[Arquivado] Log para análise

[epfernandes 0]

Senhores, estou com um problema com a NET e gostaria que os mais entendidos me dessem uma luz.

 

De alguns dias pra cá minha conexão ficou bastante instável, caindo de tempos em tempos e voltando depois de vários minutos.

 

O problema é que a operadora insiste que este problema "causado por um novo vírus que está afetando as conexões do mundo todo". Eles alegam que este vírus é quem faz a conexão ficar instável.

 

 

O vírus chama-se: Worm:W32/Downadup.A

 

Alguém já ouviu algo a respeito? Já utilizei quatro antivírus diferentes em minha máquina e nada!!! (NOD 32, Avast, RemoveIt Pró e Clam) Efetuei pesquisas pela net e não encontrei registros deste worm. A net disponibiliza uma página com os procedimentos para a eliminação deste vírus. Já efetuei todos sem nenhum sucesso. O problema persiste.

 

A única informção sobre este vírus encontra-se aqui:

 

http://www.f-secure.com/v-descs/worm_w32_d...a.shtml#summary

 

Estou enviando meu log para análise pois tenho a certeza de que a NET está utilizando este artfício para justificar dificuldades técnicas que se arrastam durante anos na região onde moro (Santos/Sp).

 

Segue meu log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:29, on 13/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kobber\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 5496 bytes

 

Agradeço qualquer ajuda e fico no aguardo de uma resposta.

 

Abraços

[DigRam 144]

Bom Dia! epfernandes

 

<!> Baixe e execute,na ordem,estes programas: Dr.WebCureit --> Malwarebytes.

-------------------------

<@> Baixe: < >

 

< ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe >

 

<@> Salve-o no Desktop!

<@> Execute o arquivo: drweb-cureit.exe

<@> Clique em Iniciar e escolha a verificação express scan.

<@> Se for encontrado,algum ficheiro infectado,clique no botão yes,para acionar a cura.

<@> Quando o scan rápido terminar,clique em Opções --> Alterar Definições.

<@> Na aba Verificação,desmarque a Análise Heurística e confirme!

<@> De volta à janela principal,marque os drives que você deseja examinar.

<@> Selecione todos! Um ponto vermelho,vai indicar os drives selecionados.

<@> Clique na seta verde,para iniciar o exame.

 

 

<@> Caso haja uma solicitação,para curar/mover o arquivo,clique em Sim,para todos.

<@> Quando o exame terminar,observe se o ícone "objetos encontrados" < > está habilitado.

<@> Se estiver,clique nele!

<@> À seguir clique no ícone,logo abaixo,e selecione: Mover incuráveis

 

 

<@> Caso o programa não possa curá-los,ele irá move-los para a pasta Quarentena,no diretório DoctorWeb.

<@> Feito isto, vá no menu superior e clique na opção Ficheiros --> Guardar listas de arquivos.

<@> Salve a lista no desktop. ( DrWeb.csv ) <-- Relatório para postagem!

<@> Feche o programa!

<@> Reinicie o computador,para que o programa termine de deletar/mover,os arquivos que estavam sendo utilizados.

-------------------------

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: DrWeb.csv + mbam-log-2008-xx-xx (00-00-00).txt.

 

Abraços!

[epfernandes 0]

Feito.

 

Nada encontrado pelo Dr.WebCureit. Ele não emitiu relatório.

 

Log do Malwarebyte´s:

 

15/12/2008 22:37:00

mbam-log-2008-12-15 (22-37-00).txt

 

Tipo de Verificação: Completa (C:\|E:\|)

Objetos verificados: 116770

Tempo decorrido: 37 minute(s), 1 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Abraços

[DigRam 144]

Bom Dia! epfernandes

 

<@> Baixe: < RSIT >

<@> Salve-o,diretamente,no Disco Local ( C )!

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

[epfernandes 0]

Feito:

 

log.txt

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Kobber at 2008-12-16 20:37:29

Microsoft Windows XP Professional Service Pack 2

System drive C: has 15 GB (10%) free of 153 GB

Total RAM: 2047 MB (80% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37:51, on 16/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kobber\Desktop\RSIT.exe

C:\Documents and Settings\Kobber\Desktop\Kobber.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 4963 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll [2007-11-29 187504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]

C:\Arquivos de programas\AdVantage\AdVantage.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

C:\Arquivos de programas\D-Tools\daemon.exe [2004-08-22 81920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Kobber\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /c []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Arquivos de programas\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoJoy]

C:\Arquivos de programas\PhotoJoy\bin\PhotoJoy.exe /c []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

E:\Arquivos de programas\PowerISO\PWRISOVM.EXE [2008-07-07 167936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-07 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2008-10-30 1783808]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Arquivos de programas\Steam\Steam.exe [2008-10-07 1410296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-11-04 185872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

E:\Arquivos de programas\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoxOx]

C:\Arquivos de programas\VoxOx\voxox.exe [2008-11-03 4947968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

C:\ARQUIV~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\day of defeat source\hl2.exe"="C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\day of defeat source\hl2.exe:*:Enabled:hl2"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"

"C:\Arquivos de programas\Lanshark\lanshark.exe"="C:\Arquivos de programas\Lanshark\lanshark.exe:*:Enabled:A P2P Filesharing tool for local area networks"

"C:\Arquivos de programas\Outspark\Project Powder\Run.exe"="C:\Arquivos de programas\Outspark\Project Powder\Run.exe:*:Enabled:ProjectPowder"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\FrostWire\FrostWire.exe"="C:\Arquivos de programas\FrostWire\FrostWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\age of chivalry\hl2.exe"="C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\age of chivalry\hl2.exe:*:Enabled:hl2"

"C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\insurgency\hl2.exe"="C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\insurgency\hl2.exe:*:Enabled:hl2"

"C:\Arquivos de programas\Microsoft Games\Rise of Nations\thrones.exe"="C:\Arquivos de programas\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"

"E:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="E:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"

"E:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="E:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"

"E:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="E:\Arquivos de programas\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

"C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\synergy\hl2.exe"="C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\synergy\hl2.exe:*:Enabled:hl2"

"C:\Arquivos de programas\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe"="C:\Arquivos de programas\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh"

"C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\diprip warm up\hl2.exe"="C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\diprip warm up\hl2.exe:*:Enabled:hl2"

"C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\team fortress 2\hl2.exe"="C:\Arquivos de programas\Steam\SteamApps\binfa_crossbones\team fortress 2\hl2.exe:*:Enabled:hl2"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"E:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"="E:\Arquivos de programas\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Enabled:removeit"

"C:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"

"C:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"

"C:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"

"E:\Arquivos de programas\Softnyx\RakionIS\Bin\rakion.bin"="E:\Arquivos de programas\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion"

"C:\Arquivos de programas\Steam\Steam.exe"="C:\Arquivos de programas\Steam\Steam.exe:*:Disabled:Steam"

"C:\Arquivos de programas\PhotoJoy\Bin\PjApp.exe"="C:\Arquivos de programas\PhotoJoy\Bin\PjApp.exe:*:Enabled:PhotoJoy"

"C:\Arquivos de programas\PhotoJoy\Bin\PjImp.exe"="C:\Arquivos de programas\PhotoJoy\Bin\PjImp.exe:*:Enabled:PhotoJoy"

"C:\Arquivos de programas\PhotoJoy\Bin\PhotoJoy.exe"="C:\Arquivos de programas\PhotoJoy\Bin\PhotoJoy.exe:*:Enabled:PhotoJoy"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======File associations======

 

.js - open - NOTEPAD.EXE %1

.vbs - open - NOTEPAD.EXE %1

 

======List of files/folders created in the last 1 months======

 

2008-12-16 20:37:29 ----D---- C:\rsit

2008-12-15 08:39:08 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\Malwarebytes

2008-12-15 08:39:03 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-15 08:39:03 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-12-14 21:32:57 ----SHD---- C:\Config.Msi

2008-12-13 21:15:47 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-12-13 12:35:20 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-10 21:06:00 ----D---- C:\Arquivos de programas\WinClamAVShield

2008-12-09 16:23:55 ----D---- C:\fsaua.data

2008-12-03 17:13:09 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\Iomatic

2008-12-03 17:13:06 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FTWeak

2008-12-01 13:20:26 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\Media Player Classic

2008-11-26 23:09:06 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\VoxOx

2008-11-24 23:15:25 ----D---- C:\Arquivos de programas\VoxOx

2008-11-23 17:03:20 ----D---- C:\WINDOWS\system32\Adobe

 

======List of files/folders modified in the last 1 months======

 

2008-12-16 20:37:31 ----D---- C:\WINDOWS\Prefetch

2008-12-16 20:36:27 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-12-16 20:11:05 ----D---- C:\WINDOWS\Temp

2008-12-16 20:11:01 ----D---- C:\WINDOWS

2008-12-16 18:09:26 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-15 23:44:26 ----D---- C:\Arquivos de programas\Steam

2008-12-15 23:09:08 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-15 08:39:06 ----D---- C:\WINDOWS\system32\drivers

2008-12-15 08:39:03 ----RD---- C:\Arquivos de programas

2008-12-14 22:11:46 ----SHD---- C:\WINDOWS\Installer

2008-12-13 21:16:37 ----HD---- C:\WINDOWS\inf

2008-12-13 17:39:55 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-12-13 17:39:55 ----D---- C:\Arquivos de programas\Spyware Terminator

2008-12-13 15:27:29 ----D---- C:\WINDOWS\Debug

2008-12-13 15:16:03 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-13 15:14:22 ----D---- C:\WINDOWS\system32

2008-12-13 15:08:47 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\Spyware Terminator

2008-12-13 12:56:30 ----D---- C:\WINDOWS\SoftwareDistribution

2008-12-12 17:38:15 ----SH---- C:\boot.ini

2008-12-12 17:38:15 ----A---- C:\WINDOWS\win.ini

2008-12-12 17:38:15 ----A---- C:\WINDOWS\system.ini

2008-12-10 21:54:05 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-10 21:53:54 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-10 18:07:27 ----A---- C:\WINDOWS\DUMPc95a.tmp

2008-12-09 21:57:03 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-08 21:03:19 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-04 21:34:40 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-12-02 23:53:15 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-12-01 13:45:03 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2008-12-01 13:37:39 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\Adobe

2008-11-27 22:37:45 ----D---- C:\WINDOWS\system32\Tools

2008-11-27 17:13:28 ----D---- C:\WINDOWS\pss

2008-11-24 14:09:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-23 09:50:06 ----D---- C:\Documents and Settings\Kobber\Dados de aplicativos\uTorrent

2008-11-18 21:18:43 ----D---- C:\Arquivos de programas\SpeedFan

2008-11-17 16:33:30 ----SD---- C:\WINDOWS\Tasks

2008-11-17 15:29:36 ----D---- C:\Arquivos de programas\Windows Media Player

2008-11-17 13:46:06 ----D---- C:\WINDOWS\Minidump

2008-11-17 13:31:32 ----RSD---- C:\WINDOWS\assembly

2008-11-17 13:31:03 ----D---- C:\WINDOWS\system32\DirectX

2008-11-17 12:51:17 ----D---- C:\WINDOWS\system32\Restore

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]

R3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-04 59136]

R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]

R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]

S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]

S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]

S3 FreshIO;FreshIO; \??\C:\Arquivos de programas\FreshDevices\FreshDiagnose\FreshIO.sys []

S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]

S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-30 66872]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-30 107832]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2008-10-30 570880]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-13 68096]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

info.txt

 

info.txt logfile of random's system information tool 1.04 2008-12-16 20:37:53

 

======Uninstall list======

 

-->"C:\Arquivos de programas\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

25 to Life-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B8FE7CDD-61D0-445D-9209-E809780B51DD}\setup.exe" -l0x9 -removeonly

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop CS-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9

Adobe Reader 8.1.0 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81000000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Age of Chivalry-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/17510

AirHockey 3D 1.82-->C:\Arquivos de programas\AirHockey 3D\uninst.exe

ArcSoft PhotoImpression 6-->C:\Arquivos de programas\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0416 -removeonly

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assassin's Creed-->C:\Arquivos de programas\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly

Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Belltech Business Card Designer Pro 4.0-->"E:\Arquivos de programas\Belltech Business Card Designer Pro\unins000.exe"

Brothers in Arms: Hell's Highway-->C:\Arquivos de programas\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe

BSPlayer-->"C:\Arquivos de programas\Webteh\BSplayerPro\uninstall.exe"

BusinessCardsMX 3.92-->"E:\Arquivos de programas\MOJOSOFT\BusinessCardsMX3\unins000.exe"

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}

DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}

Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}

DVD Flick-->"E:\Arquivos de programas\DVD Flick\unins000.exe"

DVD Shrink 3.2-->"E:\Arquivos de programas\DVD Shrink\unins000.exe"

Far Cry 2-->"C:\Arquivos de programas\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly

FCleaner 1.0.3.1130-->"E:\Arquivos de programas\FCleaner\unins000.exe"

FrostWire 4.13.3-->C:\Arquivos de programas\FrostWire\Uninstall.exe

GetDataBack for NTFS-->"C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Arquivos de programas\Runtime Software\GetDataBack for NTFS\install.log" -u

GTA San Andreas-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly

HijackThis 2.0.2-->"C:\Documents and Settings\Kobber\Desktop\HijackThis.exe" /uninstall

hp deskjet 970c series (Remover somente)-->C:\Arquivos de programas\hp deskjet 970c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB002 -vproduct=970c -huninstall

hp deskjet 970c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 970c series

Immortal Cities: Children of the Nile-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{667A1F4B-BFFA-4CF0-8C0B-6ED397370BCB}

Inkscape 0.46-->C:\Arquivos de programas\Inkscape\Uninstall.exe

Insurgency: Modern Infantry Combat-->"C:\Arquivos de programas\Steam\SteamApps\SourceMods\Uninstall.exe"

Insurgency-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/17700

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Mare Nostrum-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/1230

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PUBLISHER /dll OSETUP.DLL

Microsoft Office Publisher 2007-->MsiExec.exe /X{90120000-0019-0000-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9}

Microsoft Rise Of Nations-->"C:\Arquivos de programas\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.4)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Neighbours From Hell 2-->MsiExec.exe /X{43A44FC2-FC81-444F-B847-D93F535B7208}

Nero 6 Ultra Edition-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX v8.04.25-->MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}

Orbit Downloader-->"C:\Arquivos de programas\Orbitdownloader\unins000.exe"

PowerISO-->"E:\Arquivos de programas\PowerISO\uninstall.exe"

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

QuickTime-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Red Orchestra-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/1200

RemoveIT Pro v4 - SE-->E:\ARQUIV~1\INCODE~1\REMOVE~1\UNWISE.EXE E:\ARQUIV~1\INCODE~1\REMOVE~1\INSTALL.LOG

Rise of Nations Thrones and Patriots-->"C:\Arquivos de programas\Microsoft Games\Rise of Nations\UNINSTLX.EXE" /runtemp /uninstall

Samsung Master-->C:\Arquivos de programas\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly

Samsung USB Driver-->"C:\Arquivos de programas\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly

SmartSound Quicktracks Plugin-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}

Sound Blaster Live! Web 2K/XP-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9

Source SDK Base-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/215

SpeedFan (remove only)-->"C:\Arquivos de programas\SpeedFan\uninstall.exe"

Spyware Terminator-->"C:\Arquivos de programas\Spyware Terminator\unins000.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Synergy-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/17520

Team Fortress 2-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/440

TeamSpeak 2 RC2-->"E:\Arquivos de programas\Teamspeak2_RC2\unins000.exe"

Ulead VideoStudio 10-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\Setup.exe" -l0x9

UltimateDefrag V1 FREE Public Domain Version-->E:\Arquivos de programas\DiskTrix\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag V1 FREE Public Domain Version"

VDownloader 0.74-->"E:\Arquivos de programas\VDOWNLOADER\unins000.exe"

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

VoxOx 1.0.0-->C:\Arquivos de programas\VoxOx\uninstall.exe

Windows Installer 4.5 SDK-->MsiExec.exe /I{0CA21011-069B-B16A-A5CA-9ABE49DAC05C}

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

XP Codec Pack-->C:\Arquivos de programas\XP Codec Pack\Uninstall.exe

Zombie Panic! Source-->"C:\Arquivos de programas\Steam\steam.exe" steam://uninstall/17500

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\QuickTime\QTSystem\;C:\Arquivos de programas\Arquivos comuns\Teleca Shared;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

Foi bem rápido o programa. É assim mesmo?

 

Abraços

[DigRam 144]

Bom Dia! epfernandes

 

<!> Voçê aplicou a vacina que está no site f-secure?

---------------------------

<@> Faça um escaneamento de desinfecção,em < BitDefender > e poste o relatório.

<@> Abrirá a página: < BitDefender OnLine Scanner >

 

<@> Clique em: < >

 

<@> Aguarde! Permita a instalação do ActiveX,para que possa ocorrer o scan.

<@> Terminando,poste: C:\Windows\BDOSCAN8\bdoscan.log <-- Relatório!

 

Abraços!

[epfernandes 0]

Feito. Vamos lá:

 

 

<!> Leia o Tutorial: < Link >

 

Está aparecendo uma página de emoticons :huh:

 

<@> Terminando,poste: C:\Windows\BDOSCAN8\bdoscan.log <-- Relatório!

 

[General]

App = "BitDefender Online Scanner v8"

Date = 17:12:2008

Time = 17:59:08

Scan Path = A:\;C:\;D:\;E:\;G:\;

 

[Engines Info]

Virus Definitions = 2356913

Engine build = "AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)"

Scan plugins = 17

Archive plugins = 45

Unpack plugins = 7

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 6953

Files = 403773

Archives = 4709

Packed files = 11773

Identified viruses = 8

Infected files = 9

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 9

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 28

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000030 = "C:\BackUp\[NTFS]\Downloads\Grand.Theft.Auto.San.Andreas.NOCD-iND.ZIP=>Grand.Theft.Auto.San.Andreas.NOCD-iND/grand.theft.auto.san.andreas.nocd-ind.r00 Infected with: Backdoor.Hupigon.KG"

Line00000029 = "C:\BackUp\[NTFS]\Downloads\Grand.Theft.Auto.San.Andreas.NOCD-iND.ZIP=>Grand.Theft.Auto.San.Andreas.NOCD-iND/grand.theft.auto.san.andreas.nocd-ind.r00 Deleted"

Line00000028 = "C:\BackUp\[NTFS]\Downloads\Grand.Theft.Auto.San.Andreas.NOCD-iND.ZIP Updated"

Line00000027 = "C:\BackUp\[NTFS]\Filmes e Games\Neighbours from hell 2.rar=>Neighbours from hell 2.iso=>crack/game.exe Infected with: Backdoor.Generic.73200"

Line00000026 = "C:\BackUp\[NTFS]\Filmes e Games\Neighbours from hell 2.rar=>Neighbours from hell 2.iso=>crack/game.exe Deleted"

Line00000025 = "C:\BackUp\[NTFS]\Filmes e Games\Neighbours from hell 2.rar=>Neighbours from hell 2.iso Update failed"

Line00000024 = "C:\Documents and Settings\Kobber\Desktop\Downloads\Fantastic-Flame-Screensaver-v4.00.358.rar=>Fantastic-Flame-Screensaver-v4.00.358\Fantastic Flame Screensaver v4.00.358\keygen.exe Infected with: Backdoor.Hupigon.91808"

Line00000023 = "C:\Documents and Settings\Kobber\Desktop\Downloads\Fantastic-Flame-Screensaver-v4.00.358.rar=>Fantastic-Flame-Screensaver-v4.00.358\Fantastic Flame Screensaver v4.00.358\keygen.exe Deleted"

Line00000022 = "C:\Documents and Settings\Kobber\Desktop\Downloads\Fantastic-Flame-Screensaver-v4.00.358.rar Update failed"

Line00000021 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>see32.dll Detected with: Application.Generic.1379"

Line00000020 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>see32.dll Disinfection failed"

Line00000019 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>see32.dll Deleted"

Line00000018 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s) Updated"

Line00000017 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>ssys.exe Detected with: Application.Iopusstarr.A"

Line00000016 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>ssys.exe Disinfection failed"

Line00000015 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>ssys.exe Deleted"

Line00000014 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s) Updated"

Line00000013 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys.dll Detected with: Application.Iopus.Starr.Pro.Key.Logger.A"

Line00000012 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys.dll Disinfection failed"

Line00000011 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys.dll Deleted"

Line00000010 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s) Updated"

Line00000009 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys111.dll Detected with: Application.Iopus.Starr.Pro.Key.Logger.A"

Line00000008 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys111.dll Disinfection failed"

Line00000007 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys111.dll Deleted"

Line00000006 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s) Updated"

Line00000005 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys.exe Infected with: Backdoor.Visualc.1"

Line00000004 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s)=>wsys.exe Deleted"

Line00000003 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe=>(ZIP Sfx s) Updated"

Line00000002 = "C:\Documents and Settings\Kobber\Desktop\Downloads\starrpro326.rar=>starrpro326\iopus-starr-pro-setup-17280.exe Update failed"

Line00000001 = "C:\Documents and Settings\Kobber\Meus documentos\Downloads\bsplayer228.964_clip.exe Infected with: Trojan.Generic.979623"

Line00000000 = "C:\Documents and Settings\Kobber\Meus documentos\Downloads\bsplayer228.964_clip.exe Deleted"

 

 

 

Abraços

[epfernandes 0]

<!> Voçê aplicou a vacina que está no site f-secure?

 

Em tempo: apliquei sim :thumbsup:

 

Abraços

[DigRam 144]

Bom Dia! epfernandes

 

Está aparecendo uma página de emoticons

<!> Obrigado! Já removi o Link,referente ao Tuto.

--------------------------

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.