Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Zentetzuken

[Arquivado] malware sera ?

Recommended Posts

Bom Boa noite.

Meu primeiro post nesse Forum, e trago o seguinte log com as seguintes perguntas.

estou infectado ?

e quando eu abro o sxe ocorre o seguinte erro mostrado na figura abaixo:

http://img150.imageshack.us/my.php?image=sxeerropr3.jpg

 

Aqui vai o Log :

MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\DNA\btdna.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\inetsrv\DavCData.exeC:\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215643616000O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E3670459-2223-4726-9E26-FEC3E40B1B79}: NameServer = 200.204.0.10 200.204.0.138O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe--End of file - 8838 bytes

 

Desculpe qualquer irregularidade

Grato !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zentetzuken

 

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

--------------------------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix:

ComboFix 09-01-21.04 - Ivan 2009-01-26 11:53:45.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1046.18.2047.1487 [GMT -2:00]Executando de: c:\documents and settings\Ivan\Desktop\ComboFix.exeAV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)FW: Symantec Endpoint Protection *disabled* * Criado um novo ponto de restauro.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Ivan\Dados de aplicativos\.#c:\windows\system32\Cache.(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ILVMONEYDRIVER53-------\Service_IlvMoneyDRIVER53((((((((((((((((   Arquivos/Ficheiros criados de 2008-12-26 to 2009-01-26  )))))))))))))))))))))))))))).2009-01-26 12:00 . 2009-01-26 12:00	53,248	--a------	c:\temp\catchme.dll2009-01-26 11:58 . 2009-01-26 11:58	<DIR>	d--------	c:\temp\WPDNSE2009-01-25 21:54 . 2009-01-25 22:04	<DIR>	d--------	C:\HiJackThis2009-01-25 21:28 . 2009-01-25 21:28	<DIR>	d--------	c:\arquivos de programas\Valve2009-01-22 21:49 . 2009-01-22 21:49	<DIR>	d--------	c:\arquivos de programas\KAIZEN Games2009-01-18 15:47 . 2009-01-18 16:03	<DIR>	d--------	c:\arquivos de programas\DOSBox-0.722009-01-14 01:47 . 2009-01-14 01:47	<DIR>	d--------	c:\documents and settings\Ivan\Dados de aplicativos\Remere's Map Editor2009-01-07 20:14 . 2009-01-14 01:51	<DIR>	d--------	c:\arquivos de programas\Tibia8.402009-01-07 03:33 . 2009-01-26 12:00	<DIR>	d--------	c:\temp\WER6fd9.dir002009-01-07 03:32 . 2009-01-26 12:00	<DIR>	d--------	c:\temp\WER9162.dir002009-01-07 03:23 . 2009-01-07 03:32	<DIR>	d--------	c:\temp\WERe808.dir002009-01-07 03:21 . 2009-01-07 03:32	<DIR>	d--------	c:\temp\WER82ec.dir002009-01-07 02:49 . 2009-01-07 03:31	<DIR>	d--------	c:\documents and settings\Ivan\Incomplete2009-01-07 02:48 . 2009-01-07 03:20	<DIR>	d--------	c:\documents and settings\Ivan\Dados de aplicativos\LimeWireTurbo2009-01-07 02:48 . 2009-01-07 02:48	<DIR>	d--------	c:\arquivos de programas\P2P_Energy2009-01-07 02:48 . 2009-01-07 02:48	<DIR>	d--------	c:\arquivos de programas\LimeWireTurbo2009-01-07 02:48 . 2009-01-07 02:48	<DIR>	d--------	c:\arquivos de programas\Conduit2009-01-06 22:25 . 2009-01-06 22:25	<DIR>	d--------	c:\arquivos de programas\K-Lite Codec Pack2009-01-06 22:05 . 2009-01-06 22:05	<DIR>	d--------	c:\arquivos de programas\GIF Movie Gear2009-01-06 21:58 . 2009-01-07 03:32	<DIR>	d--------	c:\temp\gm_ttt_56592009-01-06 21:46 . 2009-01-24 12:05	<DIR>	d--------	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\KeenfinderSrch2009-01-06 21:46 . 2009-01-09 12:11	<DIR>	d--------	c:\arquivos de programas\KeenfinderSrch2009-01-06 21:44 . 2009-01-06 21:44	<DIR>	d--------	c:\arquivos de programas\RelevantKnowledge2009-01-04 01:49 . 2009-01-04 01:49	<DIR>	d--------	c:\arquivos de programas\XP Codec Pack2009-01-04 01:49 . 2008-07-09 07:05	421,888	--a------	c:\windows\system32\ac3filter.acm2009-01-03 01:05 . 2009-01-26 12:00	<DIR>	d--------	c:\temp\mProjector16589003382009-01-03 01:05 . 2009-01-03 01:05	<DIR>	d--------	c:\arquivos de programas\FLV Player2009-01-02 20:57 . 1998-07-17 13:36	140,800	--a------	c:\windows\system32\tm20dec.ax2009-01-02 20:42 . 2009-01-07 03:32	<DIR>	d--------	c:\temp\is-OEQC9.tmp2009-01-02 20:42 . 2009-01-07 03:32	<DIR>	d--------	c:\temp\is-L7QRH.tmp2009-01-02 20:32 . 2009-01-02 23:07	<DIR>	d--------	c:\arquivos de programas\Final Fantasy VII2009-01-02 20:18 . 2009-01-02 20:18	<DIR>	d--------	c:\arquivos de programas\SlySoft2009-01-02 20:18 . 2009-01-02 20:18	24	---hs----	c:\windows\SA60700C4.tmp2009-01-02 18:15 . 2009-01-02 18:15	<DIR>	d--------	C:\CCR INC2009-01-01 20:16 . 2009-01-01 20:17	<DIR>	d--------	c:\arquivos de programas\Flash Player Pro2008-12-30 02:11 . 2008-12-30 02:11	<DIR>	d--------	c:\arquivos de programas\ACE Mega CoDecS Pack.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-26 13:58	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\DNA2009-01-26 13:58	---------	d-----w	c:\arquivos de programas\DNA2009-01-26 13:47	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\Free Download Manager2009-01-26 00:07	---------	d-----w	c:\arquivos de programas\sXe Injected2009-01-25 19:21	---------	d-----w	c:\arquivos de programas\Steam2009-01-25 03:13	---------	d-----w	c:\arquivos de programas\CyberScript322009-01-24 00:18	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\teamspeak22009-01-21 02:39	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\BitTorrent2009-01-20 17:27	---------	d-----w	c:\arquivos de programas\Google2009-01-15 21:08	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\sqlitestudio2009-01-07 04:06	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\LimeWire2009-01-06 23:05	---------	d---a-w	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\TEMP2008-12-30 03:55	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\Dev-Cpp2008-12-30 03:45	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\skypePM2008-12-30 03:45	---------	d-----w	c:\documents and settings\Ivan\Dados de aplicativos\Skype2008-12-26 02:28	---------	d-----w	c:\arquivos de programas\Incomplete2008-12-19 15:15	4,338,246	----a-w	c:\windows\system32\libavcodec.dll2008-12-17 17:41	884,237	----a-w	c:\windows\system32\ff_x264.dll2008-12-17 17:22	93,184	----a-w	c:\windows\system32\ff_wmv9.dll2008-12-17 17:22	57,344	----a-w	c:\windows\system32\ff_vfw.dll2008-12-17 17:17	239,247	----a-w	c:\windows\system32\ff_theora.dll2008-12-17 16:59	560,802	----a-w	c:\windows\system32\libmplayer.dll2008-12-07 21:41	---------	d-----w	c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard2008-12-07 21:40	---------	d--h--w	c:\documents and settings\Ivan\Dados de aplicativos\ijjigame2008-12-07 21:36	---------	d-----w	c:\arquivos de programas\DriftCity2008-12-05 05:36	---------	d-----w	c:\arquivos de programas\Battlefield Vietnam2008-12-05 04:27	---------	d-----w	c:\arquivos de programas\bt vietnan2008-12-02 04:19	---------	d-----w	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Skype2008-12-02 04:19	---------	d-----w	c:\arquivos de programas\Skype2008-12-02 04:19	---------	d-----w	c:\arquivos de programas\Arquivos comuns\Skype2008-11-29 03:27	---------	d-----w	c:\arquivos de programas\GameVicio2008-11-29 03:22	---------	d--h--w	c:\arquivos de programas\InstallShield Installation Information2008-11-29 03:14	---------	d-----w	c:\arquivos de programas\EA GAMES2008-10-29 02:23	425,984	----a-w	c:\windows\system32\ATIDEMGX.dll2008-10-29 02:22	314,880	----a-w	c:\windows\system32\ati2dvag.dll2008-10-29 02:11	43,520	----a-w	c:\windows\system32\ati2edxx.dll2008-10-29 02:11	26,112	----a-w	c:\windows\system32\Ati2mdxx.exe2008-10-29 02:11	188,416	----a-w	c:\windows\system32\atipdlxx.dll2008-10-29 02:11	147,456	----a-w	c:\windows\system32\Oemdspif.dll2008-10-29 02:10	143,360	----a-w	c:\windows\system32\ati2evxx.dll2008-10-29 02:10	10,973,184	----a-w	c:\windows\system32\atioglxx.dll2008-10-29 02:09	585,728	----a-w	c:\windows\system32\ati2evxx.exe2008-10-29 02:07	53,248	----a-w	c:\windows\system32\ATIDDC.DLL2008-10-29 01:57	4,041,472	----a-w	c:\windows\system32\ati3duag.dll2008-10-29 01:49	307,200	----a-w	c:\windows\system32\atiiiexx.dll2008-10-29 01:41	2,472,832	----a-w	c:\windows\system32\ativvaxx.dll2008-10-29 01:25	48,640	----a-w	c:\windows\system32\amdpcom32.dll2008-10-29 01:21	389,120	----a-w	c:\windows\system32\atikvmag.dll2008-10-29 01:19	44,032	----a-w	c:\windows\system32\atiadlxx.dll2008-10-29 01:19	17,408	----a-w	c:\windows\system32\atitvo32.dll2008-10-29 01:18	253,952	----a-w	c:\windows\system32\atiok3x2.dll2008-10-29 01:12	577,536	----a-w	c:\windows\system32\ati2cqag.dll2008-10-28 23:05	593,920	------w	c:\windows\system32\ati2sgag.exe2008-10-27 12:04	70,992	----a-w	c:\windows\system32\XAPOFX1_2.dll2008-10-27 12:04	514,384	----a-w	c:\windows\system32\XAudio2_3.dll2008-10-27 12:04	235,856	----a-w	c:\windows\system32\xactengine3_3.dll2008-10-27 12:04	23,376	----a-w	c:\windows\system32\X3DAudio1_5.dll2008-04-09 21:48	96,374	----a-w	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\firstlsp.reg.dat2006-05-03 09:06	163,328	--sh--r	c:\windows\system32\flvDX.dll2007-02-21 10:47	31,232	--sh--r	c:\windows\system32\msfDX.dll2008-03-16 12:30	216,064	--sh--r	c:\windows\system32\nbDX.dll2008-07-09 23:41	32,768	--sha-w	c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008063020080707\index.dat2008-07-09 23:41	32,768	--sha-w	c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008070920080710\index.dat.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]2007-02-04 11:11	536576	--a------	c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-01-21 342848][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CloneCDTray"="c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.iac2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax"vidc.ffds"= ffdshow.ax"vidc.avrn"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll"vidc.advj"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll"vidc.mszh"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\avimszh.dll"vidc.zlib"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\avizlib.dll"vidc.cscd"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\camcodec.dll"vidc.cvid"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\iccvid.dll"msacm.trspch"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\tssoft32.acm"vidc.em2v"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\etxcodec.dll"vidc.mkvc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll"vidc.hfyu"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\huffyuv.dll"msacm.lameacm"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\lameacm.acm"msacm.lhacm"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\lhacm.acm"msacm.l3acm"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\l3codecp.acm"vidc.sjpg"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll"vidc.dmb2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll"vidc.gepj"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll"vidc.qpeg"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll"vidc.q1.0"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll"msacm.sl_anet"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\sl_anet.acm"vidc.tscc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\tsccvid.dll"vidc.vifp"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\vfcodec.dll"vidc.wrpr"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\aviwrap.dll"vidc.wnv1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll"vidc.advs"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Adaptec\Dvc.dll"vidc.aflc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll"vidc.afli"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll"vidc.aasc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll"vidc.aas4"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll"vidc.asv1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll"vidc.asv2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll"vidc.asvx"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll"vidc.vcr1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll"vidc.vcr2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll"vidc.yv12"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.DLL"vidc.mwv1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll"vidc.bt20"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv"vidc.y41p"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv"msacm.pcdv"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm"vidc.cdvc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Canopus\CSCCDVC.DLL"vidc.ddvc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Canopus\CSCdvsd.DLL"vidc.png1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll"msacm.CoreFLAC_ACM"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm"vidc.davc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll"vidc.div3"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll"vidc.div5"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll"vidc.mpg3"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll"vidc.div4"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll"vidc.div6"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll"vidc.ap41"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll"vidc.dvx4"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\divx4.dll"vidc.divx"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll"msacm.divxa32"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm"vidc.frwd"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll"vidc.frwt"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll"vidc.frwa"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll"vidc.frwu"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll"vidc.glzw"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Gabest\GLZW.dll"vidc.gpeg"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Gabest\GPEG.dll"vidc.i263"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv"vidc.iv30"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv31"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv32"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv33"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv34"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv35"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv36"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv37"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv38"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv39"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll"vidc.iv40"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv41"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv42"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv43"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv44"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv45"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv46"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv47"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv48"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv49"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll"vidc.iv50"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll"vidc.iyuv"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll"vidc.yvu9"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\Iyvu9_32.dll"vidc.ir21"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL"vidc.rt21"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL"msacm.imc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Intel\IMC32.ACM"vidc.lead"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\LEAD\LCODCCMP.DLL"vidc.dvsd"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL"vidc.dvc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL"vidc.dvcs"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL"vidc.dcmj"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL"vidc.avi1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL"vidc.avi2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL"vidc.dv25"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.dv50"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.msmc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mmjp"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx3"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx4"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx5"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx6"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx7"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx8"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mtx9"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"vidc.mmes"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll"msacm.msadpcm"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm"msacm.imaadpcm"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm"msacm.msg711"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm"msacm.msg723"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm"msacm.msgsm610"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm"vidc.m261"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv"vidc.m263"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv"vidc.i420"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv"vidc.mrle"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll"vidc.uyvy"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll"vidc.yuy2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll"vidc.yvyu"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll"vidc.msvc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll"vidc.cram"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll"vidc.mpg4"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll"vidc.mp41"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll"vidc.mp42"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll"vidc.mp43"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll"vidc.mp4s"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll"vidc.mp4v"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll"vidc.wmv3"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\WMV9VCM.dll"msacm.msaudio1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm"vidc.vixl"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Miro\miroxl32.dll"vidc.nt00"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll"msacm.vorbis"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm"vidc.vp30"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll"vidc.vp31"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll"vidc.vp60"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll"vidc.vp61"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll"vidc.pdvc"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll"vidc.ipdv"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll"vidc.pvw2"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll"vidc.pimj"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll"vidc.mjpx"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll"vidc.miro"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll"vidc.dcap"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll"vidc.mjpa"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll"vidc.gpjm"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll"vidc.pim1"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll"msacm.qmpeg"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm"vidc.rmp4"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll"vidc.rud0"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll"msacm.at3"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm"vidc.sony"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll"vidc.dvcp"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll"vidc.s422"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll"vidc.t420"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll"vidc.y411"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll"vidc.vssv"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll"msacm.voxacm160"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm"vidc.xvid"= c:\arquiv~1\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll"msacm.ac3filter"= ac3filter.acm[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^BTTray.lnk]path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\BTTray.lnkbackup=c:\windows\pss\BTTray.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^enhanced  keyboard driver.lnk]path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\enhanced  keyboard driver.lnkbackup=c:\windows\pss\enhanced  keyboard driver.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnkbackup=c:\windows\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Ivan^Menu Iniciar^Programas^Inicializar^SQLBACKUPZIP.lnk]path=c:\documents and settings\Ivan\Menu Iniciar\Programas\Inicializar\SQLBACKUPZIP.lnkbackup=c:\windows\pss\SQLBACKUPZIP.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Ludwig^Menu Iniciar^Programas^Inicializar^MutiKeyboard Driver.lnk]path=c:\documents and settings\Ludwig\Menu Iniciar\Programas\Inicializar\MutiKeyboard Driver.lnkbackup=c:\windows\pss\MutiKeyboard Driver.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]--a------ 2008-02-22 13:58 217544 c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]--a------ 2009-01-21 00:06 342848 c:\arquivos de programas\DNA\btdna.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]--a------ 2008-02-01 02:25 115560 c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]--a------ 2006-09-28 17:21 57344 c:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]--a------ 2008-04-14 00:20 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]--a----t- 2008-09-08 14:23 133104 c:\documents and settings\Ivan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--------- 2008-04-14 00:21 1695232 c:\arquivos de programas\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]--a------ 2007-10-18 12:34 5724184 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]--a------ 2004-12-20 17:12 131072 c:\arquivos de programas\NVIDIA Corporation\NvMixer\NvMixerTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-05-27 11:50 413696 c:\arquivos de programas\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]--a------ 2008-08-29 16:11 61440 c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]--a------ 2008-10-08 14:59 1410296 c:\arquivos de programas\Steam\steam.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]--a------ 2008-12-19 20:31 1372160 c:\arquivos de programas\sXe Injected\sXe Injected.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]--a------ 2008-10-29 00:11 26112 c:\windows\system32\Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]-ra------ 2004-11-15 08:20 77824 c:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WLSetupSvc"=3 (0x3)"usnjsvc"=3 (0x3)"wuauserv"=2 (0x2)"SavRoam"=3 (0x3)"LiveUpdate"=3 (0x3)"EhttpSrv"=3 (0x3)"Pml Driver HPZ12"=2 (0x2)"ekrn"=2 (0x2)"StarWindServiceAE"=2 (0x2)"Nero BackItUp Scheduler 3"=2 (0x2)"IDriverT"=3 (0x3)"AntiVirService"=2 (0x2)"AntiVirScheduler"=2 (0x2)"AntiVirMailService"=2 (0x2)"HTTPFilter"=3 (0x3)"Apache2.2"=2 (0x2)"SQLWriter"=2 (0x2)"SQLBrowser"=2 (0x2)"MSSQL$SQLEXPRESS"=2 (0x2)"WZCSVC"=2 (0x2)"WMPNetworkSvc"=3 (0x3)"mysql"=2 (0x2)"idsvc"=3 (0x3)"AVEService"=2 (0x2)"FLEXnet Licensing Service"=3 (0x3)"btwdins"=2 (0x2)"Bonjour Service"=2 (0x2)"ATI Smart"=2 (0x2)"Ati HotKey Poller"=2 (0x2)"aawservice"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Arquivos de programas\\DNA\\btdna.exe"="c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="c:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3y.exe"="c:\\Arquivos de programas\\Microsoft Games\\Age of Empires III\\age3x.exe"="c:\\Arquivos de programas\\AGE 2\\age2_x1\\age2_x1.exe"="c:\\Arquivos de programas\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="c:\\Arquivos de programas\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="c:\\Arquivos de programas\\Arquivos comuns\\Symantec Shared\\ccApp.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [2008-12-19 49408]S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-20 27904]S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]S3 XDva081;XDva081;\??\c:\windows\system32\XDva081.sys --> c:\windows\system32\XDva081.sys [?]S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]S3 XDva168;XDva168;\??\c:\windows\system32\XDva168.sys --> c:\windows\system32\XDva168.sys [?]S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]S3 XDva187;XDva187;\??\c:\windows\system32\XDva187.sys --> c:\windows\system32\XDva187.sys [?]S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]S3 XDva200;XDva200;\??\c:\windows\system32\XDva200.sys --> c:\windows\system32\XDva200.sys [?]S3 XDva212;XDva212;\??\c:\windows\system32\XDva212.sys --> c:\windows\system32\XDva212.sys [?]S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]S3 XDva226;XDva226;\??\c:\windows\system32\XDva226.sys --> c:\windows\system32\XDva226.sys [?][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]c:\documents and settings\All Users.WINDOWS\Menu iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe.Conteúdo da pasta 'Tarefas Agendadas'2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]2009-01-26 c:\windows\Tasks\GoogleUpdateTaskUser.job- c:\documents and settings\Ivan\Configura [].- - - - ORFÃOS REMOVIDOS - - - -BHO-{831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - (no file)SafeBoot-Symantec AntvirusMSConfigStartUp-ATICustomerCare - c:\arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exeMSConfigStartUp-avgnt - c:\arquivos de programas\AntiVir PersonalEdition Premium\avgnt.exeMSConfigStartUp-Babylon Client - c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exeMSConfigStartUp-egui - c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exeMSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exeMSConfigStartUp-NBKeyScan - c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exeMSConfigStartUp-NeroFilterCheck - c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exeMSConfigStartUp-PDM Agent - c:\arquivos de programas\PDM\PDM.exeMSConfigStartUp-STYLEXP - c:\arquivos de programas\TGTSoft\StyleXP\StyleXP.exeMSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeMSConfigStartUp-vptray - c:\arquiv~1\SYMANT~1\VPTray.exe.------- Scan Suplementar -------.uStart Page = hxxp://www.google.com.br/ig?hl=pt-BRIE: Add to AMV Convert Tool... - c:\arquivos de programas\\MP3 Player Utilities 4.00\AMVConverter\grab.htmlIE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htmIE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htmIE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htmIE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htmIE: MediaManager tool grab multimedia file - c:\arquivos de programas\\MP3 Player Utilities 4.00\MediaManager\grab.htmlTCP: {E3670459-2223-4726-9E26-FEC3E40B1B79} = 200.204.0.10 200.204.0.138DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} - hxxp://www.audition.com.br/activex/AuditionWeb.cabDPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cabFF - ProfilePath - ---- FIREFOX POLICIES ----c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-26 12:00:11Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------- - - - - - - > 'winlogon.exe'(976)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(3544)c:\arquivos de programas\TortoiseSVN\bin\tortoisesvn.dllc:\arquivos de programas\TortoiseSVN\bin\intl3_svn.dll.------------------------ Outros Processos em Execução ------------------------.c:\arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exec:\arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exec:\windows\system32\inetsrv\inetinfo.exec:\arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exec:\arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exec:\windows\system32\wscntfy.exec:\arquivos de programas\TortoiseSVN\bin\TSVNCache.exe.**************************************************************************.Tempo para conclusão: 2009-01-26 12:05:52 - Máquina reiniciouComboFix-quarantined-files.txt  2009-01-26 14:05:47Pré-execução: 1.296.097.280 bytes disponíveisPós execução: 6,099,488,768 bytes disponíveisWindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimerCurrent=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4527	--- E O F ---	2008-11-24 00:59:16

Compartilhar este post


Link para o post
Compartilhar em outros sites

hijackthis Log :

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:08:32, on 26/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\wscntfy.exeC:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\DNA\btdna.exeC:\WINDOWS\explorer.exeC:\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215643616000O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E3670459-2223-4726-9E26-FEC3E40B1B79}: NameServer = 200.204.0.10 200.204.0.138O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe--End of file - 7904 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Zentetzuken

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

--------------------------------

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

 

:Files

c:\documents and settings\All Users.WINDOWS\Menu iniciar\Programas\Ferramentas administrativas\RecycleBin\kdja.exe

 

:Reg

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

01262009_192442.log :

========== PROCESSES ==========Process explorer.exe killed successfully.========== FILES ==========File/Folder c:\documents and settings\All Users.WINDOWS\Menu iniciar\Programas\Ferramentas administrativas\RecycleBin\kdja.exe not found.========== REGISTRY ==========Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}\\ deleted successfully.========== COMMANDS ==========File delete failed. C:\Temp\~DF57C.tmp scheduled to be deleted on reboot.File delete failed. C:\Temp\~DF585.tmp scheduled to be deleted on reboot.File delete failed. C:\Temp\~DFE9EA.tmp scheduled to be deleted on reboot.File delete failed. C:\Temp\~DFEA1B.tmp scheduled to be deleted on reboot.User's Temp folder emptied.User's Temporary Internet Files folder emptied.User's Internet Explorer cache folder emptied.Local Service Temp folder emptied.Local Service Temporary Internet Files folder emptied.File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_148.dat scheduled to be deleted on reboot.Windows Temp folder emptied.Java cache emptied.FireFox cache emptied.Temp folders emptied.Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01262009_192442Files moved on Reboot...File C:\Temp\~DF57C.tmp not found!File C:\Temp\~DF585.tmp not found!File C:\Temp\~DFE9EA.tmp not found!File C:\Temp\~DFEA1B.tmp not found!C:\WINDOWS\temp\Perflib_Perfdata_148.dat moved successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zentetzuken

 

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < kasperdx9.jpg >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

Kas-Savetxt.gif

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora + tive problemas com meu modem.

Depois de arduas 9 horas de scan ta ai o log:

--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Saturday, January 31, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, January 31, 2009 01:55:50 Records in database: 1729630--------------------------------------------------------------------------------Scan settings:	Scan using the following database: extended	Scan archives: yes	Scan mail databases: yesScan area - My Computer:	A:\	C:\	D:\	E:\Scan statistics:	Files scanned: 278888	Threat name: 28	Infected objects: 55	Suspicious objects: 0	Duration of the scan: 09:23:16File name / Threat name / Threats countC:\Arquivos de programas\CyberScript32\CyberScript.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.617	1C:\Arquivos de programas\MP3 Player Utilities 4.00\DelDrv.exe	Infected: not-a-virus:RiskTool.Win32.Deleter.e	1C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe	Infected: not-a-virus:AdWare.Win32.RK.ao	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00000\4DE43353.VBN	Infected: Trojan.Win32.Buzus.afkt	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00001\4DE4340F.VBN	Infected: Trojan.Win32.Agent.bgec	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00002\4DE43410.VBN	Infected: Trojan.Win32.Monder.almd	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00003\4DE43425.VBN	Infected: Trojan-Dropper.Win32.Agent.adti	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04E00004\4DE4379E.VBN	Infected: Trojan-Downloader.WMA.GetCodec.e	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05300000\4D763999.VBN	Infected: IRC-Worm.Win32.Small.g	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05EC0000\4DEFD7AE.VBN	Infected: Trojan-Downloader.WMA.GetCodec.b	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06900000\4EF53B12.VBN	Infected: Trojan-Spy.Win32.Ardamax.e	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040000\49C5B3D2.VBN	Infected: Trojan.Win32.Delf.bpv	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09340000\49B76327.VBN	Infected: Trojan.Win32.Delf.gug	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09340001\49B7CECE.VBN	Infected: Backdoor.Win32.Agent.vrv	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\096C0000\496DF5CB.VBN	Infected: Trojan-Downloader.WMA.GetCodec.c	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900000\49D4279E.VBN	Infected: Trojan-Downloader.WMA.GetCodec.c	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09900001\49D42818.VBN	Infected: Trojan-Downloader.WMA.GetCodec.c	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09C40000\49DD74AA.VBN	Infected: not-a-virus:AdWare.Win32.Agent.zk	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A680000\4AFED530.VBN	Infected: Trojan-Downloader.WMA.GetCodec.c	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AAC0000.VBN	Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF80000\4BFA8D23.VBN	Infected: Exploit.Win32.Pidief.mb	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C4C0000\4C6DA987.VBN	Infected: Trojan.Win32.Delf.boz	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C4C0001\4C6DC094.VBN	Infected: Trojan.Win32.Delf.boz	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C600000\4CF07277.VBN	Infected: Trojan-Downloader.WMA.GetCodec.c	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D8C0000\4DCDC6F4.VBN	Infected: Packed.Win32.Black.a	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E100000\4ED8376B.VBN	Infected: Trojan-Downloader.WMA.GetCodec.a	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F840000\4FEEDB2D.VBN	Infected: Trojan-Downloader.WMA.GetCodec.c	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17480000.VBN	Infected: Packed.Win32.Black.a	1C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\497cd9de.tmp	Infected: Trojan.Win32.Delf.bwf	1C:\Documents and Settings\Ivan\Desktop\MP3 Player Utilities 4.00\MSI.CAB	Infected: not-a-virus:RiskTool.Win32.Deleter.e	1C:\Documents and Settings\Ivan\Desktop\War by hugo v2\War serve V2 By Hugo.exe	Infected: Trojan.Win32.Delf.hkl	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\gb\Cv33.dll	Infected: not-a-virus:Monitor.Win32.KeyLogger.bw	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\Tibia\Striker Server - 8.1.5\WorldWar.exe	Infected: Trojan.Win32.Delf.dml	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\Tibia\TFS0[1].3_WAR_by_Gesior\TFS0.3 WAR by Gesior\GesiorWarTFS.exe	Infected: Trojan.Win32.Delf.erx	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\Tibia\TFS0[1].3_WAR_by_Gesior.zip	Infected: Trojan.Win32.Delf.erx	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\tibia 1\World War_By Survival\World War Pure SVN 8.1\WorldWar.exe	Infected: Trojan.Win32.Delf.dml	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\tibia 1\World_War_By_Survival.rar	Infected: Trojan.Win32.Delf.dml	1C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\Ardamax Keylogger 2[1].8 PT-BR.zip	Infected: Trojan-Spy.Win32.Ardamax.e	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\Ardamax Keylogger 2[1].8 PT-BR.zip	Infected: not-a-virus:Monitor.Win32.Ardamax.271	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\Ardamax Keylogger 2[1].8 PT-BR.zip	Infected: not-a-virus:Monitor.Win32.Ardamax.o	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe	Infected: Trojan-Spy.Win32.Ardamax.e	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe	Infected: not-a-virus:Monitor.Win32.Ardamax.271	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe	Infected: not-a-virus:Monitor.Win32.Ardamax.o	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2[1].8 PT-BR.zip	Infected: Trojan-Spy.Win32.Ardamax.e	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2[1].8 PT-BR.zip	Infected: not-a-virus:Monitor.Win32.Ardamax.271	2C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2[1].8 PT-BR.zip	Infected: not-a-virus:Monitor.Win32.Ardamax.o	2The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:49:03, on 31/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\wscntfy.exeC:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\DNA\btdna.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SavUI.exeC:\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215643616000O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E3670459-2223-4726-9E26-FEC3E40B1B79}: NameServer = 200.204.0.10 200.204.0.138O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe--End of file - 8226 bytes

 

Desculpe se eu postei cada log em 1 post.

achei que como sao muito grandes assim fica melhor caso não possa me avise que não farei mais.

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Zentetzuken

 

<@> Dê um duplo clique no ícone do Norton,situado ao lado do relógio.

<@> Vá em Sistema,e clique em Auto-Protect.

<@> Desmarque as seguintes opções:

 

< 1 > Ativar Auto-Protect

 

< 2 > Iniciar o Auto-Protect ao iniciar o Windows

 

<@> Ainda em Sistema,clique em Bloqueio de scripts.

<@> Desmarque a opção:

 

< 1 > Ativar bloqueio de scripts

<@> Baixe: < Kaspersky Virus Removal Tool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é um pouco demorada. Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
nusssssssss

o arquivo com o relatorio ficou com 133 mb oO

coloquei o arquivo no winrar e dominui para 4,5mb

esta ai o link:

http://www.mediafire.com/?zl0jiz2yozc

 

Desculpe se não pode postar o log upando ele más eu n consegui colocar ele aqui.

o bloco de notas nem abre, so com o word pad.

Grato !

------------------------

Boa Tarde! Zentetzuken

 

<!> Está tudo Ok! Voçê fez o correto,ao disponibilizar o relatório em um servidor.

------------------------

<@> Baixe: < RemDelf >

<@> Salve-o no Disco Local-C. ( C:\Remdelf2b.exe )

<@> Reinicie o computador em Modo de Segurança.

<@> Digite no Executar: C:\remdelf.exe --> Clique Ok.

<@> Caso existam outras unidades de Disco,digite: C:\remdelf C:\ D:\

<@> Abrir-se-à um Prompt,mostrando o scan da ferramenta.Aguarde!

<@> Terminando,aperte Enter.

<@> O computador será reiniciado!

------------------------

<@> Baixe: < drweb.gif >

<@> Salve-o no desktop!

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo,em um local adequado. ( DrWeb.csv ) <-- Formato txt.

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
<@> Baixe: < RemDelf >

 

ta OFF amigo.

tem outro link ?

Grato !

-----------------------

Opa! Zentetzuken

 

<!> Obrigado! Já foi feita a correção.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

hjackthis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:57:23, on 4/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\DNA\btdna.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\dllhost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\iPod\bin\iPodService.exeC:\Arquivos de programas\iTunes\iTunesHelper.exeC:\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215643616000O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E3670459-2223-4726-9E26-FEC3E40B1B79}: NameServer = 200.204.0.10 200.204.0.138O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dllO23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe--End of file - 8901 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

DrWeb.txt :

CyberScript.exe;C:\Arquivos de programas\CyberScript32;Program.mIRC.617;Incurável.Movido.;SRSAI.exe;C:\Arquivos de programas\DAEMON Tools Lite;Adware.Shopper;Incurável.Movido.;game.exe;C:\Arquivos de programas\KAIZEN Games\Priston Tale;Provavelmente DLOADER.Trojan;Incurável.Movido.;XTrapVa.dll;C:\Arquivos de programas\KAIZEN Games\Priston Tale\XTrap;Provavelmente DLOADER.Trojan;Incurável.Movido.;sd4hide.exe;C:\Arquivos de programas\THE GODFATHER;Tool.DiskHide;Incurável.Movido.;RegUBP2b-Ivan.reg;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Eliminado.;17480000.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Packed.650;Eliminado.;4DE43410.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Trojan.Virtumod.1465;Eliminado.;4DE43425.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Trojan.MulDrop.29610;Eliminado.;4EF53B12.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Trojan.DownLoad.1726;Eliminado.;4EF90973.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;4EF913C7.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;4EF91415.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;49F98B64.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.6;Incurável.Movido.;49DD74AA.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Trojan.Click.17232;Eliminado.;4A194D3C.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;4ADD02A7.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;4ADD030A.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;4ADD06FF.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Adware.AdsTech.5;Incurável.Movido.;4DCDC6F4.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0;Trojan.Packed.650;Eliminado.;59556108.VBN\data005;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1;Adware.AdsTech.6;;59556108.VBN\data006;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1;Adware.AdsTech.5;;59556108.VBN;C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1;O arquivo contém objectos infectados;Movido.;Cv33.dll;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\gb;Trojan.DownLoader.54107;Eliminado.;xampp-win32-1.6.5-installer.exe\data207;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\Tibia\xampp-win32-1.6.5-installer.exe;Program.PrcView.3725;;xampp-win32-1.6.5-installer.exe;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Jogos\Tibia;O arquivo contém objectos infectados;Movido.;Ardamax Keylogger 2.8 PT-BR.exe\data001;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe;Program.Ardamax;;Ardamax Keylogger 2.8 PT-BR.exe\data012;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe;Program.Ardamax;;Ardamax Keylogger 2.8 PT-BR.exe\data013;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe;Program.Ardamax;;Ardamax Keylogger 2.8 PT-BR.exe\data014;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe;Trojan.DownLoad.1726;;Ardamax Keylogger 2.8 PT-BR.exe\data015;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe;Program.Ardamax;;Ardamax Keylogger 2.8 PT-BR.exe\data016;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado\Ardamax Keylogger 2.8 PT-BR.exe;Program.Ardamax;;Ardamax Keylogger 2.8 PT-BR.exe;C:\Documents and Settings\Ivan\Meus documentos\Ivan\Programas\arda\registrado;O arquivo contém objectos infectados;Movido.;daemon4121-lite.exe\data051;C:\Documents and Settings\Ludwig\Meus documentos\~ ~ L u U u D n e x X X ~ ~ =X\ProgramaS\daemon4121-lite.exe;Adware.Shopper;;daemon4121-lite.exe;C:\Documents and Settings\Ludwig\Meus documentos\~ ~ L u U u D n e x X X ~ ~ =X\ProgramaS;O arquivo contém objectos infectados;Movido.;data007\data001;C:\Documents and Settings\Ludwig\Meus documentos\~ ~ L u U u D n e x X X ~ ~ =X\ProgramaS\daemon4122-lite.exe\data007;Adware.Shopper;;data007\data002;C:\Documents and Settings\Ludwig\Meus documentos\~ ~ L u U u D n e x X X ~ ~ =X\ProgramaS\daemon4122-lite.exe\data007;Adware.SaveNow.128;;data007;C:\Documents and Settings\Ludwig\Meus documentos\~ ~ L u U u D n e x X X ~ ~ =X\ProgramaS\daemon4122-lite.exe;O arquivo contém objectos infectados;;daemon4122-lite.exe;C:\Documents and Settings\Ludwig\Meus documentos\~ ~ L u U u D n e x X X ~ ~ =X\ProgramaS;O arquivo contém objectos infectados;Movido.;PristonTale4133.exe\data014;C:\Downloads\Software\PristonTale4133.exe;Provavelmente DLOADER.Trojan;;PristonTale4133.exe;C:\Downloads\Software;O arquivo contém objectos infectados;Movido.;XTrapVa.dll;C:\Level Up! Games\The Duel\XTrap;Provavelmente DLOADER.Trojan;Incurável.Movido.;XPT10544.exe;C:\PTServer\Client;Provavelmente DLOADER.Trojan;Incurável.Movido.;XTrapVa.dll;C:\PTServer\Client\XTrap;Provavelmente DLOADER.Trojan;Incurável.Movido.;A0166104.reg;C:\System Volume Information\_restore{D9838452-4296-488E-A905-5B7C597A7CC2}\RP133;Trojan.StartPage.1505;Eliminado.;A0166105.exe\data014;C:\System Volume Information\_restore{D9838452-4296-488E-A905-5B7C597A7CC2}\RP133\A0166105.exe;Provavelmente DLOADER.Trojan;;A0166105.exe;C:\System Volume Information\_restore{D9838452-4296-488E-A905-5B7C597A7CC2}\RP133;O arquivo contém objectos infectados;Movido.;

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Zentetzuken

 

<@> Vá a este link,e baixe: < malwarebyte.pngalwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

------------------------------------

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz como indicado no tutorial, está ai o log:

mbam-log:

Malwarebytes' Anti-Malware 1.33Versão do banco de dados: 1730Windows 5.1.2600 Service Pack 35/2/2009 10:25:52mbam-log-2009-02-05 (10-25-52).txtTipo de Verificação: Completa (C:\|)Objetos verificados: 367196Tempo decorrido: 6 hour(s), 25 minute(s), 53 second(s)Processos da Memória infectados: 0Módulos de Memória Infectados: 0Chaves do Registro infectadas: 2Valores do Registro infectados: 0Ítens do Registro infectados: 0Pastas infectadas: 4Arquivos infectados: 4Processos da Memória infectados:(Nenhum ítem malicioso foi detectado)Módulos de Memória Infectados:(Nenhum ítem malicioso foi detectado)Chaves do Registro infectadas:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.Valores do Registro infectados:(Nenhum ítem malicioso foi detectado)Ítens do Registro infectados:(Nenhum ítem malicioso foi detectado)Pastas infectadas:C:\Arquivos de programas\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.C:\Documents and Settings\Ludwig\Dados de aplicativos\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.C:\Documents and Settings\Ludwig\Dados de aplicativos\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.C:\Documents and Settings\Ludwig\Dados de aplicativos\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.Arquivos infectados:C:\Arquivos de programas\P2P_Energy\P2P_EnergyToolbarHelper.exe (Adware.NetPumper) -> Quarantined and deleted successfully.C:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\Arquivos de programas\RelevantKnowledge\rlvknlg.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.C:\Documents and Settings\Ludwig\Dados de aplicativos\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:55, on 5/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\DNA\btdna.exeC:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\system32\wscntfy.exeC:\HiJackThis\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htmO8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215643616000O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{E3670459-2223-4726-9E26-FEC3E40B1B79}: NameServer = 200.204.0.10 200.204.0.138O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dllO23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe--End of file - 8645 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Zentetzuken

 

<!> Faça um escaneamento,online,em Eset.

<!> Utilize o navegador Internet Explorer.

<!> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<!> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<!> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

-----------------------------------

<!> Terminando o escaneamento em Eset ( Nod32 ),repita o scan online em Kaspersky,que é de diagnóstico.

<!> Portanto,serão 2 relatórios! --> ( Eset + Kaspersky Online Scanner )

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.