DiMinas 6 Denunciar post Postado Novembro 30, 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:59:35, on 29/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\process.exe C:\WINDOWS\system32\msshell.exe C:\WINDOWS\system32\msmsn.exe C:\Arquivos de programas\Hotbar\bin\10.2.236.0\OEAddOn.exe C:\Arquivos de programas\Hotbar\bin\10.2.236.0\HotbarSA.exe C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe C:\Documents and Settings\THÁSIA\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\systemq.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\nvsvc33.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\dllhostc.exe C:\WINDOWS\system32\ashservec.exe C:\WINDOWS\system32\cefplug.exe C:\WINDOWS\system32\twumk.exe C:\Arquivos de programas\honestech\honestech TVR 2.5\scheduleTV.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.exe C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.BIN C:\Arquivos de programas\IncrediMail\bin\ImApp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe C:\Documents and Settings\THÁSIA\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/portuguese/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Arquivos de programas\Hotbar\bin\10.2.236.0\HostIE.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Arquivos de programas\Hotbar\bin\10.2.236.0\HostIE.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [linkmsn] C:\WINDOWS\system32\linkmsn.exe O4 - HKLM\..\Run: [process] C:\WINDOWS\system32\process.exe O4 - HKLM\..\Run: [msshell.exe] C:\WINDOWS\system32\msshell.exe O4 - HKLM\..\Run: [msmsn] C:\WINDOWS\system32\msmsn.exe O4 - HKLM\..\Run: [msne.exe] C:\WINDOWS\system32\msne.exe O4 - HKLM\..\Run: [HotbarOE] C:\Arquivos de programas\Hotbar\bin\10.2.236.0\OEAddOn.exe O4 - HKLM\..\Run: [HotbarSA] "C:\Arquivos de programas\Hotbar\bin\10.2.236.0\HotbarSA.exe" O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\ARQUIV~1\UNINST~1.DLL,O -2 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Orb] "C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\THÁSIA\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [explorer] C:\WINDOWS\systemq.exe O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\system32\nvsvc33.exe O4 - HKCU\..\Run: [iexplorerskut] C:\WINDOWS\system32\dllhostc.exe O4 - HKCU\..\Run: [ashservecie] C:\WINDOWS\system32\ashservec.exe O4 - HKCU\..\Run: [cefplugie] C:\WINDOWS\system32\cefplug.exe O4 - HKCU\..\Run: [twumk.exe] C:\WINDOWS\system32\twumk.exe O4 - HKCU\..\Run: [incrediMail] C:\Arquivos de programas\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: TVR Scheduler.lnk = C:\Arquivos de programas\honestech\honestech TVR 2.5\scheduleTV.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Post Image to Blog - res://C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll/5003 O8 - Extra context menu item: Tag This Image - res://C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll/5002 O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll/5004 O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll/5000 O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll/5001 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab O16 - DPF: {F5DF7803-CB7B-4198-9D7A-42DCA34F6B76} (MPSecVideo Control) - http://cvc.micropower.com.br/downloads/mpsecvideoplayer.cab O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll (file missing) O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing) O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing) O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- End of file - 12221 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 - Faça o download do BankerFix e salve-o no desktop; ● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus; ● Dê um duplo clique em bankerfix.exe; ● Surgirá uma mensagem dizendo que o mesmo será baixado via internet; ● Clique em OK > OK. Tecle Enter e aguarde o término do scan; ● Terminado o scan, leia a mensagem na tela e tecle Enter novamente. ● Será gerado um log em C:\LinhaDefensiva\relatorio.txt. Cole este log em sua próxima resposta. Delete a pasta C:\LinhaDefensiva após colar seu log aqui. Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 Isso mesmo?? BankerFix 3.0 VALKYRIE - Removedor de BankersLinha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2008-11-30 - 00:49 ------------------------------------------------------- Lista de Definição: 2008-10-08-1 | CORE: 2008-09-30-2 ======================================================= ----- Fim ------------------------- Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Sim. - Faça o download do ComboFix e salve-o na área de trabalho; ● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus; ● Duplo clique no ícone combofix.exe para iniciar o scan; ● Leia o contrato que aparecerá e clique em Sim para continuar; ● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim; ● Aguarde enquanto o ComboFix faz o scan; ● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento; ● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta; ● Se quiser sair ou parar o ComboFix, tecle N; ● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde; ● Será gerado um log em C:\ComboFix.txt. Cole este log em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 log muito extenso, o forum não permitiu a postagem Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Hospede o log no host abaixo e cole o link para download aqui: http://rapidshare.com/ Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 http://rapidshare.com/files/168809546/ComboFix.txt.html Não sei se o procedimento já acabou, mas consegui eliminar muita coisa indesejada do computador. E agora está rodando perfeitamente. Valeu MGuitar! Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Não sei se o procedimento já acabou, mas consegui eliminar muita coisa indesejada do computador. E agora está rodando perfeitamente. Valeu MGuitar! Opa amigo DiMinas, não acabou ainda não. Restaram alguns arquivos maliciosos no log do ComboFix, que eliminaremos agora. Delete a pasta C:\Qoobox e o log C:\ComboFix.txt. Selecione e copie este texto aqui abaixo dentro do quote. Cole-o no bloco de notas de seu computador e salve-o em sua área de trabalho com o nome de CFScript.txt Folder::C:\LinhaDefensiva c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper c:\windows\system32\Prefetchxs File:: c:\windows\system32\uid=8370889740639541229 c:\windows\system32\uid=6821181553677337872 c:\windows\system32\uid=14826501916231866462 c:\documents and settings\FATIMA\Dados de aplicativos\msshell.exe c:\windows\system32\cefplug.exe c:\windows\system32\ashservec.exe c:\windows\system32\twumk.exe c:\windows\system32\msnmessagenc.exe c:\windows\system32\uid=10029445200348573284 c:\windows\system32\uid=8412120407992884093 c:\windows\system32\uid=664583327929509741 c:\windows\system32\uid=5512809218468284078 c:\windows\system32\uid=4851283639351681037 c:\windows\system32\uid=1072106586553671620 c:\windows\system32\uid=9298518364416856205 c:\windows\system32\uid=18041634966698999661 c:\windows\system32\uid=17576916926808722776 c:\windows\system32\uid=16767315719382340587 c:\windows\system32\uid=14605015450385845185 c:\windows\system32\uid=9348621490336858486 c:\windows\system32\uid=17632424538635053900 c:\windows\system32\uid=15810982658900485593 c:\windows\system32\uid=13900236877961071205 c:\windows\system32\uid=10689037223799908536 c:\windows\system32\uid=7693467019949712830 c:\windows\system32\uid=5815286752704707 c:\windows\system32\uid=3920029785525044642 c:\windows\system32\uid=2802369552568587598 c:\windows\system32\uid=13578000969579195410 c:\windows\system32\uid=7593912681165667041 c:\windows\system32\uid=3028675446155650015 c:\windows\system32\uid=17338902804497338612 c:\windows\system32\uid=16158454927758385923 c:\windows\system32\uid=12572772948522675036 c:\windows\system32\uid=9033063793364414537 c:\windows\system32\uid=7067415168449822202 c:\windows\system32\uid=3874564776723926242 c:\windows\system32\uid=11919238311443029481 c:\windows\system32\uid=11774368635681051903 c:\windows\system32\uid=783336478333633413 c:\windows\system32\uid=7002018398457469126 c:\windows\system32\uid=4121991094484011192 c:\windows\system32\uid=15185409916054932166 c:\windows\system32\uid=14676243352921237847 c:\windows\system32\uid=821722428478038572 c:\windows\system32\uid=3359577268081982058 c:\windows\system32\uid=18420415016200284755 c:\windows\system32\uid=17577726358272511030 c:\windows\system32\uid=14459789600863868206 c:\windows\system32\kennia.nunessaid2@gmail.com c:\windows\system32\uid=14106404526516230234 c:\windows\system32\uid=13749827498984145001 c:\windows\system32\uid=11780305641175015059 c:\windows\system32\uid=16038241481426654532 c:\windows\system32\uid=937743506578978456 c:\windows\system32\uid=7242510089797059033 c:\windows\system32\uid=441187457904502445 c:\windows\system32\uid=2555063019066236917 c:\windows\system32\uid=16990736476115529194 c:\windows\system32\uid=7267821587148957381 c:\windows\system32\uid=3369674289740172557 c:\windows\system32\uid=293829850396589107 c:\windows\system32\uid=15234667192176667360 c:\windows\system32\uid=10253146646039255757 c:\windows\system32\uid=8889804748798962503 c:\windows\system32\uid=2353953135350048257 c:\windows\system32\uid=12659095081744204771 c:\windows\system32\uid=11678054921880698215 c:\windows\system32\uid=11115877140414533969 c:\windows\system32\uid=8807143834265903329 c:\windows\system32\uid=3753977440686606935 c:\windows\system32\uid=13983535181037377174 c:\windows\system32\uid=11876562132095145010 c:\windows\system32\uid=10332914667840027875 c:\windows\system32\uid=6294856307909006619 c:\windows\system32\uid=17778107124040660177 c:\windows\system32\uid=13115750122468113469 c:\windows\system32\uid=12190949565337128601 c:\windows\system32\uid=10368296550464448897 c:\windows\system32\uid=726471167905751849 c:\windows\system32\uid=6673493917509200586 c:\windows\system32\uid=6268411510693240808 c:\windows\system32\uid=1860790703086867596 c:\windows\system32\uid=14148003651894243938 c:\windows\system32\uid=3058907530395166732 c:\windows\system32\uid=12651107494193292992 c:\windows\system32\uid=12539514804173887742 c:\windows\system32\uid=12088114259095514498 c:\windows\system32\uid=11796124032548089154 c:\windows\system32\uid=7100440794937358840 c:\windows\system32\uid=6977080506733560798 c:\windows\system32\uid=57014636403396697 c:\windows\system32\uid=4630942428951453023 c:\windows\system32\uid=147985287489235531 c:\windows\system32\uid=6537463750360433257 c:\windows\system32\uid=2755271440310001629 c:\windows\system32\uid=1587252173406266103 c:\windows\system32\uid=11587566259341959416 c:\windows\system32\uid=10564302364401174352 c:\windows\system32\uid=7317908080601321165 c:\windows\system32\uid=6416799256208963457 c:\windows\system32\uid=6394262569246540477 c:\windows\system32\uid=5288706843725418653 c:\windows\system32\uid=17864785335929749501 c:\windows\system32\uid=5023852831363458801 c:\windows\system32\uid=3920902918934194888 c:\windows\system32\uid=17764453973370169859 c:\windows\system32\uid=16125574970493343346 c:\windows\system32\uid=15006738646997436220 c:\windows\system32\uid=6823548338660076265 c:\windows\system32\uid=449944133415682087 c:\windows\system32\uid=14706362353734742360 c:\windows\system32\uid=10463600628988721062 c:\windows\system32\uid=10329003780416582106 c:\windows\system32\uid=2737469169803883060 c:\windows\system32\uid=17983868502874993398 c:\windows\system32\uid=17318083050820029990 c:\documents and settings\All Users\Dados de aplicativos\3753EA9A66.sys c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys c:\windows\Tasks\GoogleUpdateTaskUser.job Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ashservecie"=- "cefplugie"=- "twumk.exe"=- DirLook:: c:\documents and settings\TH Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta: ● Se for solicitado à você, pressione Enter para iniciar o processo de remoção; ● Não use o mouse nem o teclado quando o ComboFix estiver rodando; ● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt; ● Seu computador será reiniciado automaticamente; Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 Opa! Beleza MGuitar! Segue novo log: ComboFix 08-11-30.01 - Administrador 2008-11-30 16:12:54.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.230 [GMT -2:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: :\windows\system32\uid=10029445200348573284 c:\documents and settings\All Users\Dados de aplicativos\3753EA9A66.sys c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys c:\documents and settings\FATIMA\Dados de aplicativos\msshell.exe c:\windows\system32\ashservec.exe c:\windows\system32\cefplug.exe c:\windows\system32\kennia.nunessaid2@gmail.com c:\windows\system32\msnmessagenc.exe c:\windows\system32\twumk.exe c:\windows\system32\uid=10253146646039255757 c:\windows\system32\uid=10329003780416582106 c:\windows\system32\uid=10332914667840027875 c:\windows\system32\uid=10368296550464448897 c:\windows\system32\uid=10463600628988721062 c:\windows\system32\uid=10564302364401174352 c:\windows\system32\uid=10689037223799908536 c:\windows\system32\uid=1072106586553671620 c:\windows\system32\uid=11115877140414533969 c:\windows\system32\uid=11587566259341959416 c:\windows\system32\uid=11678054921880698215 c:\windows\system32\uid=11774368635681051903 c:\windows\system32\uid=11780305641175015059 c:\windows\system32\uid=11796124032548089154 c:\windows\system32\uid=11876562132095145010 c:\windows\system32\uid=11919238311443029481 c:\windows\system32\uid=12088114259095514498 c:\windows\system32\uid=12190949565337128601 c:\windows\system32\uid=12539514804173887742 c:\windows\system32\uid=12572772948522675036 c:\windows\system32\uid=12651107494193292992 c:\windows\system32\uid=12659095081744204771 c:\windows\system32\uid=13115750122468113469 c:\windows\system32\uid=13578000969579195410 c:\windows\system32\uid=13749827498984145001 c:\windows\system32\uid=13900236877961071205 c:\windows\system32\uid=13983535181037377174 c:\windows\system32\uid=14106404526516230234 c:\windows\system32\uid=14148003651894243938 c:\windows\system32\uid=14459789600863868206 c:\windows\system32\uid=14605015450385845185 c:\windows\system32\uid=14676243352921237847 c:\windows\system32\uid=14706362353734742360 c:\windows\system32\uid=147985287489235531 c:\windows\system32\uid=14826501916231866462 c:\windows\system32\uid=15006738646997436220 c:\windows\system32\uid=15185409916054932166 c:\windows\system32\uid=15234667192176667360 c:\windows\system32\uid=15810982658900485593 c:\windows\system32\uid=1587252173406266103 c:\windows\system32\uid=16038241481426654532 c:\windows\system32\uid=16125574970493343346 c:\windows\system32\uid=16158454927758385923 c:\windows\system32\uid=16767315719382340587 c:\windows\system32\uid=16990736476115529194 c:\windows\system32\uid=17318083050820029990 c:\windows\system32\uid=17338902804497338612 c:\windows\system32\uid=17576916926808722776 c:\windows\system32\uid=17577726358272511030 c:\windows\system32\uid=17632424538635053900 c:\windows\system32\uid=17764453973370169859 c:\windows\system32\uid=17778107124040660177 c:\windows\system32\uid=17864785335929749501 c:\windows\system32\uid=17983868502874993398 c:\windows\system32\uid=18041634966698999661 c:\windows\system32\uid=18420415016200284755 c:\windows\system32\uid=1860790703086867596 c:\windows\system32\uid=2353953135350048257 c:\windows\system32\uid=2555063019066236917 c:\windows\system32\uid=2737469169803883060 c:\windows\system32\uid=2755271440310001629 c:\windows\system32\uid=2802369552568587598 c:\windows\system32\uid=293829850396589107 c:\windows\system32\uid=3028675446155650015 c:\windows\system32\uid=3058907530395166732 c:\windows\system32\uid=3359577268081982058 c:\windows\system32\uid=3369674289740172557 c:\windows\system32\uid=3753977440686606935 c:\windows\system32\uid=3874564776723926242 c:\windows\system32\uid=3920029785525044642 c:\windows\system32\uid=3920902918934194888 c:\windows\system32\uid=4121991094484011192 c:\windows\system32\uid=441187457904502445 c:\windows\system32\uid=449944133415682087 c:\windows\system32\uid=4630942428951453023 c:\windows\system32\uid=4851283639351681037 c:\windows\system32\uid=5023852831363458801 c:\windows\system32\uid=5288706843725418653 c:\windows\system32\uid=5512809218468284078 c:\windows\system32\uid=57014636403396697 c:\windows\system32\uid=5815286752704707 c:\windows\system32\uid=6268411510693240808 c:\windows\system32\uid=6294856307909006619 c:\windows\system32\uid=6394262569246540477 c:\windows\system32\uid=6416799256208963457 c:\windows\system32\uid=6537463750360433257 c:\windows\system32\uid=664583327929509741 c:\windows\system32\uid=6673493917509200586 c:\windows\system32\uid=6821181553677337872 c:\windows\system32\uid=6823548338660076265 c:\windows\system32\uid=6977080506733560798 c:\windows\system32\uid=7002018398457469126 c:\windows\system32\uid=7067415168449822202 c:\windows\system32\uid=7100440794937358840 c:\windows\system32\uid=7242510089797059033 c:\windows\system32\uid=726471167905751849 c:\windows\system32\uid=7267821587148957381 c:\windows\system32\uid=7317908080601321165 c:\windows\system32\uid=7593912681165667041 c:\windows\system32\uid=7693467019949712830 c:\windows\system32\uid=783336478333633413 c:\windows\system32\uid=821722428478038572 c:\windows\system32\uid=8370889740639541229 c:\windows\system32\uid=8412120407992884093 c:\windows\system32\uid=8807143834265903329 c:\windows\system32\uid=8889804748798962503 c:\windows\system32\uid=9033063793364414537 c:\windows\system32\uid=9298518364416856205 c:\windows\system32\uid=9348621490336858486 c:\windows\system32\uid=937743506578978456 c:\windows\Tasks\GoogleUpdateTaskUser.job . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dados de aplicativos\3753EA9A66.sys c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys c:\documents and settings\FATIMA\Dados de aplicativos\msshell.exe c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\Config.xml c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\db\Aliases.dbs c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\db\Sites.dbs c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\dwld\Phishinglist.xip c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\dwld\WhiteList.xip c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\report\aggr_storage.xml c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\report\send_storage.xml c:\documents and settings\FATIMA\Dados de aplicativos\Smart-Shopper\cs\res1\WhiteList.dbs C:\LinhaDefensiva c:\linhadefensiva\banker.bat c:\linhadefensiva\BankerFix.vbs c:\linhadefensiva\credits\exec.txt c:\linhadefensiva\exec\download.exe c:\linhadefensiva\exec\md5.exe c:\linhadefensiva\exec\MoveEx.exe c:\linhadefensiva\exec\pv.exe c:\linhadefensiva\exec\unzip.exe c:\linhadefensiva\func\lang.vbs c:\linhadefensiva\func\reg.vbs c:\linhadefensiva\func\scan.vbs c:\linhadefensiva\func\strings.vbs c:\linhadefensiva\Iniciar-BankerFix.vbs c:\linhadefensiva\lang\bat\antivirusnote.txt c:\linhadefensiva\lang\bat\changepass.txt c:\linhadefensiva\lang\bat\error-removing.txt c:\linhadefensiva\lang\bat\filesremoved.txt c:\linhadefensiva\lang\bat\logend.txt c:\linhadefensiva\lang\bat\logremhelp.txt c:\linhadefensiva\lang\bat\logremtif.txt c:\linhadefensiva\lang\bat\noproblems.txt c:\linhadefensiva\lang\bat\opening.txt c:\linhadefensiva\lang\bat\rebootrequired.txt c:\linhadefensiva\lang\bat\seeforum.txt c:\linhadefensiva\lang\bat\wait.txt c:\linhadefensiva\lang\bat\win95.txt c:\linhadefensiva\lang\init\en.txt c:\linhadefensiva\lang\init\ptb.txt c:\linhadefensiva\lang\vb\bankerfix.txt c:\linhadefensiva\lang\vb\loader.txt c:\linhadefensiva\lang\vb\postreboot.txt c:\linhadefensiva\leiame.txt c:\linhadefensiva\QUA\backup.reg c:\linhadefensiva\readme.txt c:\linhadefensiva\reflist\fx.reg c:\linhadefensiva\reflist\ref-allu c:\linhadefensiva\reflist\ref-commonfiles c:\linhadefensiva\reflist\ref-hosts c:\linhadefensiva\reflist\ref-md5 c:\linhadefensiva\reflist\ref-mydoc c:\linhadefensiva\reflist\ref-profile c:\linhadefensiva\reflist\ref-programfiles c:\linhadefensiva\reflist\ref-reg c:\linhadefensiva\reflist\ref-start c:\linhadefensiva\reflist\ref-startup c:\linhadefensiva\reflist\ref-sysdrive c:\linhadefensiva\reflist\ref-system c:\linhadefensiva\reflist\ref-system32 c:\linhadefensiva\reflist\ref-tasks c:\linhadefensiva\reflist\ref-temp c:\linhadefensiva\reflist\ref-wincommon c:\linhadefensiva\reflist\ref-windows c:\linhadefensiva\reflist\reft-startup c:\linhadefensiva\relatorio.txt c:\linhadefensiva\relatorios\2008-11-30.txt c:\linhadefensiva\relatorios\errorlog.txt c:\linhadefensiva\rotinas\arquiva-relatorio.vbs c:\linhadefensiva\rotinas\postreboot.bat c:\linhadefensiva\rotinas\postreboot.vbs c:\linhadefensiva\rotinas\remocao\driver.vbs c:\linhadefensiva\rotinas\remocao\shell.vbs c:\linhadefensiva\rotinas\remocao\userinit.vbs c:\linhadefensiva\rotinas\remocao\winlogon.vbs c:\linhadefensiva\rotinas\update.vbs c:\linhadefensiva\VERSION c:\windows\system32\ashservec.exe c:\windows\system32\cefplug.exe c:\windows\system32\kennia.nunessaid2@gmail.com c:\windows\system32\msnmessagenc.exe c:\windows\system32\Prefetchxs c:\windows\system32\Prefetchxs\kennia.nunessaid2@gmail.com c:\windows\system32\Prefetchxs\thasiabraccini@hotmail.com c:\windows\system32\Prefetchxs\uid=10029445200348573284 c:\windows\system32\Prefetchxs\uid=1015258607319396823 c:\windows\system32\Prefetchxs\uid=10253146646039255757 c:\windows\system32\Prefetchxs\uid=10329003780416582106 c:\windows\system32\Prefetchxs\uid=10332914667840027875 c:\windows\system32\Prefetchxs\uid=10368296550464448897 c:\windows\system32\Prefetchxs\uid=10463600628988721062 c:\windows\system32\Prefetchxs\uid=10489700827755442810 c:\windows\system32\Prefetchxs\uid=10522874680661601842 c:\windows\system32\Prefetchxs\uid=10564302364401174352 c:\windows\system32\Prefetchxs\uid=10577838039233487095 c:\windows\system32\Prefetchxs\uid=10651113881948876759 c:\windows\system32\Prefetchxs\uid=10689037223799908536 c:\windows\system32\Prefetchxs\uid=1072106586553671620 c:\windows\system32\Prefetchxs\uid=10814020160398551592 c:\windows\system32\Prefetchxs\uid=10891854416210613552 c:\windows\system32\Prefetchxs\uid=1093459062681857935 c:\windows\system32\Prefetchxs\uid=11010797884784049374 c:\windows\system32\Prefetchxs\uid=11038074789520899238 c:\windows\system32\Prefetchxs\uid=11115877140414533969 c:\windows\system32\Prefetchxs\uid=11398634059349583585 c:\windows\system32\Prefetchxs\uid=11587566259341959416 c:\windows\system32\Prefetchxs\uid=11678054921880698215 c:\windows\system32\Prefetchxs\uid=11697134609203255749 c:\windows\system32\Prefetchxs\uid=1169805761188391242 c:\windows\system32\Prefetchxs\uid=11715675792930391456 c:\windows\system32\Prefetchxs\uid=11774368635681051903 c:\windows\system32\Prefetchxs\uid=11780305641175015059 c:\windows\system32\Prefetchxs\uid=11796124032548089154 c:\windows\system32\Prefetchxs\uid=11876562132095145010 c:\windows\system32\Prefetchxs\uid=11919238311443029481 c:\windows\system32\Prefetchxs\uid=12088114259095514498 c:\windows\system32\Prefetchxs\uid=12190949565337128601 c:\windows\system32\Prefetchxs\uid=12209687279011143902 c:\windows\system32\Prefetchxs\uid=12539514804173887742 c:\windows\system32\Prefetchxs\uid=12568475430147697353 c:\windows\system32\Prefetchxs\uid=12572772948522675036 c:\windows\system32\Prefetchxs\uid=12651107494193292992 c:\windows\system32\Prefetchxs\uid=12659095081744204771 c:\windows\system32\Prefetchxs\uid=12846479016732754080 c:\windows\system32\Prefetchxs\uid=12868720872174735587 c:\windows\system32\Prefetchxs\uid=12930826887530574202 c:\windows\system32\Prefetchxs\uid=12932330064523569970 c:\windows\system32\Prefetchxs\uid=13088421720506641054 c:\windows\system32\Prefetchxs\uid=13115750122468113469 c:\windows\system32\Prefetchxs\uid=13260248189488492795 c:\windows\system32\Prefetchxs\uid=13292271585884845428 c:\windows\system32\Prefetchxs\uid=13408633374118680394 c:\windows\system32\Prefetchxs\uid=13578000969579195410 c:\windows\system32\Prefetchxs\uid=13749827498984145001 c:\windows\system32\Prefetchxs\uid=13822075978488648449 c:\windows\system32\Prefetchxs\uid=13889233351832991590 c:\windows\system32\Prefetchxs\uid=13900236877961071205 c:\windows\system32\Prefetchxs\uid=13983535181037377174 c:\windows\system32\Prefetchxs\uid=14106404526516230234 c:\windows\system32\Prefetchxs\uid=14148003651894243938 c:\windows\system32\Prefetchxs\uid=14243670367960592104 c:\windows\system32\Prefetchxs\uid=14355123101019131727 c:\windows\system32\Prefetchxs\uid=14365333231595623500 c:\windows\system32\Prefetchxs\uid=14414606524687971549 c:\windows\system32\Prefetchxs\uid=14459789600863868206 c:\windows\system32\Prefetchxs\uid=14605015450385845185 c:\windows\system32\Prefetchxs\uid=14617369604584922936 c:\windows\system32\Prefetchxs\uid=14625365908470274165 c:\windows\system32\Prefetchxs\uid=14654860708176927819 c:\windows\system32\Prefetchxs\uid=14676243352921237847 c:\windows\system32\Prefetchxs\uid=14706362353734742360 c:\windows\system32\Prefetchxs\uid=147985287489235531 c:\windows\system32\Prefetchxs\uid=14826501916231866462 c:\windows\system32\Prefetchxs\uid=14828186023671619314 c:\windows\system32\Prefetchxs\uid=14835739186687628101 c:\windows\system32\Prefetchxs\uid=15006738646997436220 c:\windows\system32\Prefetchxs\uid=15011188651834302907 c:\windows\system32\Prefetchxs\uid=15028331726667538705 c:\windows\system32\Prefetchxs\uid=1504550444737659885 c:\windows\system32\Prefetchxs\uid=15185409916054932166 c:\windows\system32\Prefetchxs\uid=15234667192176667360 c:\windows\system32\Prefetchxs\uid=1529523738570587100 c:\windows\system32\Prefetchxs\uid=15597976834397514941 c:\windows\system32\Prefetchxs\uid=15763212003316279852 c:\windows\system32\Prefetchxs\uid=15810982658900485593 c:\windows\system32\Prefetchxs\uid=1587252173406266103 c:\windows\system32\Prefetchxs\uid=16038241481426654532 c:\windows\system32\Prefetchxs\uid=16158454927758385923 c:\windows\system32\Prefetchxs\uid=16237474180501761835 c:\windows\system32\Prefetchxs\uid=16309157649068865962 c:\windows\system32\Prefetchxs\uid=16692677574868847381 c:\windows\system32\Prefetchxs\uid=16767315719382340587 c:\windows\system32\Prefetchxs\uid=16990736476115529194 c:\windows\system32\Prefetchxs\uid=17338902804497338612 c:\windows\system32\Prefetchxs\uid=17576916926808722776 c:\windows\system32\Prefetchxs\uid=17577726358272511030 c:\windows\system32\Prefetchxs\uid=17632424538635053900 c:\windows\system32\Prefetchxs\uid=17764453973370169859 c:\windows\system32\Prefetchxs\uid=17778107124040660177 c:\windows\system32\Prefetchxs\uid=17863126513285621579 c:\windows\system32\Prefetchxs\uid=17864785335929749501 c:\windows\system32\Prefetchxs\uid=17983868502874993398 c:\windows\system32\Prefetchxs\uid=17985212239503022563 c:\windows\system32\Prefetchxs\uid=18004799689637563490 c:\windows\system32\Prefetchxs\uid=18041634966698999661 c:\windows\system32\Prefetchxs\uid=18121219990039673345 c:\windows\system32\Prefetchxs\uid=18257636564436826063 c:\windows\system32\Prefetchxs\uid=18261759115663081581 c:\windows\system32\Prefetchxs\uid=18324830626240610188 c:\windows\system32\Prefetchxs\uid=18362168504354045366 c:\windows\system32\Prefetchxs\uid=18420415016200284755 c:\windows\system32\Prefetchxs\uid=18431425147804009386 c:\windows\system32\Prefetchxs\uid=1860790703086867596 c:\windows\system32\Prefetchxs\uid=1934619982490688627 c:\windows\system32\Prefetchxs\uid=2062014155786244002 c:\windows\system32\Prefetchxs\uid=2353953135350048257 c:\windows\system32\Prefetchxs\uid=2401556377015411027 c:\windows\system32\Prefetchxs\uid=2511674615104380355 c:\windows\system32\Prefetchxs\uid=2512439976042907634 c:\windows\system32\Prefetchxs\uid=2519694883637845829 c:\windows\system32\Prefetchxs\uid=2555063019066236917 c:\windows\system32\Prefetchxs\uid=2627217922157134803 c:\windows\system32\Prefetchxs\uid=2631675777447453311 c:\windows\system32\Prefetchxs\uid=2737469169803883060 c:\windows\system32\Prefetchxs\uid=2755271440310001629 c:\windows\system32\Prefetchxs\uid=2802369552568587598 c:\windows\system32\Prefetchxs\uid=2928534652949238140 c:\windows\system32\Prefetchxs\uid=293829850396589107 c:\windows\system32\Prefetchxs\uid=3021817020942710579 c:\windows\system32\Prefetchxs\uid=3028675446155650015 c:\windows\system32\Prefetchxs\uid=3058907530395166732 c:\windows\system32\Prefetchxs\uid=3098341196662144495 c:\windows\system32\Prefetchxs\uid=3151047702833071367 c:\windows\system32\Prefetchxs\uid=3291953898268869857 c:\windows\system32\Prefetchxs\uid=3359577268081982058 c:\windows\system32\Prefetchxs\uid=3369674289740172557 c:\windows\system32\Prefetchxs\uid=3376190283484807846 c:\windows\system32\Prefetchxs\uid=3475753790580800416 c:\windows\system32\Prefetchxs\uid=3505832740244802752 c:\windows\system32\Prefetchxs\uid=3532325938001348349 c:\windows\system32\Prefetchxs\uid=359444802240104173 c:\windows\system32\Prefetchxs\uid=3659939538330293038 c:\windows\system32\Prefetchxs\uid=3707928315236127546 c:\windows\system32\Prefetchxs\uid=3751642575417116850 c:\windows\system32\Prefetchxs\uid=3753977440686606935 c:\windows\system32\Prefetchxs\uid=3786039458692233126 c:\windows\system32\Prefetchxs\uid=3874564776723926242 c:\windows\system32\Prefetchxs\uid=3920029785525044642 c:\windows\system32\Prefetchxs\uid=3920902918934194888 c:\windows\system32\Prefetchxs\uid=4094977574031081329 c:\windows\system32\Prefetchxs\uid=4121991094484011192 c:\windows\system32\Prefetchxs\uid=4151660083563124568 c:\windows\system32\Prefetchxs\uid=416510910328877336 c:\windows\system32\Prefetchxs\uid=4396053157362237841 c:\windows\system32\Prefetchxs\uid=4410034678852815408 c:\windows\system32\Prefetchxs\uid=441187457904502445 c:\windows\system32\Prefetchxs\uid=4450199094122807079 c:\windows\system32\Prefetchxs\uid=449944133415682087 c:\windows\system32\Prefetchxs\uid=4517305324419269718 c:\windows\system32\Prefetchxs\uid=4630942428951453023 c:\windows\system32\Prefetchxs\uid=4674959919413205985 c:\windows\system32\Prefetchxs\uid=4851283639351681037 c:\windows\system32\Prefetchxs\uid=5023852831363458801 c:\windows\system32\Prefetchxs\uid=5288706843725418653 c:\windows\system32\Prefetchxs\uid=5407692741437444470 c:\windows\system32\Prefetchxs\uid=5482493448751616578 c:\windows\system32\Prefetchxs\uid=5512809218468284078 c:\windows\system32\Prefetchxs\uid=5698328518051346221 c:\windows\system32\Prefetchxs\uid=57014636403396697 c:\windows\system32\Prefetchxs\uid=5759791433479209650 c:\windows\system32\Prefetchxs\uid=5815286752704707 c:\windows\system32\Prefetchxs\uid=5821797768430275581 c:\windows\system32\Prefetchxs\uid=6134455158786982992 c:\windows\system32\Prefetchxs\uid=6268411510693240808 c:\windows\system32\Prefetchxs\uid=6294856307909006619 c:\windows\system32\Prefetchxs\uid=6394262569246540477 c:\windows\system32\Prefetchxs\uid=6399464317614248667 c:\windows\system32\Prefetchxs\uid=6537463750360433257 c:\windows\system32\Prefetchxs\uid=654693727872985175 c:\windows\system32\Prefetchxs\uid=6557623306396262477 c:\windows\system32\Prefetchxs\uid=6601134729598308355 c:\windows\system32\Prefetchxs\uid=664583327929509741 c:\windows\system32\Prefetchxs\uid=6673493917509200586 c:\windows\system32\Prefetchxs\uid=6691808231094295920 c:\windows\system32\Prefetchxs\uid=6751050863184630366 c:\windows\system32\Prefetchxs\uid=6821181553677337872 c:\windows\system32\Prefetchxs\uid=6888213989973581203 c:\windows\system32\Prefetchxs\uid=694979328139856181 c:\windows\system32\Prefetchxs\uid=6977080506733560798 c:\windows\system32\Prefetchxs\uid=7002018398457469126 c:\windows\system32\Prefetchxs\uid=7040667172092349268 c:\windows\system32\Prefetchxs\uid=7067415168449822202 c:\windows\system32\Prefetchxs\uid=7098227215936221239 c:\windows\system32\Prefetchxs\uid=7100440794937358840 c:\windows\system32\Prefetchxs\uid=7139549795664348482 c:\windows\system32\Prefetchxs\uid=7242510089797059033 c:\windows\system32\Prefetchxs\uid=724334952400485055 c:\windows\system32\Prefetchxs\uid=726471167905751849 c:\windows\system32\Prefetchxs\uid=7267821587148957381 c:\windows\system32\Prefetchxs\uid=7300944574482367276 c:\windows\system32\Prefetchxs\uid=7317908080601321165 c:\windows\system32\Prefetchxs\uid=7541389412656022652 c:\windows\system32\Prefetchxs\uid=7593912681165667041 c:\windows\system32\Prefetchxs\uid=7693467019949712830 c:\windows\system32\Prefetchxs\uid=7819104954787137945 c:\windows\system32\Prefetchxs\uid=783336478333633413 c:\windows\system32\Prefetchxs\uid=7923457597558274303 c:\windows\system32\Prefetchxs\uid=8034360919469453803 c:\windows\system32\Prefetchxs\uid=80375904065162973 c:\windows\system32\Prefetchxs\uid=8169314225338839172 c:\windows\system32\Prefetchxs\uid=821722428478038572 c:\windows\system32\Prefetchxs\uid=8221971392384814378 c:\windows\system32\Prefetchxs\uid=8370889740639541229 c:\windows\system32\Prefetchxs\uid=8412120407992884093 c:\windows\system32\Prefetchxs\uid=8468630016617049256 c:\windows\system32\Prefetchxs\uid=8497183936715415416 c:\windows\system32\Prefetchxs\uid=8564117735299144990 c:\windows\system32\Prefetchxs\uid=8686098046486201848 c:\windows\system32\Prefetchxs\uid=869360427072625509 c:\windows\system32\Prefetchxs\uid=8807143834265903329 c:\windows\system32\Prefetchxs\uid=8889804748798962503 c:\windows\system32\Prefetchxs\uid=9033063793364414537 c:\windows\system32\Prefetchxs\uid=9298518364416856205 c:\windows\system32\Prefetchxs\uid=9318956421510041501 c:\windows\system32\Prefetchxs\uid=9348621490336858486 c:\windows\system32\Prefetchxs\uid=937743506578978456 c:\windows\system32\Prefetchxs\uid=957869403210681133 c:\windows\system32\twumk.exe c:\windows\system32\uid=10253146646039255757 c:\windows\system32\uid=10329003780416582106 c:\windows\system32\uid=10332914667840027875 c:\windows\system32\uid=10368296550464448897 c:\windows\system32\uid=10463600628988721062 c:\windows\system32\uid=10564302364401174352 c:\windows\system32\uid=10689037223799908536 c:\windows\system32\uid=1072106586553671620 c:\windows\system32\uid=11115877140414533969 c:\windows\system32\uid=11587566259341959416 c:\windows\system32\uid=11678054921880698215 c:\windows\system32\uid=11774368635681051903 c:\windows\system32\uid=11780305641175015059 c:\windows\system32\uid=11796124032548089154 c:\windows\system32\uid=11876562132095145010 c:\windows\system32\uid=11919238311443029481 c:\windows\system32\uid=12088114259095514498 c:\windows\system32\uid=12190949565337128601 c:\windows\system32\uid=12539514804173887742 c:\windows\system32\uid=12572772948522675036 c:\windows\system32\uid=12651107494193292992 c:\windows\system32\uid=12659095081744204771 c:\windows\system32\uid=13115750122468113469 c:\windows\system32\uid=13578000969579195410 c:\windows\system32\uid=13749827498984145001 c:\windows\system32\uid=13900236877961071205 c:\windows\system32\uid=13983535181037377174 c:\windows\system32\uid=14106404526516230234 c:\windows\system32\uid=14148003651894243938 c:\windows\system32\uid=14459789600863868206 c:\windows\system32\uid=14605015450385845185 c:\windows\system32\uid=14676243352921237847 c:\windows\system32\uid=14706362353734742360 c:\windows\system32\uid=147985287489235531 c:\windows\system32\uid=14826501916231866462 c:\windows\system32\uid=15006738646997436220 c:\windows\system32\uid=15185409916054932166 c:\windows\system32\uid=15234667192176667360 c:\windows\system32\uid=15810982658900485593 c:\windows\system32\uid=1587252173406266103 c:\windows\system32\uid=16038241481426654532 c:\windows\system32\uid=16125574970493343346 c:\windows\system32\uid=16158454927758385923 c:\windows\system32\uid=16767315719382340587 c:\windows\system32\uid=16990736476115529194 c:\windows\system32\uid=17318083050820029990 c:\windows\system32\uid=17338902804497338612 c:\windows\system32\uid=17576916926808722776 c:\windows\system32\uid=17577726358272511030 c:\windows\system32\uid=17632424538635053900 c:\windows\system32\uid=17764453973370169859 c:\windows\system32\uid=17778107124040660177 c:\windows\system32\uid=17864785335929749501 c:\windows\system32\uid=17983868502874993398 c:\windows\system32\uid=18041634966698999661 c:\windows\system32\uid=18420415016200284755 c:\windows\system32\uid=1860790703086867596 c:\windows\system32\uid=2353953135350048257 c:\windows\system32\uid=2555063019066236917 c:\windows\system32\uid=2737469169803883060 c:\windows\system32\uid=2755271440310001629 c:\windows\system32\uid=2802369552568587598 c:\windows\system32\uid=293829850396589107 c:\windows\system32\uid=3028675446155650015 c:\windows\system32\uid=3058907530395166732 c:\windows\system32\uid=3359577268081982058 c:\windows\system32\uid=3369674289740172557 c:\windows\system32\uid=3753977440686606935 c:\windows\system32\uid=3874564776723926242 c:\windows\system32\uid=3920029785525044642 c:\windows\system32\uid=3920902918934194888 c:\windows\system32\uid=4121991094484011192 c:\windows\system32\uid=441187457904502445 c:\windows\system32\uid=449944133415682087 c:\windows\system32\uid=4630942428951453023 c:\windows\system32\uid=4851283639351681037 c:\windows\system32\uid=5023852831363458801 c:\windows\system32\uid=5288706843725418653 c:\windows\system32\uid=5512809218468284078 c:\windows\system32\uid=57014636403396697 c:\windows\system32\uid=5815286752704707 c:\windows\system32\uid=6268411510693240808 c:\windows\system32\uid=6294856307909006619 c:\windows\system32\uid=6394262569246540477 c:\windows\system32\uid=6416799256208963457 c:\windows\system32\uid=6537463750360433257 c:\windows\system32\uid=664583327929509741 c:\windows\system32\uid=6673493917509200586 c:\windows\system32\uid=6821181553677337872 c:\windows\system32\uid=6823548338660076265 c:\windows\system32\uid=6977080506733560798 c:\windows\system32\uid=7002018398457469126 c:\windows\system32\uid=7067415168449822202 c:\windows\system32\uid=7100440794937358840 c:\windows\system32\uid=7242510089797059033 c:\windows\system32\uid=726471167905751849 c:\windows\system32\uid=7267821587148957381 c:\windows\system32\uid=7317908080601321165 c:\windows\system32\uid=7593912681165667041 c:\windows\system32\uid=7693467019949712830 c:\windows\system32\uid=783336478333633413 c:\windows\system32\uid=821722428478038572 c:\windows\system32\uid=8370889740639541229 c:\windows\system32\uid=8412120407992884093 c:\windows\system32\uid=8807143834265903329 c:\windows\system32\uid=8889804748798962503 c:\windows\system32\uid=9033063793364414537 c:\windows\system32\uid=9298518364416856205 c:\windows\system32\uid=9348621490336858486 c:\windows\system32\uid=937743506578978456 c:\windows\Tasks\GoogleUpdateTaskUser.job . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))) . 2008-11-30 14:32 . 2008-11-30 14:33 <DIR> d-------- c:\documents and settings\Administrador\Contacts 2008-11-30 11:58 . 2008-11-30 12:59 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\AIMP 2008-11-30 11:57 . 2008-11-30 11:58 <DIR> d-------- c:\arquivos de programas\AIMP2 2008-11-26 17:27 . 2008-11-26 17:27 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\IM 2008-11-26 17:25 . 2008-11-26 17:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\IncrediMail 2008-11-20 08:07 . 2008-11-30 09:08 <DIR> d-------- c:\windows\system32\CatRoot_3 2008-11-14 13:02 . 2008-11-14 13:02 0 --a------ c:\windows\system32\uid=10029445200348573284 2008-11-12 22:42 . 2008-11-12 22:42 118 --a------ c:\windows\system32\MRT.INI 2008-11-06 12:00 . 2008-11-06 12:00 0 --a------ c:\windows\system32\uid=16577093913868221865 2008-11-06 12:00 . 2008-11-06 12:00 0 --a------ c:\windows\system32\uid=11715675792930391456 2008-11-06 11:59 . 2008-11-06 11:59 0 --a------ c:\windows\system32\uid=4517305324419269718 2008-11-06 11:59 . 2008-11-06 11:59 0 --a------ c:\windows\system32\uid=3751642575417116850 2008-11-06 11:59 . 2008-11-06 11:59 0 --a------ c:\windows\system32\uid=3707928315236127546 2008-11-06 11:59 . 2008-11-06 11:59 0 --a------ c:\windows\system32\uid=17863126513285621579 2008-11-06 11:59 . 2008-11-06 11:59 0 --a------ c:\windows\system32\uid=12930826887530574202 2008-11-06 11:58 . 2008-11-06 11:58 0 --a------ c:\windows\system32\uid=3659939538330293038 2008-11-06 11:58 . 2008-11-06 11:58 0 --a------ c:\windows\system32\uid=3021817020942710579 2008-11-06 11:58 . 2008-11-06 11:58 0 --a------ c:\windows\system32\uid=18288807766803474422 2008-11-06 11:58 . 2008-11-06 11:58 0 --a------ c:\windows\system32\uid=13889233351832991590 2008-11-06 11:58 . 2008-11-06 11:58 0 --a------ c:\windows\system32\uid=11268562295324829872 2008-11-06 11:57 . 2008-11-06 11:57 0 --a------ c:\windows\system32\uid=724334952400485055 2008-11-06 11:57 . 2008-11-06 11:57 0 --a------ c:\windows\system32\uid=6751050863184630366 2008-11-06 11:57 . 2008-11-06 11:57 0 --a------ c:\windows\system32\uid=3786039458692233126 2008-11-06 11:57 . 2008-11-06 11:57 0 --a------ c:\windows\system32\uid=2512439976042907634 2008-11-06 11:57 . 2008-11-06 11:57 0 --a------ c:\windows\system32\uid=14243670367960592104 2008-11-06 11:56 . 2008-11-06 11:56 0 --a------ c:\windows\system32\uid=3532325938001348349 2008-11-06 11:56 . 2008-11-06 11:56 0 --a------ c:\windows\system32\uid=3376190283484807846 2008-11-06 11:56 . 2008-11-06 11:56 0 --a------ c:\windows\system32\uid=1330254938383121640 2008-11-06 11:56 . 2008-11-06 11:56 0 --a------ c:\windows\system32\uid=12209687279011143902 2008-11-06 11:56 . 2008-11-06 11:56 0 --a------ c:\windows\system32\uid=11397410181324330440 2008-11-06 11:55 . 2008-11-06 11:55 0 --a------ c:\windows\system32\uid=5407692741437444470 2008-11-06 11:55 . 2008-11-06 11:55 0 --a------ c:\windows\system32\uid=2519694883637845829 2008-11-06 11:55 . 2008-11-06 11:55 0 --a------ c:\windows\system32\uid=14355123101019131727 2008-11-06 11:55 . 2008-11-06 11:55 0 --a------ c:\windows\system32\uid=11038074789520899238 2008-11-06 11:55 . 2008-11-06 11:55 0 --a------ c:\windows\system32\uid=10891854416210613552 2008-11-06 11:54 . 2008-11-06 11:54 0 --a------ c:\windows\system32\uid=8686098046486201848 2008-11-06 11:54 . 2008-11-06 11:54 0 --a------ c:\windows\system32\uid=8221971392384814378 2008-11-06 11:54 . 2008-11-06 11:54 0 --a------ c:\windows\system32\uid=15028331726667538705 2008-11-06 11:54 . 2008-11-06 11:54 0 --a------ c:\windows\system32\uid=12932330064523569970 2008-11-06 11:54 . 2008-11-06 11:54 0 --a------ c:\windows\system32\uid=1026939283097865549 2008-11-06 11:53 . 2008-11-06 11:53 0 --a------ c:\windows\system32\uid=804952303002180049 2008-11-06 11:53 . 2008-11-06 11:53 0 --a------ c:\windows\system32\uid=17985212239503022563 2008-11-06 11:53 . 2008-11-06 11:53 0 --a------ c:\windows\system32\uid=1504550444737659885 2008-11-06 11:53 . 2008-11-06 11:53 0 --a------ c:\windows\system32\uid=14365333231595623500 2008-11-06 11:53 . 2008-11-06 11:53 0 --a------ c:\windows\system32\uid=1015258607319396823 2008-11-06 11:52 . 2008-11-06 11:52 0 --a------ c:\windows\system32\uid=8837661406104557960 2008-11-06 11:52 . 2008-11-06 11:52 0 --a------ c:\windows\system32\uid=5524002995195269638 2008-11-06 11:52 . 2008-11-06 11:52 0 --a------ c:\windows\system32\uid=14828186023671619314 2008-11-06 11:52 . 2008-11-06 11:52 0 --a------ c:\windows\system32\uid=11940119767731512370 2008-11-06 11:52 . 2008-11-06 11:52 0 --a------ c:\windows\system32\uid=11010797884784049374 2008-11-06 11:51 . 2008-11-06 11:51 0 --a------ c:\windows\system32\uid=7300944574482367276 2008-11-06 11:51 . 2008-11-06 11:51 0 --a------ c:\windows\system32\uid=7139549795664348482 2008-11-06 11:51 . 2008-11-06 11:51 0 --a------ c:\windows\system32\uid=416510910328877336 2008-11-06 11:51 . 2008-11-06 11:51 0 --a------ c:\windows\system32\uid=18257636564436826063 2008-11-06 11:51 . 2008-11-06 11:51 0 --a------ c:\windows\system32\uid=14972848217281682244 2008-11-06 11:50 . 2008-11-06 11:50 0 --a------ c:\windows\system32\uid=6557623306396262477 2008-11-06 11:50 . 2008-11-06 11:50 0 --a------ c:\windows\system32\uid=5759791433479209650 2008-11-06 11:50 . 2008-11-06 11:50 0 --a------ c:\windows\system32\uid=4094977574031081329 2008-11-06 11:50 . 2008-11-06 11:50 0 --a------ c:\windows\system32\uid=16692677574868847381 2008-11-06 11:50 . 2008-11-06 11:50 0 --a------ c:\windows\system32\uid=13822075978488648449 2008-11-06 11:49 . 2008-11-06 11:49 0 --a------ c:\windows\system32\uid=6888213989973581203 2008-11-06 11:49 . 2008-11-06 11:49 0 --a------ c:\windows\system32\uid=3505832740244802752 2008-11-06 11:49 . 2008-11-06 11:49 0 --a------ c:\windows\system32\uid=3475753790580800416 2008-11-06 11:49 . 2008-11-06 11:49 0 --a------ c:\windows\system32\uid=13260248189488492795 2008-11-06 11:49 . 2008-11-06 11:49 0 --a------ c:\windows\system32\uid=1093459062681857935 2008-11-06 11:48 . 2008-11-06 11:48 0 --a------ c:\windows\system32\uid=6399464317614248667 2008-11-06 11:48 . 2008-11-06 11:48 0 --a------ c:\windows\system32\uid=6134455158786982992 2008-11-06 11:48 . 2008-11-06 11:48 0 --a------ c:\windows\system32\uid=2928534652949238140 2008-11-06 11:48 . 2008-11-06 11:48 0 --a------ c:\windows\system32\uid=1934619982490688627 2008-11-06 11:48 . 2008-11-06 11:48 0 --a------ c:\windows\system32\uid=18121219990039673345 2008-11-06 11:47 . 2008-11-06 11:47 0 --a------ c:\windows\system32\uid=7541389412656022652 2008-11-06 11:47 . 2008-11-06 11:47 0 --a------ c:\windows\system32\uid=7040667172092349268 2008-11-06 11:47 . 2008-11-06 11:47 0 --a------ c:\windows\system32\uid=16309157649068865962 2008-11-06 11:47 . 2008-11-06 11:47 0 --a------ c:\windows\system32\uid=14617369604584922936 2008-11-06 11:47 . 2008-11-06 11:47 0 --a------ c:\windows\system32\uid=13408633374118680394 2008-11-06 11:46 . 2008-11-06 11:46 0 --a------ c:\windows\system32\uid=8564117735299144990 2008-11-06 11:46 . 2008-11-06 11:46 0 --a------ c:\windows\system32\uid=654693727872985175 2008-11-06 11:46 . 2008-11-06 11:46 0 --a------ c:\windows\system32\uid=15193864310462932117 2008-11-06 11:46 . 2008-11-06 11:46 0 --a------ c:\windows\system32\uid=10814020160398551592 2008-11-06 11:46 . 2008-11-06 11:46 0 --a------ c:\windows\system32\uid=10651113881948876759 2008-11-06 11:45 . 2008-11-06 11:45 0 --a------ c:\windows\system32\uid=4410034678852815408 2008-11-06 11:45 . 2008-11-06 11:45 0 --a------ c:\windows\system32\uid=3098341196662144495 2008-11-06 11:45 . 2008-11-06 11:45 0 --a------ c:\windows\system32\uid=14654860708176927819 2008-11-06 11:45 . 2008-11-06 11:45 0 --a------ c:\windows\system32\uid=13088421720506641054 2008-11-06 11:45 . 2008-11-06 11:45 0 --a------ c:\windows\system32\uid=12568475430147697353 2008-11-06 11:44 . 2008-11-06 11:44 0 --a------ c:\windows\system32\uid=9861033297993023162 2008-11-06 11:44 . 2008-11-06 11:44 0 --a------ c:\windows\system32\uid=80375904065162973 2008-11-06 11:44 . 2008-11-06 11:44 0 --a------ c:\windows\system32\uid=18431425147804009386 2008-11-06 11:44 . 2008-11-06 11:44 0 --a------ c:\windows\system32\uid=16237474180501761835 2008-11-06 11:44 . 2008-11-06 11:44 0 --a------ c:\windows\system32\uid=15597976834397514941 2008-11-06 11:43 . 2008-11-06 11:43 0 --a------ c:\windows\system32\uid=9684141165332213491 2008-11-06 11:43 . 2008-11-06 11:43 0 --a------ c:\windows\system32\uid=6691808231094295920 2008-11-06 11:43 . 2008-11-06 11:43 0 --a------ c:\windows\system32\uid=18004799689637563490 2008-11-06 11:43 . 2008-11-06 11:43 0 --a------ c:\windows\system32\uid=1328965656619143303 2008-11-06 11:43 . 2008-11-06 11:43 0 --a------ c:\windows\system32\uid=10133700540237560343 2008-11-06 11:42 . 2008-11-06 11:42 0 --a------ c:\windows\system32\uid=957869403210681133 2008-11-06 11:42 . 2008-11-06 11:42 0 --a------ c:\windows\system32\uid=8692924635078185275 2008-11-06 11:42 . 2008-11-06 11:42 0 --a------ c:\windows\system32\uid=8169314225338839172 2008-11-06 11:42 . 2008-11-06 11:42 0 --a------ c:\windows\system32\uid=694979328139856181 2008-11-06 11:42 . 2008-11-06 11:42 0 --a------ c:\windows\system32\uid=4674959919413205985 2008-11-06 11:41 . 2008-11-06 11:41 0 --a------ c:\windows\system32\uid=8142246293950049548 2008-11-06 11:41 . 2008-11-06 11:41 0 --a------ c:\windows\system32\uid=15996685921949596116 2008-11-06 11:41 . 2008-11-06 11:41 0 --a------ c:\windows\system32\uid=15763212003316279852 2008-11-06 11:41 . 2008-11-06 11:41 0 --a------ c:\windows\system32\uid=12228541961341060357 2008-11-06 11:41 . 2008-11-06 11:41 0 --a------ c:\windows\system32\uid=11869770869348475002 2008-11-06 11:40 . 2008-11-06 11:40 0 --a------ c:\windows\system32\uid=3286973695907308576 2008-11-06 11:40 . 2008-11-06 11:40 0 --a------ c:\windows\system32\uid=2706768710090718990 2008-11-06 11:40 . 2008-11-06 11:40 0 --a------ c:\windows\system32\uid=14625365908470274165 2008-11-06 11:40 . 2008-11-06 11:40 0 --a------ c:\windows\system32\uid=10577838039233487095 2008-11-06 11:40 . 2008-11-06 11:40 0 --a------ c:\windows\system32\uid=10278467489482889174 2008-11-06 11:39 . 2008-11-06 11:39 0 --a------ c:\windows\system32\uid=8034360919469453803 2008-11-06 11:39 . 2008-11-06 11:39 0 --a------ c:\windows\system32\uid=6601134729598308355 2008-11-06 11:39 . 2008-11-06 11:39 0 --a------ c:\windows\system32\uid=3130110262165730562 2008-11-06 11:39 . 2008-11-06 11:39 0 --a------ c:\windows\system32\uid=2401556377015411027 2008-11-06 11:39 . 2008-11-06 11:39 0 --a------ c:\windows\system32\uid=11933293531342712791 2008-11-06 11:38 . 2008-11-06 11:38 0 --a------ c:\windows\system32\uid=359444802240104173 2008-11-06 11:38 . 2008-11-06 11:38 0 --a------ c:\windows\system32\uid=3291953898268869857 2008-11-06 11:38 . 2008-11-06 11:38 0 --a------ c:\windows\system32\uid=3151047702833071367 2008-11-06 11:38 . 2008-11-06 11:38 0 --a------ c:\windows\system32\uid=2627217922157134803 2008-11-06 11:38 . 2008-11-06 11:38 0 --a------ c:\windows\system32\uid=10475006802735676551 2008-11-06 11:37 . 2008-11-06 11:37 0 --a------ c:\windows\system32\uid=5821797768430275581 2008-11-06 11:37 . 2008-11-06 11:37 0 --a------ c:\windows\system32\uid=2511674615104380355 2008-11-06 11:37 . 2008-11-06 11:37 0 --a------ c:\windows\system32\uid=18362168504354045366 2008-11-06 11:37 . 2008-11-06 11:37 0 --a------ c:\windows\system32\uid=18324830626240610188 2008-11-06 11:37 . 2008-11-06 11:37 0 --a------ c:\windows\system32\uid=1169805761188391242 . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 13:31 --------- d-----w c:\arquivos de programas\eMule 2008-11-30 10:36 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-30 10:22 --------- d-----w c:\arquivos de programas\Java 2008-11-30 10:14 --------- d-----w c:\documents and settings\THÁSIA\Dados de aplicativos\BrOffice.org2 2008-11-30 03:19 --------- d-----w c:\arquivos de programas\MSN Messenger 2008-11-30 01:55 --------- d-----w c:\arquivos de programas\Google 2008-11-30 01:54 --------- d-----w c:\arquivos de programas\DNA 2008-11-21 22:46 --------- d-----w c:\documents and settings\FATIMA\Dados de aplicativos\BrOffice.org2 2008-11-05 02:43 --------- d-----w c:\arquivos de programas\GbPlugin 2008-11-01 09:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 21:57 --------- d-----w c:\documents and settings\THÁSIA\Dados de aplicativos\BitTorrent 2004-10-01 17:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\TH ---- c:\documents and settings\TH\ (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-03-04 c:\windows\RTHDCPL.exe] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\FATIMA\Menu Iniciar\Programas\Inicializar\ BrOffice.org 2.2.lnk - c:\arquivos de programas\BrOffice.org 2.2\program\quickstart.exe [2007-03-31 393216] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ PVRemote.lnk - c:\arquivos de programas\PlayTV MPEG 8000GT\PVRemote.exe [2006-06-22 413696] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^THÁSIA^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.2.lnk] path=c:\documents and settings\THÁSIA\Menu Iniciar\Programas\Inicializar\BrOffice.org 2.2.lnk backup=c:\windows\pss\BrOffice.org 2.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-08-21 18:15 29744 c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-02 20:00 133104 c:\documents and settings\THÁSIA\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp] -ra------ 2005-04-05 19:49 159744 c:\windows\system32\S3Trayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 78416] R1 CXAVSAUD;Prolink 2388x Audio Capture;c:\windows\system32\DRIVERS\pvavsaud.sys [2002-01-01 9984] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-18 20560] R2 PSI_SVC_2;Protexis Licensing V2;"c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 185632] R2 PVTUNE;Prolink 2388x Tuner;c:\windows\system32\drivers\pv88TUNE.sys [2002-01-01 32256] R3 pvavXBAR;Prolink 2388x AVStream Crossbar;c:\windows\system32\drivers\pvavxbar.sys [2002-01-01 11520] R3 S3G700;S3G700;c:\windows\system32\DRIVERS\S3G700m.sys [2002-01-01 792576] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-23 29744] . Conteúdo da pasta 'Tarefas Agendadas' 2008-11-30 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 16:18:06 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusão: 2008-11-30 16:19:45 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-11-30 18:19:43 Pré-execução: 13 pasta(s) 36.212.461.568 bytes disponíveis Pós execução: 12 pasta(s) 36,230,184,960 bytes disponíveis 784 --- E O F --- 2008-11-13 00:42:34 Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Delete a pasta C:\Qoobox e o log C:\ComboFix.txt. Selecione e copie este texto aqui abaixo dentro do quote. Cole-o no bloco de notas de seu computador e salve-o em sua área de trabalho com o nome de CFScript.txt File::c:\windows\system32\uid=10029445200348573284 c:\windows\system32\uid=16577093913868221865 c:\windows\system32\uid=11715675792930391456 c:\windows\system32\uid=4517305324419269718 c:\windows\system32\uid=3751642575417116850 c:\windows\system32\uid=3707928315236127546 c:\windows\system32\uid=17863126513285621579 c:\windows\system32\uid=12930826887530574202 c:\windows\system32\uid=3659939538330293038 c:\windows\system32\uid=3021817020942710579 c:\windows\system32\uid=18288807766803474422 c:\windows\system32\uid=13889233351832991590 c:\windows\system32\uid=11268562295324829872 c:\windows\system32\uid=724334952400485055 c:\windows\system32\uid=6751050863184630366 c:\windows\system32\uid=3786039458692233126 c:\windows\system32\uid=2512439976042907634 c:\windows\system32\uid=14243670367960592104 c:\windows\system32\uid=3532325938001348349 c:\windows\system32\uid=3376190283484807846 c:\windows\system32\uid=1330254938383121640 c:\windows\system32\uid=12209687279011143902 c:\windows\system32\uid=11397410181324330440 c:\windows\system32\uid=5407692741437444470 c:\windows\system32\uid=2519694883637845829 c:\windows\system32\uid=14355123101019131727 c:\windows\system32\uid=11038074789520899238 c:\windows\system32\uid=10891854416210613552 c:\windows\system32\uid=8686098046486201848 c:\windows\system32\uid=8221971392384814378 c:\windows\system32\uid=15028331726667538705 c:\windows\system32\uid=12932330064523569970 c:\windows\system32\uid=1026939283097865549 c:\windows\system32\uid=804952303002180049 c:\windows\system32\uid=17985212239503022563 c:\windows\system32\uid=1504550444737659885 c:\windows\system32\uid=14365333231595623500 c:\windows\system32\uid=1015258607319396823 c:\windows\system32\uid=8837661406104557960 c:\windows\system32\uid=5524002995195269638 c:\windows\system32\uid=14828186023671619314 c:\windows\system32\uid=11940119767731512370 c:\windows\system32\uid=11010797884784049374 c:\windows\system32\uid=7300944574482367276 c:\windows\system32\uid=7139549795664348482 c:\windows\system32\uid=416510910328877336 c:\windows\system32\uid=18257636564436826063 c:\windows\system32\uid=14972848217281682244 c:\windows\system32\uid=6557623306396262477 c:\windows\system32\uid=5759791433479209650 c:\windows\system32\uid=4094977574031081329 c:\windows\system32\uid=16692677574868847381 c:\windows\system32\uid=13822075978488648449 c:\windows\system32\uid=6888213989973581203 c:\windows\system32\uid=3505832740244802752 c:\windows\system32\uid=3475753790580800416 c:\windows\system32\uid=13260248189488492795 c:\windows\system32\uid=1093459062681857935 c:\windows\system32\uid=6399464317614248667 c:\windows\system32\uid=6134455158786982992 c:\windows\system32\uid=2928534652949238140 c:\windows\system32\uid=1934619982490688627 c:\windows\system32\uid=18121219990039673345 c:\windows\system32\uid=7541389412656022652 c:\windows\system32\uid=7040667172092349268 c:\windows\system32\uid=16309157649068865962 c:\windows\system32\uid=14617369604584922936 c:\windows\system32\uid=13408633374118680394 c:\windows\system32\uid=8564117735299144990 c:\windows\system32\uid=654693727872985175 c:\windows\system32\uid=15193864310462932117 c:\windows\system32\uid=10814020160398551592 c:\windows\system32\uid=10651113881948876759 c:\windows\system32\uid=4410034678852815408 c:\windows\system32\uid=3098341196662144495 c:\windows\system32\uid=14654860708176927819 c:\windows\system32\uid=13088421720506641054 c:\windows\system32\uid=12568475430147697353 c:\windows\system32\uid=9861033297993023162 c:\windows\system32\uid=80375904065162973 c:\windows\system32\uid=18431425147804009386 c:\windows\system32\uid=16237474180501761835 c:\windows\system32\uid=15597976834397514941 c:\windows\system32\uid=9684141165332213491 c:\windows\system32\uid=6691808231094295920 c:\windows\system32\uid=18004799689637563490 c:\windows\system32\uid=1328965656619143303 c:\windows\system32\uid=10133700540237560343 c:\windows\system32\uid=957869403210681133 c:\windows\system32\uid=8692924635078185275 c:\windows\system32\uid=8169314225338839172 c:\windows\system32\uid=694979328139856181 c:\windows\system32\uid=4674959919413205985 c:\windows\system32\uid=8142246293950049548 c:\windows\system32\uid=15996685921949596116 c:\windows\system32\uid=15763212003316279852 c:\windows\system32\uid=12228541961341060357 c:\windows\system32\uid=11869770869348475002 c:\windows\system32\uid=3286973695907308576 c:\windows\system32\uid=2706768710090718990 c:\windows\system32\uid=14625365908470274165 c:\windows\system32\uid=10577838039233487095 c:\windows\system32\uid=10278467489482889174 c:\windows\system32\uid=8034360919469453803 c:\windows\system32\uid=6601134729598308355 c:\windows\system32\uid=3130110262165730562 c:\windows\system32\uid=2401556377015411027 c:\windows\system32\uid=11933293531342712791 c:\windows\system32\uid=359444802240104173 c:\windows\system32\uid=3291953898268869857 c:\windows\system32\uid=3151047702833071367 c:\windows\system32\uid=2627217922157134803 c:\windows\system32\uid=10475006802735676551 c:\windows\system32\uid=5821797768430275581 c:\windows\system32\uid=2511674615104380355 c:\windows\system32\uid=18362168504354045366 c:\windows\system32\uid=18324830626240610188 c:\windows\system32\uid=1169805761188391242 Folder:: c:\documents and settings\TH Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta: ● Se for solicitado à você, pressione Enter para iniciar o processo de remoção; ● Não use o mouse nem o teclado quando o ComboFix estiver rodando; ● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt; ● Seu computador será reiniciado automaticamente; Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 ComboFix 08-11-30.01 - Administrador 2008-11-30 18:45:15.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.203 [GMT -2:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: c:\windows\system32\uid=10029445200348573284 c:\windows\system32\uid=10133700540237560343 c:\windows\system32\uid=1015258607319396823 c:\windows\system32\uid=1026939283097865549 c:\windows\system32\uid=10278467489482889174 c:\windows\system32\uid=10475006802735676551 c:\windows\system32\uid=10577838039233487095 c:\windows\system32\uid=10651113881948876759 c:\windows\system32\uid=10814020160398551592 c:\windows\system32\uid=10891854416210613552 c:\windows\system32\uid=1093459062681857935 c:\windows\system32\uid=11010797884784049374 c:\windows\system32\uid=11038074789520899238 c:\windows\system32\uid=11268562295324829872 c:\windows\system32\uid=11397410181324330440 c:\windows\system32\uid=1169805761188391242 c:\windows\system32\uid=11715675792930391456 c:\windows\system32\uid=11869770869348475002 c:\windows\system32\uid=11933293531342712791 c:\windows\system32\uid=11940119767731512370 c:\windows\system32\uid=12209687279011143902 c:\windows\system32\uid=12228541961341060357 c:\windows\system32\uid=12568475430147697353 c:\windows\system32\uid=12930826887530574202 c:\windows\system32\uid=12932330064523569970 c:\windows\system32\uid=13088421720506641054 c:\windows\system32\uid=13260248189488492795 c:\windows\system32\uid=1328965656619143303 c:\windows\system32\uid=1330254938383121640 c:\windows\system32\uid=13408633374118680394 c:\windows\system32\uid=13822075978488648449 c:\windows\system32\uid=13889233351832991590 c:\windows\system32\uid=14243670367960592104 c:\windows\system32\uid=14355123101019131727 c:\windows\system32\uid=14365333231595623500 c:\windows\system32\uid=14617369604584922936 c:\windows\system32\uid=14625365908470274165 c:\windows\system32\uid=14654860708176927819 c:\windows\system32\uid=14828186023671619314 c:\windows\system32\uid=14972848217281682244 c:\windows\system32\uid=15028331726667538705 c:\windows\system32\uid=1504550444737659885 c:\windows\system32\uid=15193864310462932117 c:\windows\system32\uid=15597976834397514941 c:\windows\system32\uid=15763212003316279852 c:\windows\system32\uid=15996685921949596116 c:\windows\system32\uid=16237474180501761835 c:\windows\system32\uid=16309157649068865962 c:\windows\system32\uid=16577093913868221865 c:\windows\system32\uid=16692677574868847381 c:\windows\system32\uid=17863126513285621579 c:\windows\system32\uid=17985212239503022563 c:\windows\system32\uid=18004799689637563490 c:\windows\system32\uid=18121219990039673345 c:\windows\system32\uid=18257636564436826063 c:\windows\system32\uid=18288807766803474422 c:\windows\system32\uid=18324830626240610188 c:\windows\system32\uid=18362168504354045366 c:\windows\system32\uid=18431425147804009386 c:\windows\system32\uid=1934619982490688627 c:\windows\system32\uid=2401556377015411027 c:\windows\system32\uid=2511674615104380355 c:\windows\system32\uid=2512439976042907634 c:\windows\system32\uid=2519694883637845829 c:\windows\system32\uid=2627217922157134803 c:\windows\system32\uid=2706768710090718990 c:\windows\system32\uid=2928534652949238140 c:\windows\system32\uid=3021817020942710579 c:\windows\system32\uid=3098341196662144495 c:\windows\system32\uid=3130110262165730562 c:\windows\system32\uid=3151047702833071367 c:\windows\system32\uid=3286973695907308576 c:\windows\system32\uid=3291953898268869857 c:\windows\system32\uid=3376190283484807846 c:\windows\system32\uid=3475753790580800416 c:\windows\system32\uid=3505832740244802752 c:\windows\system32\uid=3532325938001348349 c:\windows\system32\uid=359444802240104173 c:\windows\system32\uid=3659939538330293038 c:\windows\system32\uid=3707928315236127546 c:\windows\system32\uid=3751642575417116850 c:\windows\system32\uid=3786039458692233126 c:\windows\system32\uid=4094977574031081329 c:\windows\system32\uid=416510910328877336 c:\windows\system32\uid=4410034678852815408 c:\windows\system32\uid=4517305324419269718 c:\windows\system32\uid=4674959919413205985 c:\windows\system32\uid=5407692741437444470 c:\windows\system32\uid=5524002995195269638 c:\windows\system32\uid=5759791433479209650 c:\windows\system32\uid=5821797768430275581 c:\windows\system32\uid=6134455158786982992 c:\windows\system32\uid=6399464317614248667 c:\windows\system32\uid=654693727872985175 c:\windows\system32\uid=6557623306396262477 c:\windows\system32\uid=6601134729598308355 c:\windows\system32\uid=6691808231094295920 c:\windows\system32\uid=6751050863184630366 c:\windows\system32\uid=6888213989973581203 c:\windows\system32\uid=694979328139856181 c:\windows\system32\uid=7040667172092349268 c:\windows\system32\uid=7139549795664348482 c:\windows\system32\uid=724334952400485055 c:\windows\system32\uid=7300944574482367276 c:\windows\system32\uid=7541389412656022652 c:\windows\system32\uid=8034360919469453803 c:\windows\system32\uid=80375904065162973 c:\windows\system32\uid=804952303002180049 c:\windows\system32\uid=8142246293950049548 c:\windows\system32\uid=8169314225338839172 c:\windows\system32\uid=8221971392384814378 c:\windows\system32\uid=8564117735299144990 c:\windows\system32\uid=8686098046486201848 c:\windows\system32\uid=8692924635078185275 c:\windows\system32\uid=8837661406104557960 c:\windows\system32\uid=957869403210681133 c:\windows\system32\uid=9684141165332213491 c:\windows\system32\uid=9861033297993023162 . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\uid=10029445200348573284 c:\windows\system32\uid=10133700540237560343 c:\windows\system32\uid=1015258607319396823 c:\windows\system32\uid=1026939283097865549 c:\windows\system32\uid=10278467489482889174 c:\windows\system32\uid=10475006802735676551 c:\windows\system32\uid=10577838039233487095 c:\windows\system32\uid=10651113881948876759 c:\windows\system32\uid=10814020160398551592 c:\windows\system32\uid=10891854416210613552 c:\windows\system32\uid=1093459062681857935 c:\windows\system32\uid=11010797884784049374 c:\windows\system32\uid=11038074789520899238 c:\windows\system32\uid=11268562295324829872 c:\windows\system32\uid=11397410181324330440 c:\windows\system32\uid=1169805761188391242 c:\windows\system32\uid=11715675792930391456 c:\windows\system32\uid=11869770869348475002 c:\windows\system32\uid=11933293531342712791 c:\windows\system32\uid=11940119767731512370 c:\windows\system32\uid=12209687279011143902 c:\windows\system32\uid=12228541961341060357 c:\windows\system32\uid=12568475430147697353 c:\windows\system32\uid=12930826887530574202 c:\windows\system32\uid=12932330064523569970 c:\windows\system32\uid=13088421720506641054 c:\windows\system32\uid=13260248189488492795 c:\windows\system32\uid=1328965656619143303 c:\windows\system32\uid=1330254938383121640 c:\windows\system32\uid=13408633374118680394 c:\windows\system32\uid=13822075978488648449 c:\windows\system32\uid=13889233351832991590 c:\windows\system32\uid=14243670367960592104 c:\windows\system32\uid=14355123101019131727 c:\windows\system32\uid=14365333231595623500 c:\windows\system32\uid=14617369604584922936 c:\windows\system32\uid=14625365908470274165 c:\windows\system32\uid=14654860708176927819 c:\windows\system32\uid=14828186023671619314 c:\windows\system32\uid=14972848217281682244 c:\windows\system32\uid=15028331726667538705 c:\windows\system32\uid=1504550444737659885 c:\windows\system32\uid=15193864310462932117 c:\windows\system32\uid=15597976834397514941 c:\windows\system32\uid=15763212003316279852 c:\windows\system32\uid=15996685921949596116 c:\windows\system32\uid=16237474180501761835 c:\windows\system32\uid=16309157649068865962 c:\windows\system32\uid=16577093913868221865 c:\windows\system32\uid=16692677574868847381 c:\windows\system32\uid=17863126513285621579 c:\windows\system32\uid=17985212239503022563 c:\windows\system32\uid=18004799689637563490 c:\windows\system32\uid=18121219990039673345 c:\windows\system32\uid=18257636564436826063 c:\windows\system32\uid=18288807766803474422 c:\windows\system32\uid=18324830626240610188 c:\windows\system32\uid=18362168504354045366 c:\windows\system32\uid=18431425147804009386 c:\windows\system32\uid=1934619982490688627 c:\windows\system32\uid=2401556377015411027 c:\windows\system32\uid=2511674615104380355 c:\windows\system32\uid=2512439976042907634 c:\windows\system32\uid=2519694883637845829 c:\windows\system32\uid=2627217922157134803 c:\windows\system32\uid=2706768710090718990 c:\windows\system32\uid=2928534652949238140 c:\windows\system32\uid=3021817020942710579 c:\windows\system32\uid=3098341196662144495 c:\windows\system32\uid=3130110262165730562 c:\windows\system32\uid=3151047702833071367 c:\windows\system32\uid=3286973695907308576 c:\windows\system32\uid=3291953898268869857 c:\windows\system32\uid=3376190283484807846 c:\windows\system32\uid=3475753790580800416 c:\windows\system32\uid=3505832740244802752 c:\windows\system32\uid=3532325938001348349 c:\windows\system32\uid=359444802240104173 c:\windows\system32\uid=3659939538330293038 c:\windows\system32\uid=3707928315236127546 c:\windows\system32\uid=3751642575417116850 c:\windows\system32\uid=3786039458692233126 c:\windows\system32\uid=4094977574031081329 c:\windows\system32\uid=416510910328877336 c:\windows\system32\uid=4410034678852815408 c:\windows\system32\uid=4517305324419269718 c:\windows\system32\uid=4674959919413205985 c:\windows\system32\uid=5407692741437444470 c:\windows\system32\uid=5524002995195269638 c:\windows\system32\uid=5759791433479209650 c:\windows\system32\uid=5821797768430275581 c:\windows\system32\uid=6134455158786982992 c:\windows\system32\uid=6399464317614248667 c:\windows\system32\uid=654693727872985175 c:\windows\system32\uid=6557623306396262477 c:\windows\system32\uid=6601134729598308355 c:\windows\system32\uid=6691808231094295920 c:\windows\system32\uid=6751050863184630366 c:\windows\system32\uid=6888213989973581203 c:\windows\system32\uid=694979328139856181 c:\windows\system32\uid=7040667172092349268 c:\windows\system32\uid=7139549795664348482 c:\windows\system32\uid=724334952400485055 c:\windows\system32\uid=7300944574482367276 c:\windows\system32\uid=7541389412656022652 c:\windows\system32\uid=8034360919469453803 c:\windows\system32\uid=80375904065162973 c:\windows\system32\uid=804952303002180049 c:\windows\system32\uid=8142246293950049548 c:\windows\system32\uid=8169314225338839172 c:\windows\system32\uid=8221971392384814378 c:\windows\system32\uid=8564117735299144990 c:\windows\system32\uid=8686098046486201848 c:\windows\system32\uid=8692924635078185275 c:\windows\system32\uid=8837661406104557960 c:\windows\system32\uid=957869403210681133 c:\windows\system32\uid=9684141165332213491 c:\windows\system32\uid=9861033297993023162 . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))) . 2008-11-30 14:32 . 2008-11-30 14:33 <DIR> d-------- c:\documents and settings\Administrador\Contacts 2008-11-30 11:58 . 2008-11-30 16:32 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\AIMP 2008-11-30 11:57 . 2008-11-30 11:58 <DIR> d-------- c:\arquivos de programas\AIMP2 2008-11-26 17:27 . 2008-11-26 17:27 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\IM 2008-11-26 17:25 . 2008-11-26 17:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\IncrediMail 2008-11-20 08:07 . 2008-11-30 09:08 <DIR> d-------- c:\windows\system32\CatRoot_3 2008-11-12 22:42 . 2008-11-12 22:42 118 --a------ c:\windows\system32\MRT.INI 2008-11-06 11:36 . 2008-11-06 11:36 0 --a------ c:\windows\system32\uid=8468630016617049256 2008-11-06 11:36 . 2008-11-06 11:36 0 --a------ c:\windows\system32\uid=6242084668546115893 2008-11-06 11:36 . 2008-11-06 11:36 0 --a------ c:\windows\system32\uid=12846479016732754080 2008-11-06 11:36 . 2008-11-06 11:36 0 --a------ c:\windows\system32\uid=12073680915334703900 2008-11-06 11:36 . 2008-11-06 11:36 0 --a------ c:\windows\system32\uid=12059756238859614125 2008-11-06 11:35 . 2008-11-06 11:35 0 --a------ c:\windows\system32\uid=9318956421510041501 2008-11-06 11:35 . 2008-11-06 11:35 0 --a------ c:\windows\system32\uid=4151660083563124568 2008-11-06 11:35 . 2008-11-06 11:35 0 --a------ c:\windows\system32\uid=14263954157606721649 2008-11-06 11:35 . 2008-11-06 11:35 0 --a------ c:\windows\system32\uid=12868720872174735587 2008-11-06 11:35 . 2008-11-06 11:35 0 --a------ c:\windows\system32\uid=10489700827755442810 2008-11-06 11:34 . 2008-11-06 11:34 0 --a------ c:\windows\system32\uid=5975720474951132227 2008-11-06 11:34 . 2008-11-06 11:34 0 --a------ c:\windows\system32\uid=17421107309117848860 2008-11-06 11:34 . 2008-11-06 11:34 0 --a------ c:\windows\system32\uid=12739394464940897144 2008-11-06 11:34 . 2008-11-06 11:34 0 --a------ c:\windows\system32\uid=12691858463175555351 2008-11-06 11:34 . 2008-11-06 11:34 0 --a------ c:\windows\system32\uid=10163749075490721248 2008-11-06 11:33 . 2008-11-06 11:33 0 --a------ c:\windows\system32\uid=8497183936715415416 2008-11-06 11:33 . 2008-11-06 11:33 0 --a------ c:\windows\system32\uid=2062014155786244002 2008-11-06 11:33 . 2008-11-06 11:33 0 --a------ c:\windows\system32\uid=18261759115663081581 2008-11-06 11:33 . 2008-11-06 11:33 0 --a------ c:\windows\system32\uid=13292271585884845428 2008-11-06 11:33 . 2008-11-06 11:33 0 --a------ c:\windows\system32\uid=11398634059349583585 2008-11-06 11:32 . 2008-11-06 11:32 0 --a------ c:\windows\system32\uid=971386391078900008 2008-11-06 11:32 . 2008-11-06 11:32 0 --a------ c:\windows\system32\uid=7819104954787137945 2008-11-06 11:32 . 2008-11-06 11:32 0 --a------ c:\windows\system32\uid=16236358801782886758 2008-11-06 11:32 . 2008-11-06 11:32 0 --a------ c:\windows\system32\uid=14896409274297671114 2008-11-06 11:32 . 2008-11-06 11:32 0 --a------ c:\windows\system32\uid=10522874680661601842 2008-11-06 11:31 . 2008-11-06 11:31 0 --a------ c:\windows\system32\uid=7923457597558274303 2008-11-06 11:31 . 2008-11-06 11:31 0 --a------ c:\windows\system32\uid=4450199094122807079 2008-11-06 11:31 . 2008-11-06 11:31 0 --a------ c:\windows\system32\uid=1529523738570587100 2008-11-06 11:31 . 2008-11-06 11:31 0 --a------ c:\windows\system32\uid=14414606524687971549 2008-11-06 11:31 . 2008-11-06 11:31 0 --a------ c:\windows\system32\uid=11697134609203255749 2008-11-06 11:30 . 2008-11-06 11:30 0 --a------ c:\windows\system32\uid=869360427072625509 2008-11-06 11:30 . 2008-11-06 11:30 0 --a------ c:\windows\system32\uid=8305035371219275959 2008-11-06 11:30 . 2008-11-06 11:30 0 --a------ c:\windows\system32\uid=4396053157362237841 2008-11-06 11:30 . 2008-11-06 11:30 0 --a------ c:\windows\system32\uid=15011188651834302907 2008-11-06 11:30 . 2008-11-06 11:30 0 --a------ c:\windows\system32\uid=10023415115500950599 2008-11-06 11:29 . 2008-11-06 11:29 0 --a------ c:\windows\system32\uid=9847353603298523446 2008-11-06 11:29 . 2008-11-06 11:29 0 --a------ c:\windows\system32\uid=7098227215936221239 2008-11-06 11:29 . 2008-11-06 11:29 0 --a------ c:\windows\system32\uid=5698328518051346221 2008-11-06 11:29 . 2008-11-06 11:29 0 --a------ c:\windows\system32\uid=5482493448751616578 2008-11-06 11:29 . 2008-11-06 11:29 0 --a------ c:\windows\system32\uid=2631675777447453311 2008-11-06 11:28 . 2008-11-06 11:28 0 --a------ c:\windows\system32\uid=18244708639915616117 2008-11-06 11:28 . 2008-11-06 11:28 0 --a------ c:\windows\system32\uid=14964059916816674167 2008-11-06 11:28 . 2008-11-06 11:28 0 --a------ c:\windows\system32\uid=14835739186687628101 2008-11-06 11:27 . 2008-11-29 17:46 123 --a------ c:\windows\system32\thasiabraccini@hotmail.com 2008-11-05 21:52 . 2008-11-05 21:52 0 --a------ c:\windows\system32\uid=14984651612976226337 2008-11-05 21:51 . 2008-11-06 23:40 26 --a------ c:\windows\system32\pamelabarbieri85@yahoo.com.br 2008-10-22 13:04 . 2008-11-05 00:43 <DIR> d--h----- c:\arquivos de programas\Scpad 2008-10-04 11:22 . 2007-07-20 16:38 81,920 --a------ c:\windows\amcap.exe 2008-10-04 11:22 . 2007-07-11 17:09 20,480 --a------ c:\windows\FixCamera.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 13:31 --------- d-----w c:\arquivos de programas\eMule 2008-11-30 10:36 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-30 10:22 --------- d-----w c:\arquivos de programas\Java 2008-11-30 10:14 --------- d-----w c:\documents and settings\THÁSIA\Dados de aplicativos\BrOffice.org2 2008-11-30 03:19 --------- d-----w c:\arquivos de programas\MSN Messenger 2008-11-30 01:55 --------- d-----w c:\arquivos de programas\Google 2008-11-30 01:54 --------- d-----w c:\arquivos de programas\DNA 2008-11-21 22:46 --------- d-----w c:\documents and settings\FATIMA\Dados de aplicativos\BrOffice.org2 2008-11-05 02:43 --------- d-----w c:\arquivos de programas\GbPlugin 2008-11-01 09:35 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 21:57 --------- d-----w c:\documents and settings\THÁSIA\Dados de aplicativos\BitTorrent 2004-10-01 17:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-03-04 c:\windows\RTHDCPL.exe] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\FATIMA\Menu Iniciar\Programas\Inicializar\ BrOffice.org 2.2.lnk - c:\arquivos de programas\BrOffice.org 2.2\program\quickstart.exe [2007-03-31 393216] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ PVRemote.lnk - c:\arquivos de programas\PlayTV MPEG 8000GT\PVRemote.exe [2006-06-22 413696] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^THÁSIA^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.2.lnk] path=c:\documents and settings\THÁSIA\Menu Iniciar\Programas\Inicializar\BrOffice.org 2.2.lnk backup=c:\windows\pss\BrOffice.org 2.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-08-21 18:15 29744 c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-02 20:00 133104 c:\documents and settings\THÁSIA\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp] -ra------ 2005-04-05 19:49 159744 c:\windows\system32\S3Trayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\America's Army\\System\\ArmyOps.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 78416] R1 CXAVSAUD;Prolink 2388x Audio Capture;c:\windows\system32\DRIVERS\pvavsaud.sys [2002-01-01 9984] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-18 20560] R2 PSI_SVC_2;Protexis Licensing V2;"c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 185632] R2 PVTUNE;Prolink 2388x Tuner;c:\windows\system32\drivers\pv88TUNE.sys [2002-01-01 32256] R3 pvavXBAR;Prolink 2388x AVStream Crossbar;c:\windows\system32\drivers\pvavxbar.sys [2002-01-01 11520] R3 S3G700;S3G700;c:\windows\system32\DRIVERS\S3G700m.sys [2002-01-01 792576] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-23 29744] . Conteúdo da pasta 'Tarefas Agendadas' 2008-11-30 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job - c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 18:48:46 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WgaTray.exe c:\arquivos de programas\Alwil Software\Avast4\ashDisp.exe . ************************************************************************** . Tempo para conclusão: 2008-11-30 18:50:36 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-11-30 20:50:33 Pré-execução: 12 pasta(s) 35.487.932.416 bytes disponíveis Pós execução: 12 pasta(s) 35,488,018,432 bytes disponíveis 408 --- E O F --- 2008-11-13 00:42:34 Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 - Faça o download do Avenger e salve-o no desktop; ● Extraia o conteúdo do zip para o desktop; ● Selecione e copie o texto aqui abaixo: Files to delete:c:\windows\system32\uid=8468630016617049256 c:\windows\system32\uid=6242084668546115893 c:\windows\system32\uid=12846479016732754080 c:\windows\system32\uid=12073680915334703900 c:\windows\system32\uid=12059756238859614125 c:\windows\system32\uid=9318956421510041501 c:\windows\system32\uid=4151660083563124568 c:\windows\system32\uid=14263954157606721649 c:\windows\system32\uid=12868720872174735587 c:\windows\system32\uid=10489700827755442810 c:\windows\system32\uid=5975720474951132227 c:\windows\system32\uid=17421107309117848860 c:\windows\system32\uid=12739394464940897144 c:\windows\system32\uid=12691858463175555351 c:\windows\system32\uid=10163749075490721248 c:\windows\system32\uid=8497183936715415416 c:\windows\system32\uid=2062014155786244002 c:\windows\system32\uid=18261759115663081581 c:\windows\system32\uid=13292271585884845428 c:\windows\system32\uid=11398634059349583585 c:\windows\system32\uid=971386391078900008 c:\windows\system32\uid=7819104954787137945 c:\windows\system32\uid=16236358801782886758 c:\windows\system32\uid=14896409274297671114 c:\windows\system32\uid=10522874680661601842 c:\windows\system32\uid=7923457597558274303 c:\windows\system32\uid=4450199094122807079 c:\windows\system32\uid=1529523738570587100 c:\windows\system32\uid=14414606524687971549 c:\windows\system32\uid=11697134609203255749 c:\windows\system32\uid=869360427072625509 c:\windows\system32\uid=8305035371219275959 c:\windows\system32\uid=4396053157362237841 c:\windows\system32\uid=15011188651834302907 c:\windows\system32\uid=10023415115500950599 c:\windows\system32\uid=9847353603298523446 c:\windows\system32\uid=7098227215936221239 c:\windows\system32\uid=5698328518051346221 c:\windows\system32\uid=5482493448751616578 c:\windows\system32\uid=2631675777447453311 c:\windows\system32\uid=14964059916816674167 c:\windows\system32\uid=14835739186687628101 c:\windows\system32\thasiabraccini@hotmail.com c:\windows\system32\uid=14984651612976226337 c:\windows\system32\pamelabarbieri85@yahoo.com.br ● Execute o programa Avenger, dando dois cliques em avenger.exe; ● Clique no menu Load Script > Paste from Clipboard; ● Clique no botão Execute > Yes > OK; ● Seu computador será reiniciado; ● Será gerado um log em C:\avenger.txt Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 Avenger Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\windows\system32\uid=8468630016617049256" deleted successfully. File "c:\windows\system32\uid=6242084668546115893" deleted successfully. File "c:\windows\system32\uid=12846479016732754080" deleted successfully. File "c:\windows\system32\uid=12073680915334703900" deleted successfully. File "c:\windows\system32\uid=12059756238859614125" deleted successfully. File "c:\windows\system32\uid=9318956421510041501" deleted successfully. File "c:\windows\system32\uid=4151660083563124568" deleted successfully. File "c:\windows\system32\uid=14263954157606721649" deleted successfully. File "c:\windows\system32\uid=12868720872174735587" deleted successfully. File "c:\windows\system32\uid=10489700827755442810" deleted successfully. File "c:\windows\system32\uid=5975720474951132227" deleted successfully. File "c:\windows\system32\uid=17421107309117848860" deleted successfully. File "c:\windows\system32\uid=12739394464940897144" deleted successfully. File "c:\windows\system32\uid=12691858463175555351" deleted successfully. File "c:\windows\system32\uid=10163749075490721248" deleted successfully. File "c:\windows\system32\uid=8497183936715415416" deleted successfully. File "c:\windows\system32\uid=2062014155786244002" deleted successfully. File "c:\windows\system32\uid=18261759115663081581" deleted successfully. File "c:\windows\system32\uid=13292271585884845428" deleted successfully. File "c:\windows\system32\uid=11398634059349583585" deleted successfully. File "c:\windows\system32\uid=971386391078900008" deleted successfully. File "c:\windows\system32\uid=7819104954787137945" deleted successfully. File "c:\windows\system32\uid=16236358801782886758" deleted successfully. File "c:\windows\system32\uid=14896409274297671114" deleted successfully. File "c:\windows\system32\uid=10522874680661601842" deleted successfully. File "c:\windows\system32\uid=7923457597558274303" deleted successfully. File "c:\windows\system32\uid=4450199094122807079" deleted successfully. File "c:\windows\system32\uid=1529523738570587100" deleted successfully. File "c:\windows\system32\uid=14414606524687971549" deleted successfully. File "c:\windows\system32\uid=11697134609203255749" deleted successfully. File "c:\windows\system32\uid=869360427072625509" deleted successfully. File "c:\windows\system32\uid=8305035371219275959" deleted successfully. File "c:\windows\system32\uid=4396053157362237841" deleted successfully. File "c:\windows\system32\uid=15011188651834302907" deleted successfully. File "c:\windows\system32\uid=10023415115500950599" deleted successfully. File "c:\windows\system32\uid=9847353603298523446" deleted successfully. File "c:\windows\system32\uid=7098227215936221239" deleted successfully. File "c:\windows\system32\uid=5698328518051346221" deleted successfully. File "c:\windows\system32\uid=5482493448751616578" deleted successfully. File "c:\windows\system32\uid=2631675777447453311" deleted successfully. File "c:\windows\system32\uid=14964059916816674167" deleted successfully. File "c:\windows\system32\uid=14835739186687628101" deleted successfully. File "c:\windows\system32\thasiabraccini@hotmail.com" deleted successfully. File "c:\windows\system32\uid=14984651612976226337" deleted successfully. File "c:\windows\system32\pamelabarbieri85@yahoo.com.br" deleted successfully. Completed script processing. ******************* Finished! Terminate. Hijackthis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:32:02, on 30/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\MSN Messenger\msnmsgr.exe C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Arquivos de programas\PlayTV MPEG 8000GT\PVRemote.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Arquivos de programas\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PVRemote.lnk = C:\Arquivos de programas\PlayTV MPEG 8000GT\PVRemote.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {F5DF7803-CB7B-4198-9D7A-42DCA34F6B76} (MPSecVideo Control) - http://cvc.micropower.com.br/downloads/mpsecvideoplayer.cab O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing) O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- End of file - 6937 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 DiMinas, seu log está limpo. Delete a pasta do Avenger em C:\Avenger e delete o programa também. - Baixe o ATF-Cleaner e salve no desktop; - Execute o programa e marque a opção Select All. Clique no botão Empty Selected > OK. Clique em Exit para fechá-lo. Há algum problema na máquina ainda DiMinas? Compartilhar este post Link para o post Compartilhar em outros sites
DiMinas 6 Denunciar post Postado Novembro 30, 2008 Perfeito MGuitar! A máquina está em perfeitas condições. Precisando, estou às ordens. Belíssimo trabalho! E aproveitando, bem-vindo à nossa equipe. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 1, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
