dos meus arquivos. Depois de formatado o comp. e tudo reinstalado copiei de volta meus arquivos (antes passei o antivírus em todos - tb avast 4.8 ). Tudo estava normal até dois dias mais tarde... O problema do AV voltou a ocorrer e novam,ente não consigo nem desinstalar, atualizar ou instalar outro AV. Vi outros tópicos semelhantes e casos resolvidos, tentei seguir os mesmos passos, mas não me adiantou muito.. Então estou aqui pedindo ajuda e esperando que obtenha sucesso.. Segue abaixo o log do F-Secure Blacklight. Logo em seguida o log do HijackThis. Desde já agradeço. LOG DO FSBL PS.: Foi isso que ele gerou... 11/10/08 10:42:38 [info]: BlackLight Engine 2.2.1092 initialized 11/10/08 10:42:38 [info]: OS: 5.1 build 2600 (Service Pack 2) 11/10/08 10:42:38 [Note]: 7019 4 11/10/08 10:42:38 [Note]: 7005 0 11/10/08 10:42:42 [Note]: 7006 0 11/10/08 10:42:42 [Note]: 7011 1652 11/10/08 10:42:42 [Note]: 7035 0 11/10/08 10:42:43 [Note]: 7026 0 11/10/08 10:42:43 [Note]: 7026 0 11/10/08 10:42:44 [Note]: FSRAW library version 1.7.1024 11/10/08 10:44:47 [Note]: 2000 1012 11/10/08 10:44:47 [Note]: 2000 1012 11/10/08 10:44:47 [Note]: 2000 1012 11/10/08 10:44:54 [Note]: 7006 0 11/10/08 10:44:54 [Note]: 7011 1652 11/10/08 10:44:54 [Note]: 7035 0 11/10/08 10:44:54 [Note]: 7026 0 11/10/08 10:44:54 [Note]: 7026 0 11/10/08 10:44:56 [Note]: FSRAW library version 1.7.1024 11/10/08 10:46:56 [Note]: 2000 1012 11/10/08 10:46:56 [Note]: 2000 1012 11/10/08 10:46:56 [Note]: 2000 1012 11/10/08 10:47:02 [Note]: 7007 0 LOG DO HIJACK Logfile of HijackThis v1.99.1 Scan saved at 10:20:57, on 10/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\NitroPC\NitroPC.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\cmpe.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Hjin\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.velox.com.br/ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Carmita\Local Settings\Application Data\PackageAware\mpa.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{A179BBF1-739B-4053-83D8-D6C93631612A}: NameServer = 200.165.132.154 200.149.55.142 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 11, 2008 Opa jmarceu, Baixe o ComboFix em: ComboFix 1) Desabilite o seu anti-vírus temporariamente; 2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos); 3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar. PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix. 4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura. Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente. Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA. Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”. Clique sobre “SIM” para continuar a varredura. 5) O ComboFix iniciará o AUTOSCAN (aguarde). ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco). Ao término do processo a máquina será reiniciada para a emissão do relatório. 6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt. 7) Reabilite o seu anti-vírus; 8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta. OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO. OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Novembro 12, 2008 Ok. Executado. Segue o LOG ComboFix 08-11-11.01 - Carmita 2008-11-12 10:42:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.240 [GMT -2:00] Executando de: c:\documents and settings\Carmita\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))) . 2008-11-12 00:27 . 2008-11-12 00:27 1,393 --a------ c:\windows\imsins.BAK 2008-11-11 23:48 . 2008-10-24 09:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 10:16 . 2008-11-10 10:22 <DIR> d-------- C:\Hjin 2008-11-10 10:11 . 2008-11-10 10:11 <DIR> d-------- c:\arquivos de programas\CCleaner 2008-11-10 10:10 . 2008-11-10 10:10 <DIR> d-------- C:\!KillBox 2008-11-10 09:33 . 2008-11-10 09:41 <DIR> d-------- C:\d2c008ba7149ff71f12b9a 2008-11-08 16:12 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-11-08 16:12 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll 2008-11-08 16:12 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-08 10:48 . 2008-11-08 12:32 <DIR> d--h----- c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94} 2008-11-08 10:48 . 2008-11-08 10:48 <DIR> d-------- c:\arquivos de programas\visiosonic 2008-11-08 10:48 . 2008-11-08 10:48 0 --ah----- c:\windows\SwSys2.bmp 2008-11-08 10:48 . 2008-11-08 10:48 0 --ah----- c:\windows\SwSys1.bmp 2008-11-07 15:09 . 2008-11-07 15:10 <DIR> d-------- C:\2004a2bb791c9c2bd1 2008-11-07 14:31 . 2008-11-07 14:31 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sonic Foundry 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- C:\Program Files 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- c:\arquivos de programas\Sonic Foundry 2008-11-07 14:30 . 2001-10-19 14:40 1,683,792 --a------ c:\windows\system32\wmvcore2.dll 2008-11-07 14:30 . 2001-10-19 14:40 665,424 --a------ c:\windows\system32\wmv8dmoe.dll 2008-11-07 14:30 . 2001-10-19 14:39 572,752 --a------ c:\windows\system32\wmvdmoe.dll 2008-11-07 14:30 . 2001-10-19 14:40 438,608 --a------ c:\windows\system32\wmv8dmod.dll 2008-11-07 14:30 . 2001-10-19 02:05 285,184 --a------ c:\windows\system32\wmidx2.ocx 2008-11-07 14:30 . 2008-11-07 14:30 156,910 --a------ c:\windows\WMSysPr8.prx 2008-11-07 14:24 . 2008-11-07 14:24 <DIR> d-------- C:\dac9e28fdccc2fb2ec55ee 2008-11-07 14:05 . 2008-11-09 16:42 <DIR> d-------- c:\documents and settings\Carmita\Contacts 2008-11-07 14:02 . 2008-11-07 14:02 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-07 12:44 . 2008-11-07 14:01 <DIR> d-------- c:\arquivos de programas\Windows Live 2008-11-07 12:44 . 2008-11-07 14:01 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Malwarebytes 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware 2008-11-07 12:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-07 12:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-07 11:44 . 2008-11-07 13:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller 2008-11-07 11:27 . 2008-11-07 11:36 <DIR> d-------- c:\arquivos de programas\NitroPC 2008-11-07 10:44 . 2008-11-07 10:44 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2 2008-11-07 10:42 . 2008-11-07 10:42 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-07 10:42 . 2008-11-07 10:43 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-11-06 23:16 . 2008-11-09 11:14 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-11-06 19:42 . 2008-06-14 15:59 272,384 --------- c:\windows\system32\drivers\bthport.sys 2008-11-06 19:42 . 2008-06-14 15:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-06 17:34 . 2008-11-06 17:40 <DIR> d-------- C:\Playlist 2008-11-06 17:34 . 1998-04-14 09:23 921,654 --a------ c:\windows\Playlist Digital.bmp 2008-11-06 13:48 . 2008-11-06 13:48 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Publish Providers 2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sony 2008-11-06 13:47 . 2008-11-08 11:54 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\arquivos de programas\Vstplugins 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\arquivos de programas\Sony 2008-11-05 10:51 . 2008-08-14 11:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-05 10:51 . 2008-08-14 11:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-05 10:51 . 2008-08-14 11:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-05 10:48 . 2008-11-05 10:48 <DIR> d-------- c:\windows\system32\pt-BR 2008-11-05 10:47 . 2008-11-05 10:49 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-05 10:47 . 2008-11-05 10:47 <DIR> d-------- c:\arquivos de programas\Reference Assemblies 2008-11-05 10:47 . 2008-11-05 10:47 <DIR> d-------- c:\arquivos de programas\MSBuild 2008-11-05 10:46 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-05 10:44 . 2008-11-05 10:44 <DIR> d-------- c:\arquivos de programas\MSXML 6.0 2008-11-05 10:44 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe 2008-11-04 17:56 . 2008-11-04 17:56 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\CyberLink 2008-11-04 17:56 . 2008-11-04 17:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink 2008-11-04 17:28 . 2008-11-04 17:29 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe 2008-11-04 17:09 . 2008-11-12 00:28 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-04 16:06 . 2008-11-04 16:06 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sony Setup 2008-11-04 16:05 . 2008-11-04 16:05 <DIR> d-------- c:\arquivos de programas\Sony Setup 2008-11-04 16:03 . 2008-11-04 16:03 27,136 --a------ c:\windows\system32\drivers\nchssvad.sys 2008-11-04 16:00 . 2008-11-04 16:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound 2008-11-04 15:58 . 2008-11-04 19:48 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\NCH Swift Sound 2008-11-04 15:58 . 2008-11-04 19:48 <DIR> d-------- c:\arquivos de programas\NCH Swift Sound 2008-11-04 15:30 . 2008-11-09 22:18 69 --a------ c:\windows\NeroDigital.ini 2008-11-04 13:55 . 2008-11-11 01:19 <DIR> d-------- c:\arquivos de programas\Nitendo 2008-11-04 13:49 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2008-11-04 13:49 . 2008-11-04 13:49 421 --a------ c:\windows\ODBC.INI 2008-11-04 13:48 . 2008-11-04 13:49 <DIR> d-------- c:\windows\SHELLNEW 2008-11-04 13:43 . 2008-11-04 13:43 <DIR> dr-h----- C:\MSOCache 2008-11-04 13:25 . 2008-11-04 13:25 <DIR> d---s---- c:\documents and settings\Carmita\UserData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-04 19:28 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-04 14:53 --------- d-----w c:\arquivos de programas\Alwil Software 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\Realtek Sound Manager 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\Realtek AC97 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\AvRack 2008-11-04 14:41 --------- d-----w c:\arquivos de programas\S3 2008-11-04 14:38 --------- d-----w c:\arquivos de programas\VIA 2008-11-04 14:38 --------- d-----w c:\arquivos de programas\On-line Help Console 2008-11-04 14:29 --------- d-----w c:\arquivos de programas\microsoft frontpage 2008-11-04 14:27 --------- d-----w c:\arquivos de programas\Serviços on-line 2008-11-04 14:26 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços 2008-11-04 14:20 --------- d-----w c:\arquivos de programas\Oi Velox 2008-11-04 14:12 --------- d-----w c:\documents and settings\Carmita\Dados de aplicativos\Ahead 2008-11-04 14:12 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead 2008-11-04 14:08 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero 2008-11-04 14:08 --------- d-----w c:\arquivos de programas\Nero 2008-11-04 14:03 --------- d-----w c:\arquivos de programas\CyberLink 2008-11-04 14:01 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536] "VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-10-31 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-06-20 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-04 113664] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Playlist\\pgm\\Playlist.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2006-02-23 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{071dd63c-aa89-11dd-bb0f-001921916f81}] \Shell\AutOplAy\coMmAnD - crfae.exe \Shell\AutoRun\command - crfae.exe \Shell\EXploRe\CoMMANd - crfae.exe \Shell\Open\cOmMANd - crfae.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373c9626-aa8c-11dd-a13d-806d6172696f}] \Shell\AutoRun\command - D:\3wcxx91.cmd \Shell\explore\Command - D:\3wcxx91.cmd \Shell\open\Command - D:\3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a12afb20-aa7f-11dd-bb0a-001921916f81}] \Shell\AutOplAy\coMmAnD - crfae.exe \Shell\AutoRun\command - crfae.exe \Shell\EXploRe\CoMMANd - crfae.exe \Shell\Open\cOmMANd - crfae.exe *Newly Created Service* - ASPI32 . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-PackageAware - c:\documents and settings\Carmita\Local Settings\Application Data\PackageAware\mpa.exe . ------- Scan Suplementar ------- . R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.velox.com.br/ O8 -: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-12 10:45:17 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe . ************************************************************************** . Tempo para conclusão: 2008-11-12 10:47:46 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-11-12 12:47:42 Pré-execução: 17 pasta(s) 46.958.477.312 bytes disponíveis Pós execução: 17 pasta(s) 46,922,371,072 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 211 --- E O F --- 2008-11-12 02:29:45 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 18, 2008 Opa jmarceu, 1. Baixe o BankerFix 3.0. 2. Desative o seu anti-vírus temporariamente. 3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM. 4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado. 5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos. 6. Terminado o scan, leia a mensagem na tela e aperte Enter. 7. Habilite o seu anti-vírus. 8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\). 9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C. Abraços. PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta. Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Novembro 18, 2008 Ok jgacia, segue o relatório gerado: BankerFix 3.0 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2008-11-18 - 12:10 ------------------------------------------------------- Lista de Definição: 2008-10-08-1 | CORE: 2008-09-30-2 ======================================================= ----- Fim ------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 19, 2008 Opa jmarceu, Poste um novo log do ComboFix. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Novembro 20, 2008 Caro Jgarcia, fiz o que pediu e aí segue o log. P.S.: O ComboFix tentou atualizar, mas falhou. Prossegui inda assim. Segue o Log: ComboFix 08-11-19.08 - Carmita 2008-11-20 18:43:31.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.244 [GMT -2:00] Executando de: c:\documents and settings\Carmita\Desktop\limpeza doni\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\0w.com C:\abk.bat C:\Autorun.inf C:\nq0cq.cmd c:\windows\system32\gasretyw0.dll c:\windows\system32\kamsoft.exe C:\yannh.cmd . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))) . 2008-11-17 13:22 . 2008-11-20 14:02 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll 2008-11-14 17:37 . 2008-11-14 17:37 <DIR> d-------- c:\arquivos de programas\NCH Software 2008-11-12 16:17 . 2000-04-18 21:36 36,848 --a------ c:\windows\system32\drivers\XKUsb.sys 2008-11-12 12:08 . 2008-11-12 12:08 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\AdobeUM 2008-11-12 12:06 . 2008-11-12 12:06 <DIR> d-------- c:\windows\Cache 2008-11-12 11:12 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys 2008-11-12 11:12 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys 2008-11-12 11:11 . 2008-11-12 11:11 <DIR> d-------- c:\arquivos de programas\CONEXANT 2008-11-12 00:27 . 2008-11-12 00:27 1,393 --a------ c:\windows\imsins.BAK 2008-11-11 23:48 . 2008-10-24 09:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 10:16 . 2008-11-10 10:22 <DIR> d-------- C:\Hjin 2008-11-10 10:11 . 2008-11-10 10:11 <DIR> d-------- c:\arquivos de programas\CCleaner 2008-11-10 10:10 . 2008-11-10 10:10 <DIR> d-------- C:\!KillBox 2008-11-10 09:33 . 2008-11-10 09:41 <DIR> d-------- C:\d2c008ba7149ff71f12b9a 2008-11-08 16:12 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-11-08 16:12 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll 2008-11-08 16:12 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-08 10:48 . 2008-11-08 12:32 <DIR> d--h----- c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94} 2008-11-08 10:48 . 2008-11-12 16:17 <DIR> d-------- c:\arquivos de programas\visiosonic 2008-11-08 10:48 . 2008-11-08 10:48 0 --ah----- c:\windows\SwSys2.bmp 2008-11-08 10:48 . 2008-11-08 10:48 0 --ah----- c:\windows\SwSys1.bmp 2008-11-07 15:09 . 2008-11-07 15:10 <DIR> d-------- C:\2004a2bb791c9c2bd1 2008-11-07 14:31 . 2008-11-07 14:31 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sonic Foundry 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- C:\Program Files 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- c:\arquivos de programas\Sonic Foundry 2008-11-07 14:30 . 2001-10-19 14:40 1,683,792 --a------ c:\windows\system32\wmvcore2.dll 2008-11-07 14:30 . 2001-10-19 14:40 665,424 --a------ c:\windows\system32\wmv8dmoe.dll 2008-11-07 14:30 . 2001-10-19 14:39 572,752 --a------ c:\windows\system32\wmvdmoe.dll 2008-11-07 14:30 . 2001-10-19 14:40 438,608 --a------ c:\windows\system32\wmv8dmod.dll 2008-11-07 14:30 . 2001-10-19 02:05 285,184 --a------ c:\windows\system32\wmidx2.ocx 2008-11-07 14:30 . 2008-11-07 14:30 156,910 --a------ c:\windows\WMSysPr8.prx 2008-11-07 14:24 . 2008-11-07 14:24 <DIR> d-------- C:\dac9e28fdccc2fb2ec55ee 2008-11-07 14:05 . 2008-11-09 16:42 <DIR> d-------- c:\documents and settings\Carmita\Contacts 2008-11-07 14:02 . 2008-11-07 14:02 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-07 12:44 . 2008-11-07 14:01 <DIR> d-------- c:\arquivos de programas\Windows Live 2008-11-07 12:44 . 2008-11-07 14:01 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Malwarebytes 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware 2008-11-07 12:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-07 12:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-07 11:44 . 2008-11-07 13:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller 2008-11-07 11:27 . 2008-11-07 11:36 <DIR> d-------- c:\arquivos de programas\NitroPC 2008-11-07 10:44 . 2008-11-07 10:44 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2 2008-11-07 10:42 . 2008-11-07 10:42 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-07 10:42 . 2008-11-07 10:43 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-11-06 23:16 . 2008-11-09 11:14 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-11-06 19:42 . 2008-06-14 15:59 272,384 --------- c:\windows\system32\drivers\bthport.sys 2008-11-06 19:42 . 2008-06-14 15:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-06 17:34 . 2008-11-06 17:40 <DIR> d-------- C:\Playlist 2008-11-06 17:34 . 1998-04-14 09:23 921,654 --a------ c:\windows\Playlist Digital.bmp 2008-11-06 13:48 . 2008-11-06 13:48 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Publish Providers 2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sony 2008-11-06 13:47 . 2008-11-19 20:39 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\arquivos de programas\Vstplugins 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\arquivos de programas\Sony 2008-11-05 10:51 . 2008-08-14 11:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-05 10:51 . 2008-08-14 11:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-05 10:51 . 2008-08-14 11:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-05 10:48 . 2008-11-05 10:48 <DIR> d-------- c:\windows\system32\pt-BR 2008-11-05 10:47 . 2008-11-05 10:49 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-05 10:47 . 2008-11-05 10:47 <DIR> d-------- c:\arquivos de programas\Reference Assemblies 2008-11-05 10:47 . 2008-11-05 10:47 <DIR> d-------- c:\arquivos de programas\MSBuild 2008-11-05 10:46 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-05 10:44 . 2008-11-05 10:44 <DIR> d-------- c:\arquivos de programas\MSXML 6.0 2008-11-05 10:44 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe 2008-11-04 17:56 . 2008-11-04 17:56 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\CyberLink 2008-11-04 17:56 . 2008-11-04 17:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink 2008-11-04 17:28 . 2008-11-04 17:29 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe 2008-11-04 17:09 . 2008-11-12 00:28 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-04 16:06 . 2008-11-04 16:06 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sony Setup 2008-11-04 16:05 . 2008-11-04 16:05 <DIR> d-------- c:\arquivos de programas\Sony Setup 2008-11-04 16:03 . 2008-11-04 16:03 27,136 --a------ c:\windows\system32\drivers\nchssvad.sys 2008-11-04 16:00 . 2008-11-04 16:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound 2008-11-04 15:58 . 2008-11-04 19:48 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\NCH Swift Sound 2008-11-04 15:58 . 2008-11-04 19:48 <DIR> d-------- c:\arquivos de programas\NCH Swift Sound 2008-11-04 15:30 . 2008-11-17 13:41 69 --a------ c:\windows\NeroDigital.ini 2008-11-04 13:55 . 2008-11-17 16:04 <DIR> d-------- c:\arquivos de programas\Nitendo 2008-11-04 13:49 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2008-11-04 13:49 . 2008-11-04 13:49 421 --a------ c:\windows\ODBC.INI 2008-11-04 13:48 . 2008-11-04 13:49 <DIR> d-------- c:\windows\SHELLNEW 2008-11-04 13:43 . 2008-11-04 13:43 <DIR> dr-h----- C:\MSOCache 2008-11-04 13:25 . 2008-11-04 13:25 <DIR> d---s---- c:\documents and settings\Carmita\UserData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-14 19:11 --------- d-----w c:\documents and settings\Carmita\Dados de aplicativos\Ahead 2008-11-04 19:28 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-04 14:53 --------- d-----w c:\arquivos de programas\Alwil Software 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\Realtek Sound Manager 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\Realtek AC97 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\AvRack 2008-11-04 14:41 --------- d-----w c:\arquivos de programas\S3 2008-11-04 14:38 --------- d-----w c:\arquivos de programas\VIA 2008-11-04 14:38 --------- d-----w c:\arquivos de programas\On-line Help Console 2008-11-04 14:29 --------- d-----w c:\arquivos de programas\microsoft frontpage 2008-11-04 14:27 --------- d-----w c:\arquivos de programas\Serviços on-line 2008-11-04 14:26 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços 2008-11-04 14:20 --------- d-----w c:\arquivos de programas\Oi Velox 2008-11-04 14:12 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead 2008-11-04 14:08 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero 2008-11-04 14:08 --------- d-----w c:\arquivos de programas\Nero 2008-11-04 14:03 --------- d-----w c:\arquivos de programas\CyberLink 2008-11-04 14:01 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-29 22:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll 2008-08-20 05:37 661,504 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-12_10.47.25.09 ))))))))))))))))))))))))))))))))))))))))) . + 2002-03-11 16:45:04 1,708,856 ----a-r c:\windows\Cache\Adobe Reader 6.0\PTBBIG\instmsia.exe + 2002-03-11 17:06:30 1,822,520 ----a-r c:\windows\Cache\Adobe Reader 6.0\PTBBIG\instmsiw.exe + 2003-07-11 23:02:56 217,088 ----a-r c:\windows\Cache\Adobe Reader 6.0\PTBBIG\setup.exe + 2008-11-12 14:07:53 23,558 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1046-7B44-000000000001}\ARPPRODUCTICON.exe - 2007-07-30 21:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 16:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2007-07-30 21:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 16:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2007-07-30 21:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 16:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2007-07-30 21:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 16:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2007-07-30 21:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 16:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2007-07-30 21:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 16:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2007-07-30 21:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 16:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-09-10 06:09:54 731,264 ----a-w c:\windows\system32\drivers\HSF_CNXT.sys + 2008-09-10 06:10:36 985,728 ----a-w c:\windows\system32\drivers\HSF_DPV.sys + 2008-09-10 06:09:58 267,520 ----a-w c:\windows\system32\drivers\HSFHWBS2.sys + 2006-06-19 08:26:58 12,672 ----a-w c:\windows\system32\drivers\mdmxsdk.sys + 2006-06-19 08:26:50 94,208 ----a-w c:\windows\system32\mdmxsdk.dll - 2008-11-07 22:54:56 67,560 ----a-w c:\windows\system32\perfc009.dat + 2008-11-12 13:12:54 67,560 ----a-w c:\windows\system32\perfc009.dat - 2008-11-07 22:54:56 76,196 ----a-w c:\windows\system32\perfc016.dat + 2008-11-12 13:12:54 76,196 ----a-w c:\windows\system32\perfc016.dat - 2008-11-07 22:54:56 432,856 ----a-w c:\windows\system32\perfh009.dat + 2008-11-12 13:12:54 432,856 ----a-w c:\windows\system32\perfh009.dat - 2008-11-07 22:54:56 465,632 ----a-w c:\windows\system32\perfh016.dat + 2008-11-12 13:12:54 465,632 ----a-w c:\windows\system32\perfh016.dat + 2008-10-16 16:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 16:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll + 2008-07-30 10:26:48 249,856 ----a-w c:\windows\system32\UCI32M34.dll + 2008-11-20 20:46:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_588.dat . -- Snapshot resetado para data atual -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536] "VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-10-31 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-06-20 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-04 113664] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Playlist\\pgm\\Playlist.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-11-04 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-11-04 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-04 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-04 20560] R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{071dd63c-aa89-11dd-bb0f-001921916f81}] \Shell\AutOplAy\coMmAnD - crfae.exe \Shell\AutoRun\command - crfae.exe \Shell\EXploRe\CoMMANd - crfae.exe \Shell\Open\cOmMANd - crfae.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f8e1768-b1d9-11dd-8364-001921916f81}] \Shell\AutoRun\command - c9hehpa.bat \Shell\explore\Command - c9hehpa.bat \Shell\open\Command - c9hehpa.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373c9626-aa8c-11dd-a13d-806d6172696f}] \Shell\AutoRun\command - D:\3wcxx91.cmd \Shell\explore\Command - D:\3wcxx91.cmd \Shell\open\Command - D:\3wcxx91.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{964945d0-b3e5-11dd-836d-001921916f81}] \Shell\AutoRun\command - E:\0w.com \Shell\explore\Command - E:\0w.com \Shell\open\Command - E:\0w.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{964945d1-b3e5-11dd-836d-001921916f81}] \Shell\AutoRun\command - E:\0w.com \Shell\explore\Command - E:\0w.com \Shell\open\Command - E:\0w.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a12afb20-aa7f-11dd-bb0a-001921916f81}] \Shell\AutOplAy\coMmAnD - crfae.exe \Shell\AutoRun\command - crfae.exe \Shell\EXploRe\CoMMANd - crfae.exe \Shell\Open\cOmMANd - crfae.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d9dac9-b6a5-11dd-8382-001921916f81}] \Shell\AutoRun\command - E:\LaunchU3.exe -a *Newly Created Service* - ASPI32 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-20 18:46:36 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe . ************************************************************************** . Tempo para conclusão: 2008-11-20 18:49:42 - Máquina reiniciou [Carmita] ComboFix-quarantined-files.txt 2008-11-20 20:49:33 ComboFix2.txt 2008-11-12 12:47:47 Pré-execução: 17 pasta(s) 43,580,395,520 bytes disponíveis Pós execução: 17 pasta(s) 43,741,900,800 bytes disponíveis 271 --- E O F --- 2008-11-12 13:54:38 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Novembro 27, 2008 Opa jmarceu, Siga as instruções: 1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote": File::c:\windows\system32\gasretyw1.dll c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\imsins.BAK D:\3wcxx91.cmd E:\LaunchU3.exe E:\0w.com Folder:: c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94} C:\d2c008ba7149ff71f12b9a C:\dac9e28fdccc2fb2ec55ee C:\2004a2bb791c9c2bd1 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{071dd63c-aa89-11dd-bb0f-001921916f81}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f8e1768-b1d9-11dd-8364-001921916f81}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373c9626-aa8c-11dd-a13d-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{964945d0-b3e5-11dd-836d-001921916f81}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{964945d1-b3e5-11dd-836d-001921916f81}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a12afb20-aa7f-11dd-bb0a-001921916f81}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d9dac9-b6a5-11dd-8382-001921916f81}] ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário. 2. Salve o arquivo como CFScript.txt; 3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe. 4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis. Abraços. PS.: Execute a ação com o seu pendrive conectado ao PC. Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Novembro 27, 2008 Caro jgarcia, fiz o que disse. Novamente o ComboFix pediu atualização e, novamente, deu erro. Prossegui como disse; pendrive conectado. Segue os dois logs pedidos. Abraço. HijackThis Logfile of HijackThis v1.99.1 Scan saved at 15:28:56, on 27/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cmpe.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\NitroPC\NitroPC.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Carmita\Desktop\limpeza doni\HijackThis.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.velox.com.br/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{A179BBF1-739B-4053-83D8-D6C93631612A}: NameServer = 200.165.132.154 200.149.55.142 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe ComboFix ComboFix 08-11-27.01 - Carmita 2008-11-27 15:21:46.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.185 [GMT -2:00] Executando de: c:\documents and settings\Carmita\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Carmita\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: c:\windows\imsins.BAK c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\system32\gasretyw1.dll D:\3wcxx91.cmd E:\0w.com E:\LaunchU3.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2004a2bb791c9c2bd1 c:\2004a2bb791c9c2bd1\admparse.dll c:\2004a2bb791c9c2bd1\admparse.dll.mui c:\2004a2bb791c9c2bd1\advpack.dll c:\2004a2bb791c9c2bd1\advpack.dll.mui c:\2004a2bb791c9c2bd1\browseui.dll c:\2004a2bb791c9c2bd1\corpol.dll c:\2004a2bb791c9c2bd1\custsat.dll c:\2004a2bb791c9c2bd1\dxtmsft.dll c:\2004a2bb791c9c2bd1\dxtrans.dll c:\2004a2bb791c9c2bd1\extmgr.dll c:\2004a2bb791c9c2bd1\extmgr.dll.mui c:\2004a2bb791c9c2bd1\feeddisc.wav c:\2004a2bb791c9c2bd1\hmmapi.dll c:\2004a2bb791c9c2bd1\hmmapi.dll.mui c:\2004a2bb791c9c2bd1\html.iec c:\2004a2bb791c9c2bd1\html.iec.mui c:\2004a2bb791c9c2bd1\icardie.dll c:\2004a2bb791c9c2bd1\icardie.dll.mui c:\2004a2bb791c9c2bd1\icrav03.rat c:\2004a2bb791c9c2bd1\ie4uinit.exe c:\2004a2bb791c9c2bd1\ie4uinit.exe.mui c:\2004a2bb791c9c2bd1\ieakeng.dll c:\2004a2bb791c9c2bd1\ieakeng.dll.mui c:\2004a2bb791c9c2bd1\ieakmmc.chm c:\2004a2bb791c9c2bd1\ieaksie.dll c:\2004a2bb791c9c2bd1\ieaksie.dll.mui c:\2004a2bb791c9c2bd1\ieakui.dll c:\2004a2bb791c9c2bd1\ieakui.dll.mui c:\2004a2bb791c9c2bd1\ieapfltr.dat c:\2004a2bb791c9c2bd1\ieapfltr.dll c:\2004a2bb791c9c2bd1\iedkcs32.dll c:\2004a2bb791c9c2bd1\iedkcs32.dll.mui c:\2004a2bb791c9c2bd1\iedw.exe c:\2004a2bb791c9c2bd1\iedw.exe.mui c:\2004a2bb791c9c2bd1\ieencode.dll c:\2004a2bb791c9c2bd1\ieeula.chm c:\2004a2bb791c9c2bd1\ieframe.dll c:\2004a2bb791c9c2bd1\ieframe.dll.mui c:\2004a2bb791c9c2bd1\iepeers.dll c:\2004a2bb791c9c2bd1\iepeers.dll.mui c:\2004a2bb791c9c2bd1\ieproxy.dll c:\2004a2bb791c9c2bd1\iernonce.dll c:\2004a2bb791c9c2bd1\iernonce.dll.mui c:\2004a2bb791c9c2bd1\iertutil.dll c:\2004a2bb791c9c2bd1\iesetup.dll c:\2004a2bb791c9c2bd1\iesetup.dll.mui c:\2004a2bb791c9c2bd1\iesupp.chm c:\2004a2bb791c9c2bd1\ieudinit.exe c:\2004a2bb791c9c2bd1\ieui.dll c:\2004a2bb791c9c2bd1\ieui.dll.mui c:\2004a2bb791c9c2bd1\ieuinit.inf c:\2004a2bb791c9c2bd1\ieunatt.exe.mui c:\2004a2bb791c9c2bd1\iexplore.chm c:\2004a2bb791c9c2bd1\iexplore.exe c:\2004a2bb791c9c2bd1\iexplore.exe.mui c:\2004a2bb791c9c2bd1\imgutil.dll c:\2004a2bb791c9c2bd1\inetcorp.iem c:\2004a2bb791c9c2bd1\inetcpl.cpl c:\2004a2bb791c9c2bd1\inetcpl.cpl.mui c:\2004a2bb791c9c2bd1\inetres.adm c:\2004a2bb791c9c2bd1\inetset.iem c:\2004a2bb791c9c2bd1\infobar.wav c:\2004a2bb791c9c2bd1\inseng.dll c:\2004a2bb791c9c2bd1\inseng.dll.mui c:\2004a2bb791c9c2bd1\install.ins c:\2004a2bb791c9c2bd1\jscript.dll c:\2004a2bb791c9c2bd1\jsproxy.dll c:\2004a2bb791c9c2bd1\licmgr10.dll c:\2004a2bb791c9c2bd1\licmgr10.dll.mui c:\2004a2bb791c9c2bd1\msfeeds.dll c:\2004a2bb791c9c2bd1\msfeeds.mof c:\2004a2bb791c9c2bd1\msfeedsbs.dll c:\2004a2bb791c9c2bd1\msfeedsbs.dll.mui c:\2004a2bb791c9c2bd1\msfeedsbs.mof c:\2004a2bb791c9c2bd1\msfeedssync.exe c:\2004a2bb791c9c2bd1\mshta.exe c:\2004a2bb791c9c2bd1\mshta.exe.mui c:\2004a2bb791c9c2bd1\mshtml.dll c:\2004a2bb791c9c2bd1\mshtml.dll.mui c:\2004a2bb791c9c2bd1\mshtml.tlb c:\2004a2bb791c9c2bd1\mshtmled.dll c:\2004a2bb791c9c2bd1\mshtmled.dll.mui c:\2004a2bb791c9c2bd1\mshtmler.dll c:\2004a2bb791c9c2bd1\mshtmler.dll.mui c:\2004a2bb791c9c2bd1\msls31.dll c:\2004a2bb791c9c2bd1\msrating.dll c:\2004a2bb791c9c2bd1\msrating.dll.mui c:\2004a2bb791c9c2bd1\mstime.dll c:\2004a2bb791c9c2bd1\navstart.wav c:\2004a2bb791c9c2bd1\occache.dll c:\2004a2bb791c9c2bd1\occache.dll.mui c:\2004a2bb791c9c2bd1\occache.ini c:\2004a2bb791c9c2bd1\pngfilt.dll c:\2004a2bb791c9c2bd1\popupblk.wav c:\2004a2bb791c9c2bd1\shdocvw.dll c:\2004a2bb791c9c2bd1\shlwapi.dll c:\2004a2bb791c9c2bd1\spmsg.dll c:\2004a2bb791c9c2bd1\spuninst.exe c:\2004a2bb791c9c2bd1\spupdsvc.exe c:\2004a2bb791c9c2bd1\tdc.ocx c:\2004a2bb791c9c2bd1\ticrf.rat c:\2004a2bb791c9c2bd1\update\eula.rtf c:\2004a2bb791c9c2bd1\update\idndl.exe c:\2004a2bb791c9c2bd1\update\ie7.cat c:\2004a2bb791c9c2bd1\update\iecustom.dll c:\2004a2bb791c9c2bd1\update\iereseticons.exe c:\2004a2bb791c9c2bd1\update\iesetup.exe c:\2004a2bb791c9c2bd1\update\legitlibm.dll c:\2004a2bb791c9c2bd1\update\nlsdl.exe c:\2004a2bb791c9c2bd1\update\update.exe c:\2004a2bb791c9c2bd1\update\update.exe.manifest c:\2004a2bb791c9c2bd1\update\update.inf c:\2004a2bb791c9c2bd1\update\update.ver c:\2004a2bb791c9c2bd1\update\updspapi.dll c:\2004a2bb791c9c2bd1\update\xmllitesetup.exe c:\2004a2bb791c9c2bd1\url.dll c:\2004a2bb791c9c2bd1\urlmon.dll c:\2004a2bb791c9c2bd1\urlmon.dll.mui c:\2004a2bb791c9c2bd1\vbscript.dll c:\2004a2bb791c9c2bd1\vgx.dll c:\2004a2bb791c9c2bd1\webcheck.dll c:\2004a2bb791c9c2bd1\webcheck.dll.mui c:\2004a2bb791c9c2bd1\webcheck.ini c:\2004a2bb791c9c2bd1\winfxdocobj.exe c:\2004a2bb791c9c2bd1\winfxdocobj.exe.mui c:\2004a2bb791c9c2bd1\wininet.dll c:\2004a2bb791c9c2bd1\wininet.dll.mui C:\abk.bat C:\Autorun.inf C:\d2c008ba7149ff71f12b9a c:\d2c008ba7149ff71f12b9a\admparse.dll c:\d2c008ba7149ff71f12b9a\admparse.dll.mui c:\d2c008ba7149ff71f12b9a\advpack.dll c:\d2c008ba7149ff71f12b9a\advpack.dll.mui c:\d2c008ba7149ff71f12b9a\browseui.dll c:\d2c008ba7149ff71f12b9a\corpol.dll c:\d2c008ba7149ff71f12b9a\custsat.dll c:\d2c008ba7149ff71f12b9a\dxtmsft.dll c:\d2c008ba7149ff71f12b9a\dxtrans.dll c:\d2c008ba7149ff71f12b9a\extmgr.dll c:\d2c008ba7149ff71f12b9a\extmgr.dll.mui c:\d2c008ba7149ff71f12b9a\feeddisc.wav c:\d2c008ba7149ff71f12b9a\hmmapi.dll c:\d2c008ba7149ff71f12b9a\hmmapi.dll.mui c:\d2c008ba7149ff71f12b9a\html.iec c:\d2c008ba7149ff71f12b9a\html.iec.mui c:\d2c008ba7149ff71f12b9a\icardie.dll c:\d2c008ba7149ff71f12b9a\icardie.dll.mui c:\d2c008ba7149ff71f12b9a\icrav03.rat c:\d2c008ba7149ff71f12b9a\ie4uinit.exe c:\d2c008ba7149ff71f12b9a\ie4uinit.exe.mui c:\d2c008ba7149ff71f12b9a\ieakeng.dll c:\d2c008ba7149ff71f12b9a\ieakeng.dll.mui c:\d2c008ba7149ff71f12b9a\ieakmmc.chm c:\d2c008ba7149ff71f12b9a\ieaksie.dll c:\d2c008ba7149ff71f12b9a\ieaksie.dll.mui c:\d2c008ba7149ff71f12b9a\ieakui.dll c:\d2c008ba7149ff71f12b9a\ieakui.dll.mui c:\d2c008ba7149ff71f12b9a\ieapfltr.dat c:\d2c008ba7149ff71f12b9a\ieapfltr.dll c:\d2c008ba7149ff71f12b9a\iedkcs32.dll c:\d2c008ba7149ff71f12b9a\iedkcs32.dll.mui c:\d2c008ba7149ff71f12b9a\iedw.exe c:\d2c008ba7149ff71f12b9a\iedw.exe.mui c:\d2c008ba7149ff71f12b9a\ieencode.dll c:\d2c008ba7149ff71f12b9a\ieeula.chm c:\d2c008ba7149ff71f12b9a\ieframe.dll c:\d2c008ba7149ff71f12b9a\ieframe.dll.mui c:\d2c008ba7149ff71f12b9a\iepeers.dll c:\d2c008ba7149ff71f12b9a\iepeers.dll.mui c:\d2c008ba7149ff71f12b9a\ieproxy.dll c:\d2c008ba7149ff71f12b9a\iernonce.dll c:\d2c008ba7149ff71f12b9a\iernonce.dll.mui c:\d2c008ba7149ff71f12b9a\iertutil.dll c:\d2c008ba7149ff71f12b9a\iesetup.dll c:\d2c008ba7149ff71f12b9a\iesetup.dll.mui c:\d2c008ba7149ff71f12b9a\iesupp.chm c:\d2c008ba7149ff71f12b9a\ieudinit.exe c:\d2c008ba7149ff71f12b9a\ieui.dll c:\d2c008ba7149ff71f12b9a\ieui.dll.mui c:\d2c008ba7149ff71f12b9a\ieuinit.inf c:\d2c008ba7149ff71f12b9a\ieunatt.exe.mui c:\d2c008ba7149ff71f12b9a\iexplore.chm c:\d2c008ba7149ff71f12b9a\iexplore.exe c:\d2c008ba7149ff71f12b9a\iexplore.exe.mui c:\d2c008ba7149ff71f12b9a\imgutil.dll c:\d2c008ba7149ff71f12b9a\inetcorp.iem c:\d2c008ba7149ff71f12b9a\inetcpl.cpl c:\d2c008ba7149ff71f12b9a\inetcpl.cpl.mui c:\d2c008ba7149ff71f12b9a\inetres.adm c:\d2c008ba7149ff71f12b9a\inetset.iem c:\d2c008ba7149ff71f12b9a\infobar.wav c:\d2c008ba7149ff71f12b9a\inseng.dll c:\d2c008ba7149ff71f12b9a\inseng.dll.mui c:\d2c008ba7149ff71f12b9a\install.ins c:\d2c008ba7149ff71f12b9a\jscript.dll c:\d2c008ba7149ff71f12b9a\jsproxy.dll c:\d2c008ba7149ff71f12b9a\licmgr10.dll c:\d2c008ba7149ff71f12b9a\licmgr10.dll.mui c:\d2c008ba7149ff71f12b9a\msfeeds.dll c:\d2c008ba7149ff71f12b9a\msfeeds.mof c:\d2c008ba7149ff71f12b9a\msfeedsbs.dll c:\d2c008ba7149ff71f12b9a\msfeedsbs.dll.mui c:\d2c008ba7149ff71f12b9a\msfeedsbs.mof c:\d2c008ba7149ff71f12b9a\msfeedssync.exe c:\d2c008ba7149ff71f12b9a\mshta.exe c:\d2c008ba7149ff71f12b9a\mshta.exe.mui c:\d2c008ba7149ff71f12b9a\mshtml.dll c:\d2c008ba7149ff71f12b9a\mshtml.dll.mui c:\d2c008ba7149ff71f12b9a\mshtml.tlb c:\d2c008ba7149ff71f12b9a\mshtmled.dll c:\d2c008ba7149ff71f12b9a\mshtmled.dll.mui c:\d2c008ba7149ff71f12b9a\mshtmler.dll c:\d2c008ba7149ff71f12b9a\mshtmler.dll.mui c:\d2c008ba7149ff71f12b9a\msls31.dll c:\d2c008ba7149ff71f12b9a\msrating.dll c:\d2c008ba7149ff71f12b9a\msrating.dll.mui c:\d2c008ba7149ff71f12b9a\mstime.dll c:\d2c008ba7149ff71f12b9a\navstart.wav c:\d2c008ba7149ff71f12b9a\occache.dll c:\d2c008ba7149ff71f12b9a\occache.dll.mui c:\d2c008ba7149ff71f12b9a\occache.ini c:\d2c008ba7149ff71f12b9a\pngfilt.dll c:\d2c008ba7149ff71f12b9a\popupblk.wav c:\d2c008ba7149ff71f12b9a\shdocvw.dll c:\d2c008ba7149ff71f12b9a\shlwapi.dll c:\d2c008ba7149ff71f12b9a\spmsg.dll c:\d2c008ba7149ff71f12b9a\spuninst.exe c:\d2c008ba7149ff71f12b9a\spupdsvc.exe c:\d2c008ba7149ff71f12b9a\tdc.ocx c:\d2c008ba7149ff71f12b9a\ticrf.rat c:\d2c008ba7149ff71f12b9a\update\eula.rtf c:\d2c008ba7149ff71f12b9a\update\idndl.exe c:\d2c008ba7149ff71f12b9a\update\ie7.cat c:\d2c008ba7149ff71f12b9a\update\iecustom.dll c:\d2c008ba7149ff71f12b9a\update\iereseticons.exe c:\d2c008ba7149ff71f12b9a\update\iesetup.exe c:\d2c008ba7149ff71f12b9a\update\legitlibm.dll c:\d2c008ba7149ff71f12b9a\update\nlsdl.exe c:\d2c008ba7149ff71f12b9a\update\update.exe c:\d2c008ba7149ff71f12b9a\update\update.exe.manifest c:\d2c008ba7149ff71f12b9a\update\update.inf c:\d2c008ba7149ff71f12b9a\update\update.ver c:\d2c008ba7149ff71f12b9a\update\updspapi.dll c:\d2c008ba7149ff71f12b9a\update\xmllitesetup.exe c:\d2c008ba7149ff71f12b9a\url.dll c:\d2c008ba7149ff71f12b9a\urlmon.dll c:\d2c008ba7149ff71f12b9a\urlmon.dll.mui c:\d2c008ba7149ff71f12b9a\vbscript.dll c:\d2c008ba7149ff71f12b9a\vgx.dll c:\d2c008ba7149ff71f12b9a\webcheck.dll c:\d2c008ba7149ff71f12b9a\webcheck.dll.mui c:\d2c008ba7149ff71f12b9a\webcheck.ini c:\d2c008ba7149ff71f12b9a\winfxdocobj.exe c:\d2c008ba7149ff71f12b9a\winfxdocobj.exe.mui c:\d2c008ba7149ff71f12b9a\wininet.dll c:\d2c008ba7149ff71f12b9a\wininet.dll.mui C:\dac9e28fdccc2fb2ec55ee c:\dac9e28fdccc2fb2ec55ee\admparse.dll c:\dac9e28fdccc2fb2ec55ee\admparse.dll.mui c:\dac9e28fdccc2fb2ec55ee\advpack.dll c:\dac9e28fdccc2fb2ec55ee\advpack.dll.mui c:\dac9e28fdccc2fb2ec55ee\browseui.dll c:\dac9e28fdccc2fb2ec55ee\corpol.dll c:\dac9e28fdccc2fb2ec55ee\custsat.dll c:\dac9e28fdccc2fb2ec55ee\dxtmsft.dll c:\dac9e28fdccc2fb2ec55ee\dxtrans.dll c:\dac9e28fdccc2fb2ec55ee\extmgr.dll c:\dac9e28fdccc2fb2ec55ee\extmgr.dll.mui c:\dac9e28fdccc2fb2ec55ee\feeddisc.wav c:\dac9e28fdccc2fb2ec55ee\hmmapi.dll c:\dac9e28fdccc2fb2ec55ee\hmmapi.dll.mui c:\dac9e28fdccc2fb2ec55ee\html.iec c:\dac9e28fdccc2fb2ec55ee\html.iec.mui c:\dac9e28fdccc2fb2ec55ee\icardie.dll c:\dac9e28fdccc2fb2ec55ee\icardie.dll.mui c:\dac9e28fdccc2fb2ec55ee\icrav03.rat c:\dac9e28fdccc2fb2ec55ee\ie4uinit.exe c:\dac9e28fdccc2fb2ec55ee\ie4uinit.exe.mui c:\dac9e28fdccc2fb2ec55ee\ieakeng.dll c:\dac9e28fdccc2fb2ec55ee\ieakeng.dll.mui c:\dac9e28fdccc2fb2ec55ee\ieakmmc.chm c:\dac9e28fdccc2fb2ec55ee\ieaksie.dll c:\dac9e28fdccc2fb2ec55ee\ieaksie.dll.mui c:\dac9e28fdccc2fb2ec55ee\ieakui.dll c:\dac9e28fdccc2fb2ec55ee\ieakui.dll.mui c:\dac9e28fdccc2fb2ec55ee\ieapfltr.dat c:\dac9e28fdccc2fb2ec55ee\ieapfltr.dll c:\dac9e28fdccc2fb2ec55ee\iedkcs32.dll c:\dac9e28fdccc2fb2ec55ee\iedkcs32.dll.mui c:\dac9e28fdccc2fb2ec55ee\iedw.exe c:\dac9e28fdccc2fb2ec55ee\iedw.exe.mui c:\dac9e28fdccc2fb2ec55ee\ieencode.dll c:\dac9e28fdccc2fb2ec55ee\ieeula.chm c:\dac9e28fdccc2fb2ec55ee\ieframe.dll c:\dac9e28fdccc2fb2ec55ee\ieframe.dll.mui c:\dac9e28fdccc2fb2ec55ee\iepeers.dll c:\dac9e28fdccc2fb2ec55ee\iepeers.dll.mui c:\dac9e28fdccc2fb2ec55ee\ieproxy.dll c:\dac9e28fdccc2fb2ec55ee\iernonce.dll c:\dac9e28fdccc2fb2ec55ee\iernonce.dll.mui c:\dac9e28fdccc2fb2ec55ee\iertutil.dll c:\dac9e28fdccc2fb2ec55ee\iesetup.dll c:\dac9e28fdccc2fb2ec55ee\iesetup.dll.mui c:\dac9e28fdccc2fb2ec55ee\iesupp.chm c:\dac9e28fdccc2fb2ec55ee\ieudinit.exe c:\dac9e28fdccc2fb2ec55ee\ieui.dll c:\dac9e28fdccc2fb2ec55ee\ieui.dll.mui c:\dac9e28fdccc2fb2ec55ee\ieuinit.inf c:\dac9e28fdccc2fb2ec55ee\ieunatt.exe.mui c:\dac9e28fdccc2fb2ec55ee\iexplore.chm c:\dac9e28fdccc2fb2ec55ee\iexplore.exe c:\dac9e28fdccc2fb2ec55ee\iexplore.exe.mui c:\dac9e28fdccc2fb2ec55ee\imgutil.dll c:\dac9e28fdccc2fb2ec55ee\inetcorp.iem c:\dac9e28fdccc2fb2ec55ee\inetcpl.cpl c:\dac9e28fdccc2fb2ec55ee\inetcpl.cpl.mui c:\dac9e28fdccc2fb2ec55ee\inetres.adm c:\dac9e28fdccc2fb2ec55ee\inetset.iem c:\dac9e28fdccc2fb2ec55ee\infobar.wav c:\dac9e28fdccc2fb2ec55ee\inseng.dll c:\dac9e28fdccc2fb2ec55ee\inseng.dll.mui c:\dac9e28fdccc2fb2ec55ee\install.ins c:\dac9e28fdccc2fb2ec55ee\jscript.dll c:\dac9e28fdccc2fb2ec55ee\jsproxy.dll c:\dac9e28fdccc2fb2ec55ee\licmgr10.dll c:\dac9e28fdccc2fb2ec55ee\licmgr10.dll.mui c:\dac9e28fdccc2fb2ec55ee\msfeeds.dll c:\dac9e28fdccc2fb2ec55ee\msfeeds.mof c:\dac9e28fdccc2fb2ec55ee\msfeedsbs.dll c:\dac9e28fdccc2fb2ec55ee\msfeedsbs.dll.mui c:\dac9e28fdccc2fb2ec55ee\msfeedsbs.mof c:\dac9e28fdccc2fb2ec55ee\msfeedssync.exe c:\dac9e28fdccc2fb2ec55ee\mshta.exe c:\dac9e28fdccc2fb2ec55ee\mshta.exe.mui c:\dac9e28fdccc2fb2ec55ee\mshtml.dll c:\dac9e28fdccc2fb2ec55ee\mshtml.dll.mui c:\dac9e28fdccc2fb2ec55ee\mshtml.tlb c:\dac9e28fdccc2fb2ec55ee\mshtmled.dll c:\dac9e28fdccc2fb2ec55ee\mshtmled.dll.mui c:\dac9e28fdccc2fb2ec55ee\mshtmler.dll c:\dac9e28fdccc2fb2ec55ee\mshtmler.dll.mui c:\dac9e28fdccc2fb2ec55ee\msls31.dll c:\dac9e28fdccc2fb2ec55ee\msrating.dll c:\dac9e28fdccc2fb2ec55ee\msrating.dll.mui c:\dac9e28fdccc2fb2ec55ee\mstime.dll c:\dac9e28fdccc2fb2ec55ee\navstart.wav c:\dac9e28fdccc2fb2ec55ee\occache.dll c:\dac9e28fdccc2fb2ec55ee\occache.dll.mui c:\dac9e28fdccc2fb2ec55ee\occache.ini c:\dac9e28fdccc2fb2ec55ee\pngfilt.dll c:\dac9e28fdccc2fb2ec55ee\popupblk.wav c:\dac9e28fdccc2fb2ec55ee\shdocvw.dll c:\dac9e28fdccc2fb2ec55ee\shlwapi.dll c:\dac9e28fdccc2fb2ec55ee\spmsg.dll c:\dac9e28fdccc2fb2ec55ee\spuninst.exe c:\dac9e28fdccc2fb2ec55ee\spupdsvc.exe c:\dac9e28fdccc2fb2ec55ee\tdc.ocx c:\dac9e28fdccc2fb2ec55ee\ticrf.rat c:\dac9e28fdccc2fb2ec55ee\update\eula.rtf c:\dac9e28fdccc2fb2ec55ee\update\idndl.exe c:\dac9e28fdccc2fb2ec55ee\update\ie7.cat c:\dac9e28fdccc2fb2ec55ee\update\iecustom.dll c:\dac9e28fdccc2fb2ec55ee\update\iereseticons.exe c:\dac9e28fdccc2fb2ec55ee\update\iesetup.exe c:\dac9e28fdccc2fb2ec55ee\update\legitlibm.dll c:\dac9e28fdccc2fb2ec55ee\update\nlsdl.exe c:\dac9e28fdccc2fb2ec55ee\update\update.exe c:\dac9e28fdccc2fb2ec55ee\update\update.exe.manifest c:\dac9e28fdccc2fb2ec55ee\update\update.inf c:\dac9e28fdccc2fb2ec55ee\update\update.ver c:\dac9e28fdccc2fb2ec55ee\update\updspapi.dll c:\dac9e28fdccc2fb2ec55ee\update\xmllitesetup.exe c:\dac9e28fdccc2fb2ec55ee\url.dll c:\dac9e28fdccc2fb2ec55ee\urlmon.dll c:\dac9e28fdccc2fb2ec55ee\urlmon.dll.mui c:\dac9e28fdccc2fb2ec55ee\vbscript.dll c:\dac9e28fdccc2fb2ec55ee\vgx.dll c:\dac9e28fdccc2fb2ec55ee\webcheck.dll c:\dac9e28fdccc2fb2ec55ee\webcheck.dll.mui c:\dac9e28fdccc2fb2ec55ee\webcheck.ini c:\dac9e28fdccc2fb2ec55ee\winfxdocobj.exe c:\dac9e28fdccc2fb2ec55ee\winfxdocobj.exe.mui c:\dac9e28fdccc2fb2ec55ee\wininet.dll c:\dac9e28fdccc2fb2ec55ee\wininet.dll.mui c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94} c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\instance.dat c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\mia.lib c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.dat c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.exe c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.msi c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.par c:\documents and settings\All Users\Dados de aplicativos\{8477994D-889C-43C2-80D8-0B371F90DD94}\PCDJ RED VRM.res C:\m2nl.bat c:\windows\imsins.BAK c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\system32\gasretyw0.dll c:\windows\system32\gasretyw1.dll c:\windows\system32\kamsoft.exe E:\Autorun.inf E:\m2nl.bat . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))) . 2008-11-14 17:37 . 2008-11-14 17:37 <DIR> d-------- c:\arquivos de programas\NCH Software 2008-11-12 16:17 . 2000-04-18 21:36 36,848 --a------ c:\windows\system32\drivers\XKUsb.sys 2008-11-12 12:08 . 2008-11-12 12:08 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\AdobeUM 2008-11-12 12:06 . 2008-11-12 12:06 <DIR> d-------- c:\windows\Cache 2008-11-12 11:12 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys 2008-11-12 11:12 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys 2008-11-12 11:11 . 2008-11-12 11:11 <DIR> d-------- c:\arquivos de programas\CONEXANT 2008-11-11 23:48 . 2008-10-24 09:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 10:16 . 2008-11-10 10:22 <DIR> d-------- C:\Hjin 2008-11-10 10:11 . 2008-11-10 10:11 <DIR> d-------- c:\arquivos de programas\CCleaner 2008-11-10 10:10 . 2008-11-10 10:10 <DIR> d-------- C:\!KillBox 2008-11-08 16:12 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll 2008-11-08 16:12 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll 2008-11-08 16:12 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-08 10:48 . 2008-11-12 16:17 <DIR> d-------- c:\arquivos de programas\visiosonic 2008-11-07 14:31 . 2008-11-07 14:31 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sonic Foundry 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- C:\Program Files 2008-11-07 14:30 . 2008-11-07 14:30 <DIR> d-------- c:\arquivos de programas\Sonic Foundry 2008-11-07 14:30 . 2001-10-19 14:40 1,683,792 --a------ c:\windows\system32\wmvcore2.dll 2008-11-07 14:30 . 2001-10-19 14:40 665,424 --a------ c:\windows\system32\wmv8dmoe.dll 2008-11-07 14:30 . 2001-10-19 14:39 572,752 --a------ c:\windows\system32\wmvdmoe.dll 2008-11-07 14:30 . 2001-10-19 14:40 438,608 --a------ c:\windows\system32\wmv8dmod.dll 2008-11-07 14:30 . 2001-10-19 02:05 285,184 --a------ c:\windows\system32\wmidx2.ocx 2008-11-07 14:30 . 2008-11-07 14:30 156,910 --a------ c:\windows\WMSysPr8.prx 2008-11-07 14:05 . 2008-11-23 15:03 <DIR> d-------- c:\documents and settings\Carmita\Contacts 2008-11-07 14:02 . 2008-11-07 14:02 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-11-07 12:44 . 2008-11-07 14:01 <DIR> d-------- c:\arquivos de programas\Windows Live 2008-11-07 12:44 . 2008-11-07 14:01 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Malwarebytes 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2008-11-07 12:17 . 2008-11-07 12:17 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware 2008-11-07 12:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-07 12:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-07 11:44 . 2008-11-07 13:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller 2008-11-07 11:27 . 2008-11-07 11:36 <DIR> d-------- c:\arquivos de programas\NitroPC 2008-11-07 10:44 . 2008-11-07 10:44 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2 2008-11-07 10:42 . 2008-11-07 10:42 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-07 10:42 . 2008-11-07 10:43 <DIR> d-------- c:\windows\system32\drivers\UMDF 2008-11-06 23:16 . 2008-11-09 11:14 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-11-06 19:42 . 2008-06-14 15:59 272,384 --------- c:\windows\system32\drivers\bthport.sys 2008-11-06 19:42 . 2008-06-14 15:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-06 17:34 . 2008-11-06 17:40 <DIR> d-------- C:\Playlist 2008-11-06 17:34 . 1998-04-14 09:23 921,654 --a------ c:\windows\Playlist Digital.bmp 2008-11-06 13:48 . 2008-11-06 13:48 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Publish Providers 2008-11-06 13:47 . 2008-11-06 13:47 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sony 2008-11-06 13:47 . 2008-11-26 17:20 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\arquivos de programas\Vstplugins 2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\arquivos de programas\Sony 2008-11-05 10:51 . 2008-08-14 11:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-05 10:51 . 2008-08-14 11:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-05 10:51 . 2008-08-14 11:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-05 10:48 . 2008-11-05 10:48 <DIR> d-------- c:\windows\system32\pt-BR 2008-11-05 10:47 . 2008-11-05 10:49 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-05 10:47 . 2008-11-05 10:47 <DIR> d-------- c:\arquivos de programas\Reference Assemblies 2008-11-05 10:47 . 2008-11-05 10:47 <DIR> d-------- c:\arquivos de programas\MSBuild 2008-11-05 10:46 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-05 10:44 . 2008-11-05 10:44 <DIR> d-------- c:\arquivos de programas\MSXML 6.0 2008-11-05 10:44 . 2006-10-16 16:10 23,856 --a------ c:\windows\system32\spupdsvc.exe 2008-11-04 17:56 . 2008-11-04 17:56 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\CyberLink 2008-11-04 17:56 . 2008-11-04 17:56 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink 2008-11-04 17:28 . 2008-11-04 17:29 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe 2008-11-04 17:09 . 2008-11-12 00:28 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-04 16:06 . 2008-11-04 16:06 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\Sony Setup 2008-11-04 16:05 . 2008-11-04 16:05 <DIR> d-------- c:\arquivos de programas\Sony Setup 2008-11-04 16:03 . 2008-11-04 16:03 27,136 --a------ c:\windows\system32\drivers\nchssvad.sys 2008-11-04 16:00 . 2008-11-04 16:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NCH Swift Sound 2008-11-04 15:58 . 2008-11-04 19:48 <DIR> d-------- c:\documents and settings\Carmita\Dados de aplicativos\NCH Swift Sound 2008-11-04 15:58 . 2008-11-04 19:48 <DIR> d-------- c:\arquivos de programas\NCH Swift Sound 2008-11-04 15:30 . 2008-11-23 02:35 69 --a------ c:\windows\NeroDigital.ini 2008-11-04 13:55 . 2008-11-27 00:57 <DIR> d-------- c:\arquivos de programas\Nitendo 2008-11-04 13:49 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2008-11-04 13:49 . 2008-11-04 13:49 421 --a------ c:\windows\ODBC.INI 2008-11-04 13:48 . 2008-11-04 13:49 <DIR> d-------- c:\windows\SHELLNEW 2008-11-04 13:43 . 2008-11-04 13:43 <DIR> dr-h----- C:\MSOCache 2008-11-04 13:25 . 2008-11-04 13:25 <DIR> d---s---- c:\documents and settings\Carmita\UserData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-14 19:11 --------- d-----w c:\documents and settings\Carmita\Dados de aplicativos\Ahead 2008-11-04 19:28 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-04 14:53 --------- d-----w c:\arquivos de programas\Alwil Software 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\Realtek Sound Manager 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\Realtek AC97 2008-11-04 14:44 --------- d-----w c:\arquivos de programas\AvRack 2008-11-04 14:41 --------- d-----w c:\arquivos de programas\S3 2008-11-04 14:38 --------- d-----w c:\arquivos de programas\VIA 2008-11-04 14:38 --------- d-----w c:\arquivos de programas\On-line Help Console 2008-11-04 14:29 --------- d-----w c:\arquivos de programas\microsoft frontpage 2008-11-04 14:27 --------- d-----w c:\arquivos de programas\Serviços on-line 2008-11-04 14:26 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços 2008-11-04 14:20 --------- d-----w c:\arquivos de programas\Oi Velox 2008-11-04 14:12 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead 2008-11-04 14:08 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Nero 2008-11-04 14:08 --------- d-----w c:\arquivos de programas\Nero 2008-11-04 14:03 --------- d-----w c:\arquivos de programas\CyberLink 2008-11-04 14:01 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-29 22:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll . ((((((((((((((((((((((((((((( snapshot_2008-11-20_18.49.02.56 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-27 17:25:54 16,384 ----atw c:\windows\temp\Perflib_Perfdata_598.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "desp2k"="c:\arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536] "VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-10-31 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2006-06-20 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-04 113664] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Playlist\\pgm\\Playlist.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-11-04 9728] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-11-04 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-04 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-04 20560] R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232] *Newly Created Service* - ASPI32 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-27 15:25:59 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe . ************************************************************************** . Tempo para conclusão: 2008-11-27 15:28:06 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-11-27 17:28:03 ComboFix2.txt 2008-11-20 20:49:44 ComboFix3.txt 2008-11-12 12:47:47 Pré-execução: 17 pasta(s) 46.142.689.280 bytes disponíveis Pós execução: 14 pasta(s) 46,185,287,680 bytes disponíveis 602 --- E O F --- 2008-11-12 13:54:38 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 2, 2008 Opa jmarceu, O log parece limpo. Os problemas persistem? Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Dezembro 2, 2008 Sim. :( Nem desinstala nem atualiza... Já Posso jogar esse micro no lixo ? hehehehe Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 2, 2008 Sim. :( Nem desinstala nem atualiza... Já Posso jogar esse micro no lixo ? hehehehe Abraços. Você já tentou reinstalar para, então, tentar removê-lo? Na maioria dos casos este procedimento resolve o problema. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Dezembro 4, 2008 Caro jgracia com a avast não tem conversa, não conseguir reinstalá-lo. Tentei removê-lo com o revosetup, mas nada. Inda tem processos dele em execução, mas consegui instalar o Avira Antivir e atualizar o IE. Penso que isso é um bom sinal. Te agradeço pela disponibilidade e paciência até agora. Vou abusar um pouquinho: :natal_biggrin: Poderias me ajudar a: 1. Remover o avast totalmente; 2. Remover o backup feito pelo combofix (eu acho que foi esse programa que fez um console de recuperação); 3. Entender o que aconteceu, pra não me repetir no mesmo erro. :D Muito obrigado mesmo! Espero resposta. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 5, 2008 Poderias me ajudar a:1. Remover o avast totalmente... Vamos tentar. Siga as instruções abaixo: 1. Clique em Iniciar e em Executar. 2. Na caixa Abrir, digite regedt32 e clique em OK. 3. No Editor do Registro, localize a seguinte chave do Registro: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall 4. No painel à esquerda, clique na chave do Registro Uninstall e clique em Exportar no menu Arquivo. 5. Na caixa de diálogo Exportar arquivo do Registro que aparece, clique em Desktop na lista Salvar em, digite uninstall na caixa Nome do arquivo e clique em Salvar. 6. Cada chave listada em Uninstall no painel à esquerda no Editor do Registro representa um programa que é exibido na lista Programas instalados da ferramenta Adicionar ou remover programas. Para determinar qual programa cada chave representa, clique na chave e visualize os seguintes valores no painel de detalhes à direita: DisplayName: O dado do valor para a chave DisplayName é o nome listado em Adicionar ou remover programas. -e- UninstallString: O dado do valor para a chave UninstallString é o programa usado para desinstalar o programa. 7. Após identificar a chave do Registro que representa o programa removido, mas que ainda é exibido na lista Programas instalados do Adicionar ou remover programas, clique com o botão direito do mouse na chave no painel à esquerda da janela Editor do Registro e clique em Excluir. Clique em Sim em resposta à mensagem "Tem certeza de que deseja excluir esta chave e todas as suas subchaves?". 8. No menu Arquivo, clique em Sair para fechar o Editor do Registro. 9. Clique em Iniciar, em Painel de controle e em Adicionar ou remover programas. Na lista Programas instalados, verifique se o programa do qual a chave do Registro você excluiu não está mais na lista. 10. Execute um dos seguintes procedimentos: Se a lista de programas não estiver correta em Adicionar ou remover programas, clique duas vezes no arquivo Uninstall.reg salvo na sua Área de trabalho da etapa 5 para restaurar a lista de programas original no Registro. -ou- Se lista de programas estiver correta em Adicionar ou remover programas, clique com o botão direito do mouse no arquivo Uninstall.reg na sua Área de trabalho e clique em Excluir. Feito isto, verifique se ele (Avast) ainda está em Adicionar / Remover programas. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Dezembro 10, 2008 Tudo certo. Item 1 ok :D. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Dezembro 12, 2008 jgarcia. Tinha dado o item 1 com ok, mas na verdade inda encontrei processos do avast rodando (instalei o komodo firewall). Vi dois processos ashMaiSv.exe ashServ.exe. Não param nem pelo gerenciador de tarefas. Aguardo auxílio.. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 22, 2008 Opa jmarceu, Desculpe a imensa demora, pois neste fim de ano ando muito atribulado. Caso ainda haja interesse de sua parte, poste uma nova resposta, a fim de que possamos dar continuidade ao tópico. Abraços e desculpe mais uma vez. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Dezembro 26, 2008 Sem problemas :). Eu gostaria de remover o recovery que o combofix fez. Obrigado. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Dezembro 26, 2008 Sem problemas :). Eu gostaria de remover o recovery que o combofix fez. Obrigado. Abraço. Você deseja remover o Console de Recuperação? Compartilhar este post Link para o post Compartilhar em outros sites
jmarceu 0 Denunciar post Postado Dezembro 29, 2008 Isso isso isso. xD Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
