silmawiel 0 Denunciar post Postado Janeiro 5, 2009 Não sei qual o problema, gostaria que me ajudassem a identificar! Obrigada! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:05:51, on 5/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Carol e Jaime\Desktop\HiJackThis.exe C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [TABAJARA-809F1B] .vbe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968 O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5514 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 5, 2009 Olá silmawiel! Sabe algo sobre essa entrada? O4 - HKLM\..\Policies\Explorer\Run: [TABAJARA-809F1B] .vbe Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 6, 2009 Tentei pesquisar sobre ele e é um virus que tá na net desde abril do ano passado, mas não sei como tirá-lo, preciso que me ajudem! Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 7, 2009 Ta ae o que consegui! Vírus VBS/Autorun.VF Data em que surgiu: 18/04/2008 Tipo: Worm Incluído na lista "In The Wild" Sim Nível de danos: De baixo a médio Nível de distribuição: De baixo a médio Nível de risco: De baixo a médio Ficheiro estático: Não Tamanho: ~18.000 Bytes Versão IVDF: 7.00.03.188 Vulgarmente Meio de transmissão: • Unidade de rede Alias: • Mcafee: W32/Autorun.worm.cg • Kaspersky: Worm.VBS.Autorun.r • TrendMicro: VBS_AGENT.AMAF • F-Secure: Worm.VBS.Autorun.r • Sophos: VBS/Autorun-EC • Bitdefender: Worm.VBS.Autorun.D Sistemas Operativos: • Windows 98 • Windows 98 SE • Windows NT • Windows ME • Windows 2000 • Windows XP • Windows 2003 Efeitos secundários: • Acesso à disquete • Descarrega ficheiros • Altera o registo do Windows Ficheiros Autocopia-se para as seguintes localizações • %SYSDIR%\.vbe • %SYSDIR%\wbem\.vbe • %unidade%:\.vbe São criados os seguintes ficheiros: – %unidade%:\autorun.inf É um ficheiro de texto não malicioso com o seguinte conteúdo: • Registry (Registo do Windows) É adicionado o seguinte valor ao registo do Windows de forma a que o processo seja executado depois do computador ser reiniciado: – [HKLM\software\microsoft\windows\currentversion\policies\explorer\ run] • %nome do computador% = .vbe É adicionada a seguinte chave de registo: – [HKLM\software\%nome do computador%] • %dependente do sistema% O seguinte valor do registo é alterado: Desactiva o Regedit e o Gestor de Tarefas: – [HKCU\software\microsoft\windows\currentversion\explorer\advanced] Valor recente: • showsuperhidden = 0 Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 7, 2009 Olá, passei o antivirus panda online e o relatorio é este que se apresenta ai embaixo! ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2009-01-07 09:29:12 PROTECTIONS: 0 MALWARE: 7 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00055522 Eicar.Mod Virus No 0 No No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0002181.exe[eicar.html] 00055522 Eicar.Mod Virus No 0 No No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0004890.exe[eicar.html] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Carol e Jaime\Cookies\carol e jaime@atdmt[2].txt 00140033 Trj/Zapchast.I Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0002570.EXE 00140033 Trj/Zapchast.I Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0004498.EXE 00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carol e Jaime\Cookies\carol e jaime@ig.com[2].txt 00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Carol e Jaime\Cookies\carol e jaime@uol.com[1].txt 00366244 Application/NirCmd.A HackTools No 0 No No C:\Downloads\Flash_Disinfector.exe[C:\Downloads\Flash_Disinfector.exe][nircmd.exe] 00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Carol e Jaime\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9foj6znw.default\Cache\DF9A30BCd01[C:\Documents and Settings\Carol e Jaime\Configura├º├╡es locais\Dados de aplicativos\Mozilla\Firefox\Profiles\9foj6znw.default\Cache\DF9A30BCd01][nircmd.exe] 00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0001725.EXE 00509861 Hacktool/AngryScan HackTools No 1 Yes No C:\System Volume Information\_restore{93FC3F7D-921A-442C-93AD-FCCF59ED3ACC}\RP3\A0005346.EXE ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location & ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description & ;=============================================================================== ================================================================================= =================== 184380 MEDIUM MS08-002 & 184379 MEDIUM MS08-001 & 182048 HIGH MS07-069 & 182046 HIGH MS07-067 & 182043 HIGH MS07-064 & 179553 HIGH MS07-061 & 176382 HIGH MS07-057 & 176383 HIGH MS07-058 & 170911 HIGH MS07-050 & 170907 HIGH MS07-046 & 170906 HIGH MS07-045 & 170904 HIGH MS07-043 & 164915 HIGH MS07-035 & 164913 HIGH MS07-033 & 164911 HIGH MS07-031 & 160623 HIGH MS07-027 & 157262 HIGH MS07-022 & 157261 HIGH MS07-021 & 157260 HIGH MS07-020 & 157259 HIGH MS07-019 & 156477 HIGH MS07-017 & 150253 HIGH MS07-016 & 150249 HIGH MS07-013 & 150248 HIGH MS07-012 & 150247 HIGH MS07-011 & 150243 HIGH MS07-008 & 150242 HIGH MS07-007 & 150241 MEDIUM MS07-006 & 141034 HIGH MS06-076 & 141033 MEDIUM MS06-075 & 141030 HIGH MS06-072 & 137571 HIGH MS06-070 & 137568 HIGH MS06-067 & 133387 MEDIUM MS06-065 & 133386 MEDIUM MS06-064 & 133385 MEDIUM MS06-063 & 133379 HIGH MS06-057 & 131654 HIGH MS06-055 & 129977 MEDIUM MS06-053 & 129976 MEDIUM MS06-052 & 126093 HIGH MS06-051 & 126092 MEDIUM MS06-050 & 126087 HIGH MS06-046 & 126086 MEDIUM MS06-045 & 126083 HIGH MS06-042 & 126082 HIGH MS06-041 & 126081 HIGH MS06-040 & 123421 HIGH MS06-036 & 123420 HIGH MS06-035 & 120825 MEDIUM MS06-032 & 120823 MEDIUM MS06-030 & 120818 HIGH MS06-025 & 120815 HIGH MS06-022 & 120814 HIGH MS06-021 & 117384 MEDIUM MS06-018 & 114666 HIGH MS06-015 & 114664 HIGH MS06-013 & 108744 MEDIUM MS06-008 & 108743 MEDIUM MS06-007 & 108742 MEDIUM MS06-006 & 104567 HIGH MS06-002 & 104237 HIGH MS06-001 & 96574 HIGH MS05-053 & 93395 HIGH MS05-051 & 93394 HIGH MS05-050 & 93454 MEDIUM MS05-049 & ;=============================================================================== ================================================================================= =================== Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 7, 2009 Ok, baixe -> Random's System Information Tool (RSIT), de random/random Salve na sua área de trabalho. Execute o RSIT.exe, e na janela que vai abrir, clique em Continue. Quando terminar, dois blocos de notas serão abertos: log.txt -> abrirá maximizado info.txt -> abrirá minimizado. Copie o conteúdo dos arquivos info.txt e log.txt e cole na sua resposta. Uma cópia desses arquivos ficará salva na pasta C:\RSIT Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow). Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 9, 2009 Logfile of random's system information tool 1.05 (written by random/random) Run by Carol e Jaime at 2009-01-08 22:07:15 Microsoft Windows XP Professional Service Pack 2 System drive C: has 70 GB (91%) free of 76 GB Total RAM: 222 MB (12% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:08:14, on 8/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe C:\Arquivos de programas\TIM Web Banda Larga\UpdateUI.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Carol e Jaime\Desktop\RSIT.exe C:\Arquivos de programas\trend micro\Carol e Jaime.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [TABAJARA-809F1B] .vbe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968 O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102 O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5689 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-08 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMax"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160] "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "Adobe Photo Downloader"=C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344] "SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SiSRaid"=C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024] "SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-05-26 49152] "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2007-10-19 286720] "googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552] "SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-08 136600] "egui"=C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "TABAJARA-809F1B"=.vbe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-02 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DISABLETASKMGR"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=FFFFFFFF [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft" "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1" "C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206a7262-901d-11dd-8bd5-001558b1a75f}] shell\AutoRun\command - dutlff.exe shell\explore\command - dutlff.exe shell\open\command - dutlff.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592c-da65-11dd-8bf9-001558b1a75f}] shell\AutoRun\command - wscript.exe .\.vbs shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592d-da65-11dd-8bf9-001558b1a75f}] shell\AutoRun\command - wscript.exe .\.vbs shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}] shell\AutoRun\command - E:\AutoRun.exe ======File associations====== .txt - open - NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2009-01-08 22:07:20 ----DC---- C:\Arquivos de programas\trend micro 2009-01-08 22:07:15 ----DC---- C:\rsit 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\java.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-08 09:25:40 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sun 2009-01-08 09:20:50 ----DC---- C:\Arquivos de programas\ESET 2009-01-07 22:50:39 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\ESET 2009-01-07 22:48:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET 2009-01-07 21:54:29 ----DC---- C:\Arquivos de programas\AutorunRemover 2009-01-07 21:53:46 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\WinRAR 2009-01-07 21:53:13 ----DC---- C:\Arquivos de programas\WinRAR 2009-01-07 10:03:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Malwarebytes 2009-01-07 10:03:05 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2009-01-07 10:03:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2009-01-07 08:26:05 ----A---- C:\WINDOWS\system32\killVBS.vbs.txt 2009-01-07 08:24:41 ----DC---- C:\Arquivos de programas\Panda Security 2009-01-07 08:19:25 ----RASHDC---- C:\autorun.inf 2009-01-06 21:44:42 ----DC---- C:\Arquivos de programas\Java 2009-01-06 21:06:19 ----DC---- C:\Arquivos de programas\eMule 2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java 2009-01-06 21:02:17 ----DC---- C:\Arquivos de programas\LimeWire 2009-01-06 10:04:50 ----DC---- C:\Arquivos de programas\Softwin 2009-01-06 10:04:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Softwin 2009-01-06 08:41:59 ----DC---- C:\Arquivos de programas\Google 2009-01-05 08:47:02 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Mozilla 2009-01-05 08:46:44 ----DC---- C:\Arquivos de programas\Mozilla Firefox 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy) 2009-01-04 14:52:03 ----RHDC---- C:\$VAULT$.AVG 2009-01-04 12:42:34 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sony 2009-01-04 12:42:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sony 2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony Ericsson 2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony 2009-01-04 12:24:54 ----DC---- C:\Arquivos de programas\QuickTime 2009-01-04 12:24:52 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2009-01-04 12:24:27 ----DC---- C:\Arquivos de programas\Apple Software Update 2009-01-04 12:24:27 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2009-01-04 12:20:06 ----RSD---- C:\WINDOWS\assembly 2009-01-04 12:19:15 ----D---- C:\WINDOWS\Microsoft.NET 2009-01-04 12:18:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-01-04 11:52:41 ----A---- C:\WINDOWS\system32\ptpusb.dll 2009-01-04 11:52:39 ----A---- C:\WINDOWS\system32\ptpusd.dll 2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wups2.dll 2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2009-01-02 23:58:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-01-02 23:49:25 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Macromedia 2009-01-02 23:31:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2009-01-02 23:29:09 ----DC---- C:\Arquivos de programas\TIM Web Banda Larga 2008-12-15 20:25:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Ahead ======List of files/folders modified in the last 1 months====== 2009-01-08 22:07:24 ----D---- C:\WINDOWS\Temp 2009-01-08 22:07:20 ----RDC---- C:\Arquivos de programas 2009-01-08 22:07:16 ----D---- C:\WINDOWS\Prefetch 2009-01-08 21:29:36 ----D---- C:\WINDOWS 2009-01-08 21:28:09 ----D---- C:\WINDOWS\system32\config 2009-01-08 10:41:52 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-08 09:34:45 ----D---- C:\WINDOWS\system32 2009-01-08 09:34:16 ----SHD---- C:\WINDOWS\Installer 2009-01-08 09:22:15 ----HD---- C:\WINDOWS\inf 2009-01-08 09:22:15 ----D---- C:\WINDOWS\system32\drivers 2009-01-08 09:21:52 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-07 21:55:38 ----DC---- C:\Downloads 2009-01-07 08:18:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy 2009-01-07 08:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns 2009-01-06 10:03:46 ----D---- C:\WINDOWS\system 2009-01-06 10:03:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg7 2009-01-06 10:02:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\AVG7 2009-01-04 18:52:18 ----D---- C:\WINDOWS\system32\wbem 2009-01-04 12:41:10 ----SD---- C:\WINDOWS\Tasks 2009-01-04 12:26:07 ----D---- C:\WINDOWS\WinSxS 2009-01-04 12:23:31 ----D---- C:\WINDOWS\system32\mui 2009-01-04 12:22:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-04 12:19:51 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-04 12:19:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2009-01-04 12:19:21 ----D---- C:\Arquivos de programas\Internet Explorer 2009-01-04 12:18:22 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-03 00:13:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 2009-01-02 23:58:32 ----D---- C:\WINDOWS\SoftwareDistribution 2009-01-02 23:58:29 ----D---- C:\WINDOWS\Help 2009-01-02 23:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-02 23:49:24 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Adobe 2009-01-02 23:47:36 ----SD---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240] R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704] R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 BDFsDrv;BDFsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys [] S3 BDRsDrv;BDRsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys [] S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 Iprip;RIP de escuta; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-08 152984] R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 SimpTcp;Serviços TCP/IP simples; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-28 19456] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EhttpSrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200] S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 p2psvc;Configuração de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2009-01-08 22:08:18 ======Uninstall list====== -->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Autorun Virus Remover 2.3-->"C:\Arquivos de programas\AutorunRemover\unins000.exe" eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe" ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C} Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Carol e Jaime\Desktop\HijackThis.exe" /uninstall Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.5)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4} Panda ActiveScan 2.0-->C:\Arquivos de programas\Panda Security\ActiveScan 2.0\as2uninst.exe PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe" QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf SiSAGP driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x416 SiSRaidPackage-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x416 Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{BB1BD1D9-EF9A-404F-B360-E3C379A82A8E} SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly TIM Web Banda Larga-->C:\Arquivos de programas\TIM Web Banda Larga\uninst.exe Ulead Video ToolBox Basic-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x416 Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: ESET Smart Security 3.0 FW: ESET Personal firewall System event log Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Compatibilidade com 'Troca rápida de usuário' entrou no estado executando. Record Number: 5 Source Name: Service Control Manager Time Written: 20090108212936.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 7035 Message: O serviço Compatibilidade com 'Troca rápida de usuário' recebeu com êxito um controle Iniciar. Record Number: 4 Source Name: Service Control Manager Time Written: 20090108212936.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Serviços de terminal entrou no estado executando. Record Number: 3 Source Name: Service Control Manager Time Written: 20090108212936.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 3100 Message: O driver Microsoft IPv6 Developer Edition foi iniciado. Record Number: 2 Source Name: Tcpip6 Time Written: 20090108212829.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 10 Message: A unidade não mostrou oferecer suporte à reprodução de áudio digital. Record Number: 1 Source Name: redbook Time Written: 20090108212829.000000-120 Event Type: Informações User: Application event log Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 5 Source Name: LoadPerf Time Written: 20080926161457.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 4 Source Name: LoadPerf Time Written: 20080926161454.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 3 Source Name: LoadPerf Time Written: 20080926161225.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 2 Source Name: LoadPerf Time Written: 20080926161201.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 1 Source Name: LoadPerf Time Written: 20080926161200.000000-180 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG;C:\Arquivos de programas\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Arquivos de programas\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 9, 2009 Olá, o log mostrou que está infectada com vírus de pendrive. Uma das melhores formas para se proteger do vírus de pendrive é desativar o Auto-executar do Windows, pois o malware tem um arquivo chamado autorun.inf que faz o programa malicioso ser executado, ao conectar o drive removível ao PC. Siga estas instruções: Vá em Iniciar > Executar > digite: gpedit.msc Diretiva Computador Local > Configurações do Computador > Modelos Administrativos > Clique uma vez em Sistema No painel direito dê um duplo-clique em Desativar Auto-Executar Marque Ativado > selecione Todas as unidades > Ok Assim, você não será infectada automaticamente, ao conectar o drive infectado. Conecte os seus drives removíveis e formate-os. Selecione e copie o conteúdo do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve com o nome de fix.reg. Salvar com o tipo: todos os arquivos. Salve na área de trabalho. OBS: é importante que coloque o .reg (ponto reg) após o fix. O arquivo deverá ficar com este ícone de Entradas de registro REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "TABAJARA-809F1B"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206a7262-901d-11dd-8bd5-001558b1a75f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592c-da65-11dd-8bf9-001558b1a75f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff1592d-da65-11dd-8bf9-001558b1a75f}] Configure o Windows para mostrar todos os arquivos Baixe: HostsXpert KillBox Salve ou imprima estas instruções: 1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete: C:\WINDOWS\system32\killVBS.vbs.txt Clique no botão . Responda Sim à pergunta. Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro. 2 - Dê um duplo-clique no fix.reg. Aceite a incorporação ao registro. 3 - Abra o HostsXpert. Clique em Restore Microsoft's Hosts File. Clique em OK, feche o programa. 4 - Localize o arquivo em negrito e delete-o: C:\autorun.inf <<< aqui 5 - Reinicie o PC normalmente. Rode novamente o RSIT e poste os novos logs. Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 10, 2009 3 - Abra o HostsXpert. Clique em Restore Microsoft's Hosts File. Clique em OK, feche o programa. Apareceu esse erro após clicar em OK: ERROR: Cannot creatr file C:\WINDOWS\SYSTEM32\DRIVERS\ECT\hosts Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 10, 2009 Ok, prossiga com as instruções e veremos isso depois. Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 12, 2009 O problema é que não encontro o arquivo que você pediu! Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 12, 2009 O problema é que nao acho o arquivo que é pra deletar! passei o rsit novamente e ta ae o log. Logfile of random's system information tool 1.05 (written by random/random) Run by Carol e Jaime at 2009-01-12 16:35:06 Microsoft Windows XP Professional Service Pack 2 System drive C: has 70 GB (91%) free of 76 GB Total RAM: 1246 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:20, on 12/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Arquivos de programas\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\sistray.exe C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Carol e Jaime\Desktop\RSIT.exe C:\Arquivos de programas\trend micro\Carol e Jaime.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968 O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102 O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5571 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-08 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMax"=C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160] "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "Adobe Photo Downloader"=C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344] "SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SiSRaid"=C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024] "SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-05-26 49152] "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2007-10-19 286720] "googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552] "SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-08 136600] "egui"=C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-02 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DISABLETASKMGR"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=36 "NoDriveAutoRun"=FFFFFFFF [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft" "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1" "C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}] shell\AutoRun\command - E:\AutoRun.exe ======File associations====== .txt - open - NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2009-01-09 22:36:21 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-09 22:32:30 ----DC---- C:\!KillBox 2009-01-09 22:24:26 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-01-09 07:51:33 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-01-08 22:07:20 ----DC---- C:\Arquivos de programas\trend micro 2009-01-08 22:07:15 ----DC---- C:\rsit 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\java.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-08 09:25:40 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sun 2009-01-08 09:20:50 ----DC---- C:\Arquivos de programas\ESET 2009-01-07 22:50:39 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\ESET 2009-01-07 22:48:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET 2009-01-07 21:54:29 ----DC---- C:\Arquivos de programas\AutorunRemover 2009-01-07 21:53:46 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\WinRAR 2009-01-07 21:53:13 ----DC---- C:\Arquivos de programas\WinRAR 2009-01-07 10:03:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Malwarebytes 2009-01-07 10:03:05 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware 2009-01-07 10:03:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2009-01-07 08:24:41 ----DC---- C:\Arquivos de programas\Panda Security 2009-01-07 08:19:25 ----RASHDC---- C:\autorun.inf 2009-01-06 21:44:42 ----DC---- C:\Arquivos de programas\Java 2009-01-06 21:06:19 ----DC---- C:\Arquivos de programas\eMule 2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java 2009-01-06 21:02:17 ----DC---- C:\Arquivos de programas\LimeWire 2009-01-06 10:04:50 ----DC---- C:\Arquivos de programas\Softwin 2009-01-06 10:04:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Softwin 2009-01-06 08:41:59 ----DC---- C:\Arquivos de programas\Google 2009-01-05 08:47:02 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Mozilla 2009-01-05 08:46:44 ----DC---- C:\Arquivos de programas\Mozilla Firefox 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy) 2009-01-04 14:52:03 ----RHDC---- C:\$VAULT$.AVG 2009-01-04 12:42:34 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sony 2009-01-04 12:42:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sony 2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony Ericsson 2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony 2009-01-04 12:24:54 ----DC---- C:\Arquivos de programas\QuickTime 2009-01-04 12:24:52 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2009-01-04 12:24:27 ----DC---- C:\Arquivos de programas\Apple Software Update 2009-01-04 12:24:27 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2009-01-04 12:20:06 ----RSD---- C:\WINDOWS\assembly 2009-01-04 12:19:15 ----D---- C:\WINDOWS\Microsoft.NET 2009-01-04 12:18:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-01-04 11:52:41 ----A---- C:\WINDOWS\system32\ptpusb.dll 2009-01-04 11:52:39 ----A---- C:\WINDOWS\system32\ptpusd.dll 2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wups2.dll 2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2009-01-02 23:58:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-01-02 23:49:25 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Macromedia 2009-01-02 23:31:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2009-01-02 23:29:09 ----DC---- C:\Arquivos de programas\TIM Web Banda Larga 2008-12-15 20:25:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Ahead ======List of files/folders modified in the last 1 months====== 2009-01-12 16:35:13 ----D---- C:\WINDOWS\Temp 2009-01-12 16:29:12 ----D---- C:\WINDOWS\system32\config 2009-01-12 16:18:50 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-10 23:51:38 ----D---- C:\WINDOWS\Prefetch 2009-01-09 22:36:21 ----D---- C:\WINDOWS 2009-01-09 22:36:10 ----D---- C:\WINDOWS\system32 2009-01-09 07:49:41 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-08 22:07:20 ----RDC---- C:\Arquivos de programas 2009-01-08 09:35:20 ----SHD---- C:\WINDOWS\Installer 2009-01-08 09:22:15 ----HD---- C:\WINDOWS\inf 2009-01-08 09:22:15 ----D---- C:\WINDOWS\system32\drivers 2009-01-07 21:55:38 ----DC---- C:\Downloads 2009-01-07 08:18:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy 2009-01-07 08:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns 2009-01-06 10:03:46 ----D---- C:\WINDOWS\system 2009-01-06 10:03:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg7 2009-01-06 10:02:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\AVG7 2009-01-04 18:52:18 ----D---- C:\WINDOWS\system32\wbem 2009-01-04 12:41:10 ----SD---- C:\WINDOWS\Tasks 2009-01-04 12:26:07 ----D---- C:\WINDOWS\WinSxS 2009-01-04 12:23:31 ----D---- C:\WINDOWS\system32\mui 2009-01-04 12:22:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-04 12:19:51 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-04 12:19:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2009-01-04 12:19:21 ----D---- C:\Arquivos de programas\Internet Explorer 2009-01-04 12:18:22 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-03 00:13:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 2009-01-02 23:58:32 ----D---- C:\WINDOWS\SoftwareDistribution 2009-01-02 23:58:29 ----D---- C:\WINDOWS\Help 2009-01-02 23:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-02 23:49:24 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Adobe 2009-01-02 23:47:36 ----SD---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240] R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704] R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 BDFsDrv;BDFsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys [] S3 BDRsDrv;BDRsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys [] S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 Iprip;RIP de escuta; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-08 152984] R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 SimpTcp;Serviços TCP/IP simples; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-28 19456] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EhttpSrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200] S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 p2psvc;Configuração de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 13, 2009 Ok, baixe: ComboFix > salve na área de trabalho Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado. O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N". Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta. OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s) O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares. Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 14, 2009 ComboFix 09-01-13.04 - Carol e Jaime 2009-01-14 14:48:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1246.868 [GMT -2:00] Executando de: c:\documents and settings\Carol e Jaime\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) FW: ESET Personal firewall *disabled* * Criado um novo ponto de restauro * Resident AV is active . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip (((((((((((((((( Arquivos/Ficheiros criados de 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))) . 2009-01-13 22:31 . 2009-01-13 22:32 <DIR> d----c--- c:\arquivos de programas\DivX 2009-01-13 22:30 . 2009-01-13 22:30 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Apple Computer 2009-01-13 21:54 . 2009-01-13 21:55 <DIR> d----c--- c:\arquivos de programas\Safari 2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2009-01-13 21:24 . 2009-01-13 21:25 <DIR> d----c--- c:\arquivos de programas\QuickTime 2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Apple 2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d----c--- c:\arquivos de programas\Apple Software Update 2009-01-09 22:32 . 2009-01-12 16:23 <DIR> d----c--- C:\!KillBox 2009-01-09 22:24 . 2009-01-09 22:24 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-01-08 22:07 . 2009-01-08 22:08 <DIR> d----c--- C:\rsit 2009-01-08 22:07 . 2009-01-12 16:35 <DIR> d----c--- c:\arquivos de programas\trend micro 2009-01-08 10:34 . 2009-01-08 10:34 <DIR> d---s---- c:\documents and settings\Carol e Jaime\UserData 2009-01-08 09:34 . 2009-01-08 09:34 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-08 09:20 . 2009-01-08 09:20 <DIR> d----c--- c:\arquivos de programas\ESET 2009-01-07 22:50 . 2009-01-07 22:50 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\ESET 2009-01-07 22:48 . 2009-01-08 08:53 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET 2009-01-07 21:54 . 2009-01-09 08:18 <DIR> d----c--- c:\arquivos de programas\AutorunRemover 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Malwarebytes 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d----c--- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-01-07 10:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-07 10:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-07 08:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-01-07 08:24 . 2009-01-07 08:24 <DIR> d----c--- c:\arquivos de programas\Panda Security 2009-01-06 21:45 . 2009-01-08 09:34 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-06 21:44 . 2009-01-08 09:34 <DIR> d----c--- c:\arquivos de programas\Java 2009-01-06 21:06 . 2009-01-06 22:04 <DIR> d----c--- c:\arquivos de programas\eMule 2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java 2009-01-06 21:02 . 2009-01-06 21:02 <DIR> d----c--- c:\arquivos de programas\LimeWire 2009-01-06 10:10 . 2009-01-07 08:00 81,984 --a------ c:\windows\system32\bdod.bin 2009-01-06 10:04 . 2009-01-06 10:04 <DIR> d----c--- c:\arquivos de programas\Softwin 2009-01-06 10:04 . 2009-01-07 07:08 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin 2009-01-06 08:41 . 2009-01-06 08:42 <DIR> d----c--- c:\arquivos de programas\Google 2009-01-05 08:47 . 2009-01-05 08:47 0 --a------ c:\windows\nsreg.dat 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy) 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy) 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy) 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy) 2009-01-04 14:52 . 2009-01-05 22:02 <DIR> dr-h-c--- C:\$VAULT$.AVG 2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Sony 2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony 2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony Ericsson 2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony 2009-01-04 11:52 . 2004-08-04 00:45 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-04 11:52 . 2001-09-05 23:50 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-01-02 23:58 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll 2009-01-02 23:58 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui 2009-01-02 23:58 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui 2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-02 23:29 . 2009-01-02 23:35 <DIR> d----c--- c:\arquivos de programas\TIM Web Banda Larga 2009-01-02 23:29 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys 2009-01-02 23:29 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys 2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Ahead . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-07 10:18 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-01-06 12:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7 2009-01-06 12:02 --------- d-----w c:\documents and settings\Convidado\Dados de aplicativos\AVG7 2009-01-06 12:02 --------- d-----w c:\documents and settings\Carol e Jaime\Dados de aplicativos\AVG7 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll 2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-12-03 11:41 --------- d-----w c:\documents and settings\Carol e Jaime\Dados de aplicativos\AdobeUM 2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-11-06 16:37 129,784 ------w c:\windows\system32\pxafs.dll 2008-11-06 16:37 120,056 ------w c:\windows\system32\pxcpyi64.exe 2008-11-06 16:37 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll 2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:12 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SiSRaid"="c:\arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-03-01 897024] "googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-08 136600] "egui"="c:\arquivos de programas\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264] "QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2008-09-06 413696] "SiSPower"="SiSPower.dll" [2005-05-26 c:\windows\system32\SiSPower.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-21 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-10-05 266240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\mpegacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Arquivos de programas\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Agrupamento de Mesmo Nível do Windows "3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-07 28544] R4 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}] \Shell\AutoRun\command - E:\AutoRun.exe . Conteúdo da pasta 'Tarefas Agendadas' 2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Scan Suplementar ------- . IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Carol e Jaime\Dados de aplicativos\Mozilla\Firefox\Profiles\9foj6znw.default\ FF - plugin: c:\arquivos de programas\Microsoft Silverlight\npctrl.1.0.20926.0.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 14:50:59 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\tcpsvcs.exe c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe . ************************************************************************** . Tempo para conclusão: 2009-01-14 14:52:57 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-01-14 16:52:55 Pré-execução: 13 pasta(s) 72.328.290.304 bytes disponíveis Pós execução: 13 pasta(s) 72,579,530,752 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin 206 Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 15, 2009 Olá, o ComboFix removeu um serviço e o autorun.inf não apreceu no log. Poste um novo log do RSIT. Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 25, 2009 Desculpe por ter demorado a responder, tava sem tempo! Logfile of random's system information tool 1.05 (written by random/random) Run by Carol e Jaime at 2009-01-25 13:39:18 Microsoft Windows XP Professional Service Pack 2 System drive C: has 68 GB (90%) free of 76 GB Total RAM: 1246 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:39:26, on 25/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\sistray.exe C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Opera\opera.exe C:\Documents and Settings\Carol e Jaime\Desktop\RSIT.exe C:\Arquivos de programas\trend micro\Carol e Jaime.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968 O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102 O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4969 bytes info.txt logfile of random's system information tool 1.05 2009-01-25 13:39:28 ======Uninstall list====== -->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf DivX Codec-->C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Arquivos de programas\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dziobas Rar Player 0.009.38-->"C:\Arquivos de programas\Dziobas Rar Player\unins000.exe" ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C} Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe" HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall InternetTV 7.13-->"C:\Arquivos de programas\MMToolz\InternetTV\unins000.exe" Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4} Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143} PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe" QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf SiSAGP driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x416 SiSRaidPackage-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x416 Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{BB1BD1D9-EF9A-404F-B360-E3C379A82A8E} SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly TIM Web Banda Larga-->C:\Arquivos de programas\TIM Web Banda Larga\uninst.exe Ulead Video ToolBox Basic-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x416 VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" ======Security center information====== AV: ESET Smart Security 3.0 FW: ESET Personal firewall System event log Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Reconhecimento de local da rede (NLA) entrou no estado executando. Record Number: 5 Source Name: Service Control Manager Time Written: 20090125124229.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Serviço de descoberta SSDP entrou no estado executando. Record Number: 4 Source Name: Service Control Manager Time Written: 20090125124229.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Compatibilidade com 'Troca rápida de usuário' entrou no estado executando. Record Number: 3 Source Name: Service Control Manager Time Written: 20090125124229.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 7035 Message: O serviço Compatibilidade com 'Troca rápida de usuário' recebeu com êxito um controle Iniciar. Record Number: 2 Source Name: Service Control Manager Time Written: 20090125124229.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Serviços de terminal entrou no estado executando. Record Number: 1 Source Name: Service Control Manager Time Written: 20090125124229.000000-120 Event Type: Informações User: Application event log Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 5 Source Name: LoadPerf Time Written: 20080926161457.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 4 Source Name: LoadPerf Time Written: 20080926161454.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 3 Source Name: LoadPerf Time Written: 20080926161225.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 2 Source Name: LoadPerf Time Written: 20080926161201.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 1 Source Name: LoadPerf Time Written: 20080926161200.000000-180 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 27, 2009 Olá, o log do RSIT está incompleto. Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 28, 2009 Logfile of random's system information tool 1.05 (written by random/random) Run by Carol e Jaime at 2009-01-28 20:56:31 Microsoft Windows XP Professional Service Pack 2 System drive C: has 68 GB (89%) free of 76 GB Total RAM: 1246 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:56:41, on 28/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Opera\opera.exe C:\Downloads\Antivirus\RSIT.exe C:\Arquivos de programas\trend micro\Carol e Jaime.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [siSRaid] C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mobile Partner] "C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230947774968 O17 - HKLM\System\CCS\Services\Tcpip\..\{990BD5DB-51C9-436E-946A-0866F5A0F7D4}: NameServer = 189.40.224.5 10.223.246.102 O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5407 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-26 304736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-08 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SiSRaid"=C:\Arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024] "SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2005-05-26 49152] "googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552] "SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-01-08 136600] "egui"=C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264] "QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2008-09-06 413696] "TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2009-01-26 185872] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "Mobile Partner"=C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe [2009-01-02 110592] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-02 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDriveAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft" "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1" "C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}] shell\AutoRun\command - E:\AutoRun.exe ======File associations====== .txt - open - NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2009-01-28 20:56:31 ----DC---- C:\rsit 2009-01-26 16:55:12 ----D---- C:\Arquivos de programas\Arquivos comuns\xing shared 2009-01-26 16:55:07 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2009-01-26 16:55:01 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-01-26 16:55:01 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-01-26 16:55:00 ----DC---- C:\Program Files 2009-01-26 16:55:00 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-01-26 16:54:59 ----D---- C:\Arquivos de programas\Arquivos comuns\Real 2009-01-26 16:54:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Real 2009-01-25 14:52:51 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\BSplayer PRO 2009-01-25 14:52:45 ----DC---- C:\Arquivos de programas\Webteh 2009-01-25 14:49:00 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\VitySoft 2009-01-25 11:10:37 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Opera 2009-01-25 11:10:27 ----DC---- C:\Arquivos de programas\Opera 2009-01-18 08:51:11 ----D---- C:\WINDOWS\Minidump 2009-01-15 22:44:57 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\MMToolz 2009-01-15 22:44:20 ----DC---- C:\Arquivos de programas\MMToolz 2009-01-15 21:01:11 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\DivX 2009-01-15 15:38:03 ----DC---- C:\Arquivos de programas\Dziobas Rar Player 2009-01-15 15:24:07 ----D---- C:\WINDOWS\system32\appmgmt 2009-01-14 15:05:57 ----SHDC---- C:\RECYCLER 2009-01-14 14:45:47 ----RASHDC---- C:\cmdcons 2009-01-14 14:37:31 ----A---- C:\WINDOWS\zip.exe 2009-01-14 14:37:31 ----A---- C:\WINDOWS\VFIND.exe 2009-01-14 14:37:31 ----A---- C:\WINDOWS\SWREG.exe 2009-01-14 14:37:31 ----A---- C:\WINDOWS\sed.exe 2009-01-14 14:37:31 ----A---- C:\WINDOWS\NIRCMD.exe 2009-01-14 14:37:31 ----A---- C:\WINDOWS\grep.exe 2009-01-14 14:37:31 ----A---- C:\WINDOWS\fdsv.exe 2009-01-14 14:37:30 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-01-14 14:37:30 ----A---- C:\WINDOWS\SWSC.exe 2009-01-14 14:37:23 ----D---- C:\WINDOWS\ERDNT 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-01-13 22:32:30 ----N---- C:\WINDOWS\system32\px.dll 2009-01-13 22:31:57 ----DC---- C:\Arquivos de programas\DivX 2009-01-13 22:30:55 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Apple Computer 2009-01-13 21:24:51 ----D---- C:\Arquivos de programas\Arquivos comuns\Apple 2009-01-13 21:24:46 ----DC---- C:\Arquivos de programas\QuickTime 2009-01-13 21:24:45 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer 2009-01-13 20:43:36 ----DC---- C:\Arquivos de programas\Apple Software Update 2009-01-13 20:43:36 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple 2009-01-09 22:36:21 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-09 22:24:26 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-01-09 07:51:33 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-01-08 22:07:20 ----DC---- C:\Arquivos de programas\trend micro 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\java.exe 2009-01-08 09:34:45 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-08 09:25:40 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sun 2009-01-08 09:20:50 ----DC---- C:\Arquivos de programas\ESET 2009-01-07 22:50:39 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\ESET 2009-01-07 22:48:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ESET 2009-01-07 21:54:29 ----DC---- C:\Arquivos de programas\AutorunRemover 2009-01-07 21:53:46 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\WinRAR 2009-01-07 21:53:13 ----DC---- C:\Arquivos de programas\WinRAR 2009-01-07 10:03:13 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Malwarebytes 2009-01-07 10:03:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2009-01-07 08:24:41 ----DC---- C:\Arquivos de programas\Panda Security 2009-01-07 08:19:25 ----RASHDC---- C:\autorun.inf 2009-01-06 21:44:42 ----DC---- C:\Arquivos de programas\Java 2009-01-06 21:06:19 ----DC---- C:\Arquivos de programas\eMule 2009-01-06 21:04:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java 2009-01-06 21:02:17 ----DC---- C:\Arquivos de programas\LimeWire 2009-01-06 10:04:50 ----DC---- C:\Arquivos de programas\Softwin 2009-01-06 10:04:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Softwin 2009-01-06 08:41:59 ----DC---- C:\Arquivos de programas\Google 2009-01-05 08:47:02 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Mozilla 2009-01-05 08:46:44 ----DC---- C:\Arquivos de programas\Mozilla Firefox 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy) 2009-01-04 19:23:12 ----DC---- C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy) 2009-01-04 12:42:34 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Sony 2009-01-04 12:42:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sony 2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony Ericsson 2009-01-04 12:26:08 ----DC---- C:\Arquivos de programas\Sony 2009-01-04 12:20:06 ----RSD---- C:\WINDOWS\assembly 2009-01-04 12:19:15 ----D---- C:\WINDOWS\Microsoft.NET 2009-01-04 12:18:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-01-04 11:52:41 ----A---- C:\WINDOWS\system32\ptpusb.dll 2009-01-04 11:52:39 ----A---- C:\WINDOWS\system32\ptpusd.dll 2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wups2.dll 2009-01-02 23:58:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2009-01-02 23:58:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2009-01-02 23:58:25 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-01-02 23:49:25 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Macromedia 2009-01-02 23:31:19 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2009-01-02 23:29:09 ----DC---- C:\Arquivos de programas\TIM Web Banda Larga ======List of files/folders modified in the last 1 months====== 2009-01-28 20:56:39 ----D---- C:\WINDOWS\Prefetch 2009-01-28 20:55:08 ----D---- C:\WINDOWS\Temp 2009-01-28 20:08:43 ----D---- C:\WINDOWS\system32\config 2009-01-28 05:56:27 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-26 16:55:12 ----D---- C:\Arquivos de programas\Arquivos comuns 2009-01-26 16:55:07 ----D---- C:\WINDOWS\system32 2009-01-26 16:55:00 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-01-26 16:55:00 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-01-26 16:39:41 ----DC---- C:\Downloads 2009-01-25 15:14:34 ----D---- C:\WINDOWS 2009-01-25 14:52:45 ----RDC---- C:\Arquivos de programas 2009-01-25 11:10:37 ----SHD---- C:\WINDOWS\Installer 2009-01-15 15:25:06 ----D---- C:\WINDOWS\system32\drivers 2009-01-15 15:24:05 ----DC---- C:\Arquivos de programas\Adobe 2009-01-14 14:51:48 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-14 14:51:02 ----AC---- C:\WINDOWS\system.ini 2009-01-14 14:48:38 ----D---- C:\WINDOWS\AppPatch 2009-01-14 14:45:51 ----RASHC---- C:\boot.ini 2009-01-13 20:43:38 ----SD---- C:\WINDOWS\Tasks 2009-01-08 09:22:15 ----HD---- C:\WINDOWS\inf 2009-01-07 08:18:51 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy 2009-01-07 08:18:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-06 10:03:46 ----D---- C:\WINDOWS\system 2009-01-06 10:03:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg7 2009-01-06 10:02:58 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\AVG7 2009-01-04 18:52:18 ----D---- C:\WINDOWS\system32\wbem 2009-01-04 12:26:07 ----D---- C:\WINDOWS\WinSxS 2009-01-04 12:23:31 ----D---- C:\WINDOWS\system32\mui 2009-01-04 12:22:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-04 12:19:51 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-04 12:19:29 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2009-01-04 12:19:21 ----D---- C:\Arquivos de programas\Internet Explorer 2009-01-04 12:18:22 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-03 00:13:27 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft 2009-01-02 23:58:32 ----D---- C:\WINDOWS\SoftwareDistribution 2009-01-02 23:58:29 ----D---- C:\WINDOWS\Help 2009-01-02 23:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-02 23:49:24 ----D---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Adobe 2009-01-02 23:47:36 ----SD---- C:\Documents and Settings\Carol e Jaime\Dados de aplicativos\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904] R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240] R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101120] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704] R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 BDFsDrv;BDFsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys [] S3 BDRsDrv;BDRsDrv; \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-09-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-09-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-08 152984] R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 SimpTcp;Serviços TCP/IP simples; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-28 19456] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 EHttpSrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200] S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 p2psvc;Configuração de rede ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2009-01-28 20:56:43 ======Uninstall list====== -->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x416 -uninst -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf BS.Player PRO-->"C:\Arquivos de programas\Webteh\BSplayerPro\uninstall.exe" DivX Codec-->C:\Arquivos de programas\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Arquivos de programas\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Arquivos de programas\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Arquivos de programas\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dziobas Rar Player 0.009.38-->"C:\Arquivos de programas\Dziobas Rar Player\unins000.exe" ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C} Google Talk (remove only)-->"C:\Arquivos de programas\Google\Google Talk\uninstall.exe" HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall InternetTV 7.13-->"C:\Arquivos de programas\MMToolz\InternetTV\unins000.exe" Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office XP Professional com FrontPage-->MsiExec.exe /I{90280416-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{DAB6053F-4CF0-4B97-8EAC-89073F4B9BC4} Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143} PhotoFiltre-->"C:\Arquivos de programas\PhotoFiltre\Uninst.exe" QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf SiSAGP driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x416 SiSRaidPackage-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x416 Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{BB1BD1D9-EF9A-404F-B360-E3C379A82A8E} SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly TIM Web Banda Larga-->C:\Arquivos de programas\TIM Web Banda Larga\uninst.exe Ulead Video ToolBox Basic-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x416 VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" ======Security center information====== AV: ESET Smart Security 3.0 FW: ESET Personal firewall System event log Computer Name: TABAJARA-809F1B Event Code: 7035 Message: O serviço Adaptador de desempenho WMI recebeu com êxito um controle Iniciar. Record Number: 5 Source Name: Service Control Manager Time Written: 20090128200847.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando. Record Number: 4 Source Name: Service Control Manager Time Written: 20090128200845.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 7035 Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar. Record Number: 3 Source Name: Service Control Manager Time Written: 20090128200845.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: TABAJARA-809F1B Event Code: 7036 Message: O serviço Serviço 'Gateway de camada de aplicativo' entrou no estado executando. Record Number: 2 Source Name: Service Control Manager Time Written: 20090128200843.000000-120 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 7035 Message: O serviço Serviço 'Gateway de camada de aplicativo' recebeu com êxito um controle Iniciar. Record Number: 1 Source Name: Service Control Manager Time Written: 20090128200843.000000-120 Event Type: Informações User: AUTORIDADE NT\SYSTEM Application event log Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 5 Source Name: LoadPerf Time Written: 20080926161457.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 4 Source Name: LoadPerf Time Written: 20080926161454.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 3 Source Name: LoadPerf Time Written: 20080926161225.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 2 Source Name: LoadPerf Time Written: 20080926161201.000000-180 Event Type: Informações User: Computer Name: TABAJARA-809F1B Event Code: 1000 Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito. A página 'Registrar dados' contém os novos valores de índice atribuídos ao serviço. Record Number: 1 Source Name: LoadPerf Time Written: 20080926161200.000000-180 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Ulead Systems\MPEG;C:\Arquivos de programas\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Arquivos de programas\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Arquivos de programas\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Janeiro 29, 2009 Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Folder::C:\autorun.inf Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes. Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s) Poste o novo log do ComboFix. Compartilhar este post Link para o post Compartilhar em outros sites
silmawiel 0 Denunciar post Postado Janeiro 30, 2009 ComboFix 09-01-21.04 - Carol e Jaime 2009-01-30 20:03:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1246.899 [GMT -2:00] Executando de: c:\documents and settings\Carol e Jaime\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Carol e Jaime\Desktop\CFScript.txt * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\autorun.inf\lpt3.This folder was created by Flash_Disinfector . (((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))) . 2009-01-30 19:49 . 2009-01-30 19:59 <DIR> d-------- c:\windows\LastGood 2009-01-28 20:56 . 2009-01-28 20:56 <DIR> d----c--- C:\rsit 2009-01-26 16:55 . 2009-01-26 16:55 <DIR> d----c--- C:\Program Files 2009-01-26 16:55 . 2009-01-26 16:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\xing shared 2009-01-26 16:54 . 2009-01-26 16:55 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Real 2009-01-25 14:52 . 2009-01-25 15:08 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\BSplayer PRO 2009-01-25 14:52 . 2009-01-25 14:52 <DIR> d----c--- c:\arquivos de programas\Webteh 2009-01-25 14:49 . 2009-01-25 14:49 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\VitySoft 2009-01-25 11:10 . 2009-01-25 11:10 <DIR> d----c--- c:\arquivos de programas\Opera 2009-01-15 22:44 . 2009-01-15 22:44 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\MMToolz 2009-01-15 22:44 . 2009-01-15 22:44 <DIR> d----c--- c:\arquivos de programas\MMToolz 2009-01-15 21:01 . 2009-01-15 21:01 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\DivX 2009-01-15 15:38 . 2009-01-15 15:46 <DIR> d----c--- c:\arquivos de programas\Dziobas Rar Player 2009-01-13 22:31 . 2009-01-13 22:32 <DIR> d----c--- c:\arquivos de programas\DivX 2009-01-13 22:30 . 2009-01-26 16:36 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Apple Computer 2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2009-01-13 21:24 . 2009-01-13 21:25 <DIR> d----c--- c:\arquivos de programas\QuickTime 2009-01-13 21:24 . 2009-01-13 21:24 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Apple 2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-01-13 20:43 . 2009-01-13 20:43 <DIR> d----c--- c:\arquivos de programas\Apple Software Update 2009-01-09 22:24 . 2009-01-09 22:24 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-01-08 22:07 . 2009-01-28 20:56 <DIR> d----c--- c:\arquivos de programas\trend micro 2009-01-08 10:34 . 2009-01-08 10:34 <DIR> d---s---- c:\documents and settings\Carol e Jaime\UserData 2009-01-08 09:34 . 2009-01-08 09:34 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-07 22:50 . 2009-01-07 22:50 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\ESET 2009-01-07 22:48 . 2009-01-08 08:53 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET 2009-01-07 21:54 . 2009-01-09 08:18 <DIR> d----c--- c:\arquivos de programas\AutorunRemover 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Malwarebytes 2009-01-07 10:03 . 2009-01-07 10:03 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-01-07 08:24 . 2009-01-15 15:25 <DIR> d----c--- c:\arquivos de programas\Panda Security 2009-01-06 21:45 . 2009-01-08 09:34 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-06 21:44 . 2009-01-08 09:34 <DIR> d----c--- c:\arquivos de programas\Java 2009-01-06 21:06 . 2009-01-15 15:24 <DIR> d----c--- c:\arquivos de programas\eMule 2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java 2009-01-06 21:02 . 2009-01-06 21:02 <DIR> d----c--- c:\arquivos de programas\LimeWire 2009-01-06 10:10 . 2009-01-07 08:00 81,984 --a------ c:\windows\system32\bdod.bin 2009-01-06 10:04 . 2009-01-06 10:04 <DIR> d----c--- c:\arquivos de programas\Softwin 2009-01-06 10:04 . 2009-01-07 07:08 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Softwin 2009-01-06 08:41 . 2009-01-06 08:42 <DIR> d----c--- c:\arquivos de programas\Google 2009-01-05 08:47 . 2009-01-05 08:47 0 --a------ c:\windows\nsreg.dat 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy) 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy) 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy) 2009-01-04 19:23 . 2009-01-04 19:23 <DIR> d----c--- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy) 2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Sony 2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sony 2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony Ericsson 2009-01-04 12:26 . 2009-01-04 12:26 <DIR> d----c--- c:\arquivos de programas\Sony 2009-01-04 11:52 . 2004-08-04 00:45 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-04 11:52 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-04 11:52 . 2001-09-05 23:50 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-01-02 23:58 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll 2009-01-02 23:58 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-01-02 23:58 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui 2009-01-02 23:58 . 2008-10-16 14:07 18,968 --a------ c:\windows\system32\wuaueng.dll.mui 2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-02 23:30 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-02 23:29 . 2009-01-02 23:35 <DIR> d----c--- c:\arquivos de programas\TIM Web Banda Larga 2009-01-02 23:29 . 2007-08-24 19:45 101,120 -ra------ c:\windows\system32\drivers\ewusbmdm.sys 2009-01-02 23:29 . 2007-08-24 19:45 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys 2008-12-15 20:25 . 2008-12-15 20:25 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\Ahead 2008-12-10 22:33 . 2008-12-10 22:33 200,704 --a------ c:\windows\system32\dtu100.dll 2008-12-10 22:33 . 2008-12-10 22:33 86,016 --a------ c:\windows\system32\dpl100.dll 2008-12-09 00:28 . 2008-12-09 00:28 593,920 --a------ c:\windows\system32\dpuGUI11.dll 2008-12-09 00:28 . 2008-12-09 00:28 344,064 --a------ c:\windows\system32\dpus11.dll 2008-12-09 00:28 . 2008-12-09 00:28 294,912 --a------ c:\windows\system32\dpu11.dll 2008-12-09 00:28 . 2008-12-09 00:28 57,344 --a------ c:\windows\system32\dpv11.dll 2008-12-03 09:41 . 2008-12-03 09:41 <DIR> d-------- c:\documents and settings\Carol e Jaime\Dados de aplicativos\AdobeUM . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-26 18:55 499,712 ----a-w c:\windows\system32\msvcp71.dll 2009-01-26 18:55 348,160 ----a-w c:\windows\system32\msvcr71.dll 2009-01-07 10:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2009-01-07 10:18 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-01-06 12:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7 2009-01-06 12:02 --------- d-----w c:\documents and settings\Convidado\Dados de aplicativos\AVG7 2009-01-06 12:02 --------- d-----w c:\documents and settings\Carol e Jaime\Dados de aplicativos\AVG7 2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-11-06 16:37 129,784 ------w c:\windows\system32\pxafs.dll 2008-11-06 16:37 120,056 ------w c:\windows\system32\pxcpyi64.exe 2008-11-06 16:37 118,520 ------w c:\windows\system32\pxinsi64.exe 2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll 2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:12 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 15:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat 2008-10-16 15:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat 2008-10-16 15:03 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Mobile Partner"="c:\arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe" [2009-01-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SiSRaid"="c:\arquivos de programas\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2005-03-01 897024] "googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-01-08 136600] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-09-06 413696] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-01-26 185872] "SiSPower"="SiSPower.dll" [2005-05-26 c:\windows\system32\SiSPower.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-21 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-10-05 266240] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm"= c:\arquiv~1\ARQUIV~1\ULEADS~1\MPEG\mpegacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Arquivos de programas\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Agrupamento de Mesmo Nível do Windows "3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35fd4f0-d935-11dd-8bf7-001558b1a75f}] \Shell\AutoRun\command - E:\AutoRun.exe . Conteúdo da pasta 'Tarefas Agendadas' 2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 20:04:00 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2009-01-30 20:05:27 ComboFix-quarantined-files.txt 2009-01-30 22:05:23 Pré-execução: 12 pasta(s) 70.746.791.936 bytes disponíveis Pós execução: 11 pasta(s) 70,744,231,936 bytes disponíveis 188 Compartilhar este post Link para o post Compartilhar em outros sites