Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Kaua Fabiano

[Arquivado] Computador Com Virus

Recommended Posts

Pur favor me ajudem

alguns dias atraz notei q havia um virus no meu pc.

quando arrasto arquivos para pasta o pc trava

o win xp nao reconhece pendrive,nao abre mais arquivos ZIP,e o pc fica 100% do uso da cpu toda hora tenhu q ir no gerenciador de tarefas,ver o processo q esta consumindo mais cpu e finalizalo,programas como ccleaner abrem e fecham logo em seguida,e nenhum antivirus instala no meu pc

me ajudemm!

Vlww :thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Pur favor me ajudem

alguns dias atraz notei q havia um virus no meu pc.

quando arrasto arquivos para pasta o pc trava

o win xp nao reconhece pendrive,nao abre mais arquivos ZIP,e o pc fica 100% do uso da cpu toda hora tenhu q ir no gerenciador de tarefas,ver o processo q esta consumindo mais cpu e finalizalo,programas como ccleaner abrem e fecham logo em seguida,e nenhum antivirus instala no meu pc

me ajudemm!

Vlww :thumbsup:

<><><><><><><><><><>

Opa! Kaua Fabiano

 

<!> O seu relato é assustador! rsrsrs...

<><><><><><><><><><>

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

<!> Ps: Salve o HijackThis em Arquivos de Programas,e nomeie-o como: ABC.exe

<!> Execute ABC.exe,e poste: ABC.txt <-- Relatório!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui esta o log!!

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at Kau.ua ? 15:34:25, on 10/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Styler\Styler.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winjpaimj.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winlehrq.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\wincjdox.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winxdpey.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winfkdy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\ABC.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptsn.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [style Change Application] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Styler.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)

O23 - Service: Google Update Service (gupdate1c994496999e4bd) (gupdate1c994496999e4bd) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 6613 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Kaua Fabiano

 

<@> Baixe: < FindyKill > ( ...par Chiquitine29 )

<@> Salve-a em Arquivos de Programas!

<@> Feche programas que estejam abertos.

<@> Desabilite a proteção residente de antivírus e antispywares.

<@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo!

<@> Instale a ferramenta,e aceite todas as condições pedidas.

<@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <--

<@> No prompt,aperte o C. --> Enter. <-- Opção de linguas!

<@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" )

<@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde!

<@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter.

<@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport!

<><><><><><><><><><><>

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,ABC.txt atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui esta o do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at Kau.ua ? 16:24:35, on 10/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\ABC.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptsn.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [style Change Application] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Styler.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)

O23 - Service: Google Update Service (gupdate1c994496999e4bd) (gupdate1c994496999e4bd) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 5998 bytes

 

e o LopSD

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( --- 10/04/2009|16:19 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\Tasks\AA2D3E5F9206B64F.job

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim\GPL FUNK.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim\GPL FUNK.exe

Deletado! - C:\DOCUME~1\Kaua\DADOSD~1\extrac~1\audio 16 one.exe

Deletado! - C:\DOCUME~1\Kaua\DADOSD~1\extrac~1\iktzeitp.exe

Deletado! - C:\DOCUME~1\Kaua\DADOSD~1\extrac~1\LoadMemo.exe

Deletado! - C:\DOCUME~1\Kaua\DADOSD~1\extrac~1\weysshwm.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim

Deletado! - C:\DOCUME~1\Kaua\DADOSD~1\extrac~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[24/01/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\18:56 <DIR> {55A29068-F2CE-456C-9148-C869879E2357}

[28/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\18:34 <DIR> Adobe

[20/03/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\00:43 <DIR> America's Army Deploy Client

[05/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\22:49 <DIR> Apple

[05/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\22:59 <DIR> Apple Computer

[10/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\14:12 <DIR> avg8

[27/03/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\22:11 <DIR> Avira

[10/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\12:47 <DIR> BitDefender

[12/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\00:28 <DIR> Borland

[20/01/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\23:10 <DIR> BVRP Software

[08/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\22:13 <DIR> ESET

[15/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\19:24 <DIR> GDP

[28/03/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\10:45 <DIR> Malwarebytes

[10/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\13:34 <DIR> McAfee

[01/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\11:01 <DIR> Messenger Plus!

[28/01/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\02:04 <DIR> Microsoft

[23/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\20:06 <DIR> NexonTW

[05/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\18:17 <DIR> NFS Underground

[22/01/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\22:05 <DIR> Real

[21/03/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\23:55 <DIR> SpeedBit

[02/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\23:49 <DIR> Spybot - Search & Destroy

[22/03/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\00:31 <DIR> TEMP

[18/03/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\11:02 <DIR> Trymedia

[24/01/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\18:56 <DIR> TuneUp Software

[07/04/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\23:35 <DIR> Windows Genuine Advantage

[01/02/2009|Kau.ua] C:\DOCUME~1\ALLUSE~1\DADOSD~1\02:49 <DIR> WLInstaller

 

[20/01/2009|Kau.ua] C:\DOCUME~1\DEFAUL~1\DADOSD~1\14:24 <DIR> Microsoft

 

[23/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\11:02 <DIR> Ace

[14/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\16:13 <DIR> Adobe

[05/04/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\23:05 <DIR> Apple Computer

[20/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\00:28 <DIR> Audacity

[10/04/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\13:12 <DIR> AVGTOOLBAR

[31/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\13:48 <DIR> BrOffice.org2

[02/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\17:16 <DIR> Corel

[24/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\22:06 <DIR> dvdcss

[25/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\21:26 <DIR> fretsonfire

[15/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\19:24 <DIR> GDP

[21/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\14:40 <DIR> Google

[28/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\17:20 <DIR> gtk-2.0

[01/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\00:41 <DIR> Hamachi

[15/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\23:07 <DIR> Help

[20/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\14:27 <DIR> Identities

[12/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\18:41 <DIR> InstallShield

[05/04/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\21:19 <DIR> IObit

[14/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\11:40 <DIR> iPhone.7CCB4030DFE6D86D4B1855092C3371D97ACC5FBC.1

[23/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\11:22 <DIR> Macromedia

[28/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\10:45 <DIR> Malwarebytes

[23/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\09:21 <DIR> Media Player Classic

[10/04/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\14:10 <DIR> Microsoft

[14/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\19:59 <DIR> mioObjects

[20/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\14:55 <DIR> Mozilla

[26/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\20:02 <DIR> Opera

[16/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\01:35 <DIR> PowerRangers

[22/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\00:02 <DIR> Real

[20/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\20:26 <DIR> Styler

[02/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\13:14 <DIR> Sun

[16/02/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\10:58 <DIR> THQ

[22/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\21:31 <DIR> TMNT

[24/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\18:57 <DIR> TuneUp Software

[01/03/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\22:23 <DIR> uTorrent

[09/04/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\15:35 <DIR> Winamp

[20/01/2009|Kau.ua] C:\DOCUME~1\Kaua\DADOSD~1\14:55 <DIR> WinRAR

 

[10/04/2009|Kau.ua] C:\DOCUME~1\LOCALS~1\DADOSD~1\13:11 <DIR> Microsoft

 

[10/04/2009|Kau.ua] C:\DOCUME~1\NETWOR~1\DADOSD~1\13:11 <DIR> Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[05/04/2009 Kau.ua ? 22:27][--a------] C:\WINDOWS\tasks\SmartDefrag.job

[10/04/2009 Kau.ua ? 16:08][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job

[10/04/2009 Kau.ua ? 16:07][--ah-----] C:\WINDOWS\tasks\SA.DAT

[21/07/2007 Kau.ua ? 18:40][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[09/04/2009|Kau.ua] C:\Arquivos de programas\23:45 <DIR> 3Danalizer

[28/02/2009|Kau.ua] C:\Arquivos de programas\18:33 <DIR> Adobe

[12/02/2009|Kau.ua] C:\Arquivos de programas\14:41 <DIR> Ahead

[02/02/2009|Kau.ua] C:\Arquivos de programas\02:13 <DIR> Alcohol Soft

[27/03/2009|Kau.ua] C:\Arquivos de programas\10:14 <DIR> Alwil Software

[05/04/2009|Kau.ua] C:\Arquivos de programas\22:49 <DIR> Apple Software Update

[09/04/2009|Kau.ua] C:\Arquivos de programas\23:49 <DIR> Ares

[10/04/2009|Kau.ua] C:\Arquivos de programas\14:17 <DIR> Arquivos comuns

[10/04/2009|Kau.ua] C:\Arquivos de programas\14:12 <DIR> AVG

[09/04/2009|Kau.ua] C:\Arquivos de programas\23:51 <DIR> AWOMO

[09/04/2009|Kau.ua] C:\Arquivos de programas\23:51 <DIR> Bad Boys II

[09/04/2009|Kau.ua] C:\Arquivos de programas\23:53 <DIR> BeachSoccer

[27/01/2009|Kau.ua] C:\Arquivos de programas\21:07 <DIR> BitPim

[28/03/2009|Kau.ua] C:\Arquivos de programas\18:53 <DIR> Brad Smith

[12/02/2009|Kau.ua] C:\Arquivos de programas\00:31 <DIR> BrOffice.org 2.0

[20/03/2009|Kau.ua] C:\Arquivos de programas\23:08 <DIR> Bywifi

[23/02/2009|Kau.ua] C:\Arquivos de programas\01:07 <DIR> CamSpace

[09/04/2009|Kau.ua] C:\Arquivos de programas\18:12 <DIR> CAPCOM

[14/02/2009|Kau.ua] C:\Arquivos de programas\16:25 <DIR> Climatempo Widget

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:21 <DIR> ComPlus Applications

[05/04/2009|Kau.ua] C:\Arquivos de programas\15:56 <DIR> Crashday

[05/04/2009|Kau.ua] C:\Arquivos de programas\16:00 <DIR> Crazy Frog Racer

[22/03/2009|Kau.ua] C:\Arquivos de programas\00:32 <DIR> DAP

[19/03/2009|Kau.ua] C:\Arquivos de programas\19:34 <DIR> Dave Mirra freestyle BMX

[14/02/2009|Kau.ua] C:\Arquivos de programas\11:40 <DIR> Desktop iPhone

[02/02/2009|Kau.ua] C:\Arquivos de programas\22:38 <DIR> directx

[10/04/2009|Kau.ua] C:\Arquivos de programas\13:35 <DIR> DkZ Studio

[03/02/2009|Kau.ua] C:\Arquivos de programas\22:01 <DIR> DMCSPE

[03/02/2009|Kau.ua] C:\Arquivos de programas\10:31 <DIR> EA Games

[10/04/2009|Kau.ua] C:\Arquivos de programas\13:36 <DIR> ESET

[05/02/2009|Kau.ua] C:\Arquivos de programas\20:20 <DIR> Fantastic Four

[23/02/2009|Kau.ua] C:\Arquivos de programas\07:36 <DIR> Gamania

[31/01/2009|Kau.ua] C:\Arquivos de programas\08:28 <DIR> GameVicio

[21/02/2009|Kau.ua] C:\Arquivos de programas\19:06 <DIR> Google

[19/03/2009|Kau.ua] C:\Arquivos de programas\21:57 <DIR> GTA você

[25/02/2009|Kau.ua] C:\Arquivos de programas\21:25 <DIR> Guitar Hero III

[07/03/2009|Kau.ua] C:\Arquivos de programas\17:11 <DIR> Half-Life Model Viewer

[09/04/2009|Kau.ua] C:\Arquivos de programas\18:12 <DIR> InstallShield Installation Information

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:33 <DIR> Intel

[07/04/2009|Kau.ua] C:\Arquivos de programas\20:11 <DIR> Internet Explorer

[05/04/2009|Kau.ua] C:\Arquivos de programas\21:19 <DIR> IObit

[20/03/2009|Kau.ua] C:\Arquivos de programas\12:42 <DIR> Iron Man

[02/02/2009|Kau.ua] C:\Arquivos de programas\13:24 <DIR> Java

[16/02/2009|Kau.ua] C:\Arquivos de programas\11:29 <DIR> Juiced

[23/01/2009|Kau.ua] C:\Arquivos de programas\09:20 <DIR> K-Lite Codec Pack

[09/04/2009|Kau.ua] C:\Arquivos de programas\11:06 <DIR> Lavalys

[20/03/2009|Kau.ua] C:\Arquivos de programas\00:43 <DIR> LClock

[28/03/2009|Kau.ua] C:\Arquivos de programas\10:45 <DIR> Malwarebytes' Anti-Malware

[09/04/2009|Kau.ua] C:\Arquivos de programas\10:38 <DIR> Marcos Velasco Security

[10/04/2009|Kau.ua] C:\Arquivos de programas\13:34 <DIR> McAfee

[12/02/2009|Kau.ua] C:\Arquivos de programas\10:26 <DIR> Megacubo

[14/02/2009|Kau.ua] C:\Arquivos de programas\01:36 <DIR> Messenger

[03/03/2009|Kau.ua] C:\Arquivos de programas\20:31 <DIR> Messenger Plus! Live

[28/03/2009|Kau.ua] C:\Arquivos de programas\15:03 <DIR> microsoft frontpage

[01/02/2009|Kau.ua] C:\Arquivos de programas\03:00 <DIR> Microsoft SQL Server Compact Edition

[14/02/2009|Kau.ua] C:\Arquivos de programas\19:58 <DIR> Mioplanet

[26/03/2009|Kau.ua] C:\Arquivos de programas\21:52 <DIR> mobile PhoneTools

[14/02/2009|Kau.ua] C:\Arquivos de programas\19:01 <DIR> Motorola

[28/01/2009|Kau.ua] C:\Arquivos de programas\15:16 <DIR> Motorola Phone Tools

[05/04/2009|Kau.ua] C:\Arquivos de programas\18:52 <DIR> Movie Maker

[10/04/2009|Kau.ua] C:\Arquivos de programas\16:15 <DIR> Mozilla Firefox

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:20 <DIR> MSN Gaming Zone

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:24 <DIR> MSXML 4.0

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:24 <DIR> MSXML 6.0

[02/04/2009|Kau.ua] C:\Arquivos de programas\01:10 <DIR> NARC-FAS

[05/04/2009|Kau.ua] C:\Arquivos de programas\18:52 <DIR> NetMeeting

[20/02/2009|Kau.ua] C:\Arquivos de programas\21:39 <DIR> NFSMW

[05/04/2009|Kau.ua] C:\Arquivos de programas\16:20 <DIR> NFSU

[01/02/2009|Kau.ua] C:\Arquivos de programas\12:08 <DIR> NFSU2

[22/02/2009|Kau.ua] C:\Arquivos de programas\21:26 <DIR> O3DS

[05/04/2009|Kau.ua] C:\Arquivos de programas\18:52 <DIR> Outlook Express

[24/02/2009|Kau.ua] C:\Arquivos de programas\17:35 <DIR> OW

[17/02/2009|Kau.ua] C:\Arquivos de programas\09:40 <DIR> PC_Track.Mania.Sunrise.Extreme.(rip)

[24/01/2009|Kau.ua] C:\Arquivos de programas\21:10 <DIR> PhotoFiltre Studio

[14/02/2009|Kau.ua] C:\Arquivos de programas\18:05 <DIR> PhotoScape

[26/02/2009|Kau.ua] C:\Arquivos de programas\23:35 <DIR> Pro Beach Soccer

[16/02/2009|Kau.ua] C:\Arquivos de programas\01:46 <DIR> PRSL

[05/04/2009|Kau.ua] C:\Arquivos de programas\16:37 <DIR> PS6 Rip

[23/03/2009|Kau.ua] C:\Arquivos de programas\21:23 <DIR> R.F.G.T.M.N.T

[11/02/2009|Kau.ua] C:\Arquivos de programas\18:15 <DIR> Realtek

[05/04/2009|Kau.ua] C:\Arquivos de programas\23:02 <DIR> Safari

[16/02/2009|Kau.ua] C:\Arquivos de programas\01:45 <DIR> SDW

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:22 <DIR> Serviços on-line

[22/03/2009|Kau.ua] C:\Arquivos de programas\11:36 <DIR> Simpsons game

[15/03/2009|Kau.ua] C:\Arquivos de programas\23:08 <DIR> SNMPcfg Admin

[22/02/2009|Kau.ua] C:\Arquivos de programas\00:37 <DIR> SopCast

[08/02/2009|Kau.ua] C:\Arquivos de programas\20:16 <DIR> Spider_Man_2

[22/01/2009|Kau.ua] C:\Arquivos de programas\00:29 <DIR> Stardock

[08/03/2009|Kau.ua] C:\Arquivos de programas\13:07 <DIR> Steam

[20/01/2009|Kau.ua] C:\Arquivos de programas\20:26 <DIR> Styler

[28/02/2009|Kau.ua] C:\Arquivos de programas\23:06 <DIR> Swat 4

[08/03/2009|Kau.ua] C:\Arquivos de programas\14:48 <DIR> Tropa de Elite Multiplayer BETA - ed software

[30/03/2009|Kau.ua] C:\Arquivos de programas\23:51 <DIR> tthug2

[28/03/2009|Kau.ua] C:\Arquivos de programas\21:11 <DIR> TuneUp Utilities 2009

[12/02/2009|Kau.ua] C:\Arquivos de programas\10:32 <DIR> TVUPlayer

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:27 <DIR> Uninstall Information

[12/02/2009|Kau.ua] C:\Arquivos de programas\12:23 <DIR> UnZixWin

[12/03/2009|Kau.ua] C:\Arquivos de programas\12:27 <DIR> Uplink Demo

[08/02/2009|Kau.ua] C:\Arquivos de programas\16:43 <DIR> uTorrent

[21/03/2009|Kau.ua] C:\Arquivos de programas\00:01 <DIR> Valve

[20/03/2009|Kau.ua] C:\Arquivos de programas\00:46 <DIR> VDOWNLOADER

[20/01/2009|Kau.ua] C:\Arquivos de programas\19:20 <DIR> Vimicro

[27/02/2009|Kau.ua] C:\Arquivos de programas\01:25 <DIR> ViOrb

[26/01/2009|Kau.ua] C:\Arquivos de programas\13:41 <DIR> VirtualDJ

[27/03/2009|Kau.ua] C:\Arquivos de programas\11:47 <DIR> Vistart

[01/03/2009|Kau.ua] C:\Arquivos de programas\02:04 <DIR> VisualTooltip2.2

[27/03/2009|Kau.ua] C:\Arquivos de programas\11:47 <DIR> VS Revo Group

[30/03/2009|Kau.ua] C:\Arquivos de programas\23:51 <DIR> WALL-E.www.THEREBELS.com.br.KABULOZO 

[17/03/2009|Kau.ua] C:\Arquivos de programas\23:47 <DIR> Winamp

[01/02/2009|Kau.ua] C:\Arquivos de programas\03:00 <DIR> Windows Live

[20/01/2009|Kau.ua] C:\Arquivos de programas\19:13 <DIR> Windows Live SkyDrive

[05/04/2009|Kau.ua] C:\Arquivos de programas\18:50 <DIR> Windows Media Connect 2

[05/04/2009|Kau.ua] C:\Arquivos de programas\18:52 <DIR> Windows Media Player

[05/04/2009|Kau.ua] C:\Arquivos de programas\18:50 <DIR> Windows NT

[20/01/2009|Kau.ua] C:\Arquivos de programas\14:22 <DIR> WindowsUpdate

[12/03/2009|Kau.ua] C:\Arquivos de programas\02:39 <DIR> WinISO

[30/03/2009|Kau.ua] C:\Arquivos de programas\09:53 <DIR> WinRAR

[16/02/2009|Kau.ua] C:\Arquivos de programas\01:45 <DIR> WWE RAW Ultimate Impact (2009)

[28/03/2009|Kau.ua] C:\Arquivos de programas\15:03 <DIR> xerox

[22/03/2009|Kau.ua] C:\Arquivos de programas\16:04 <DIR> XMen-TheOfficialGame

[26/02/2009|Kau.ua] C:\Arquivos de programas\10:10 <DIR> Xpadder

[06/04/2009|Kau.ua] C:\Arquivos de programas\16:10 <DIR> zasr

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[28/02/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\18:34 <DIR> Adobe

[14/02/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\16:12 <DIR> Adobe AIR

[12/02/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\14:43 <DIR> Ahead

[09/04/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\14:40 <DIR> Cisco Systems

[29/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\14:52 <DIR> DirectX

[20/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\14:34 <DIR> InstallShield

[25/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\12:36 <DIR> Microsoft Shared

[20/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\21:17 <DIR> Motorola Shared

[20/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\14:22 <DIR> MSSoap

[20/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\12:14 <DIR> ODBC

[05/04/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\18:52 <DIR> Serviços

[20/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\12:14 <DIR> SpeechEngines

[22/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\00:29 <DIR> Stardock

[05/04/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\18:51 <DIR> System

[07/03/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\20:27 <DIR> Thraex Software

[20/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\18:45 <DIR> Windows Live

[31/01/2009|Kau.ua] C:\Arquivos de programas\Arquivos comuns\22:01 <DIR> WindowsLiveInstaller

 

--------------------\\ Process

 

( 23 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 16:20:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 151

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Kaua\Desktop\Arquivos\Como instalar o programa e crackear.txt

C:\DOCUME~1\Kaua\Desktop\Arquivos\keygen.exe

C:\DOCUME~1\Kaua\Desktop\Games\ \crack

C:\DOCUME~1\Kaua\Desktop\Games\ \crack\NFSHP2.exe

C:\DOCUME~1\Kaua\Recent\Crack.lnk

C:\DOCUME~1\Kaua\Recent\crack_resd_4.lnk

 

 

[F:3][D:9]-> C:\DOCUME~1\Kaua\CONFIG~1\Temp

[F:1][D:0]-> C:\DOCUME~1\Kaua\Cookies

[F:220][D:5]-> C:\DOCUME~1\Kaua\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - --- 10/04/2009|16:22 - Option : [2]

 

--------------------\\ Verificação completa em 16:22:00

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Kaua Fabiano

 

<!> Resta-lhe postar o relatório do FindyKill.

<><><><><><><><><><><><>

<@> Baixe: < FindLop >

<@> Descompacte-o e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

<@> Mas,não execute-o ainda!

<@> Baixe: < new_uninstall >

<@> Caso o antivírus bloqueie o download,ignore o aviso e permita sua execução.

<@> Se o navegador impedir o download,coloque: < http://lop.com >,como Site Preferencial.

<@> Desabilite as proteções residentes de antivírus e antispywares.

<@> Execute o desinstalador!

<@> Digite os números e,confirme!

<@> Ps: Não sendo possível,executar o desinstalador,siga apenas com o FindLop.

<@> Execute,agora,o findlop.bat.

<@> Será gerado um relatório ( findlop.txt ) no Disco local (C)

<@> Poste: findlop.txt

<><><><><><><><><><><><>

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste o relatório: C:\ComboFix\ComboFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

FindyKill

############################## [ FindyKill V4.722 ]

 

 

############################## [ Active Processes ]

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

 

################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]

 

Deleted ! C:\WINDOWS\Prefetch\PATCH.EXE-15B282CA.pf

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

 

################## [ C:\WINDOWS\System32... ]

 

 

################## [ C:\Users\...\AppData\Roaming ]

 

 

################## [ Cleaning .. Temp Files... ]

 

 

################## [ Registry / Infected keys ]

 

 

################## [ Cleaning Removable drives ]

 

# Deleting Files :

 

Not deleted ! "H:\autorun.inf"

 

################## [ Registry / Mountpoint2 ]

 

# -> Not found !

 

################## [ States / Restarting of services ]

 

# Services : [ Auto=2 / Request=3 / Disable=4 ]

 

# Ndisuio -> # Type of startup =3

# Ip6Fw -> # Type of startup =2

# SharedAccess -> # Type of startup =2

# wuauserv -> # Type of startup =2

# wscsvc -> # Type of startup =2

# Safe boot mode restored !

 

################## [ Searching Other Infections ]

 

# -> Nothing found.

 

################## [ ! End of Report # FindyKill V4.722 ! ]

--

Findlop

[TRACE] Enumerating jobs and queues

[TRACE] Activating job '1-Click Maintenance.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe'

Parameters: '/schedulestart'

WorkingDirectory: ''

Comment: 'Runs 1-Click Maintenance at specified times'

Creator: 'Kaua'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 03/21/2009 0:00:00

NextRun: 04/10/2009 18:00:00

StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

3 Triggers

 

Trigger 0:

Type: Weekly

WeeksInterval: 1

DaysOfTheWeek: .....F.

StartDate: 01/01/2008

EndDate: 00/00/0000

StartTime: 17:15

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 1:

Type: Daily

DaysInterval: 1

StartDate: 01/01/2008

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

Trigger 2:

Type: AtLogon

StartDate: 01/01/2008

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

[TRACE] Activating job 'SmartDefrag.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe'

Parameters: '/Schedule'

WorkingDirectory: 'C:\Arquivos de programas\IObit\IObit SmartDefrag\'

Comment: ''

Creator: 'Kaua'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 00/00/0000 0:00:00

NextRun: 04/19/2009 22:00:00

StartError: SCHED_S_TASK_HAS_NOT_RUN

ExitCode: 0

Status: SCHED_S_TASK_HAS_NOT_RUN

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 0

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Weekly

WeeksInterval: 2

DaysOfTheWeek: U......

StartDate: 04/05/2009

EndDate: 00/00/0000

StartTime: 22:00

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

--

Combofix

ComboFix 09-04-04.01 - Kaua 2009-04-10 17:27:19.5 - NTFSx86

Executando de: c:\documents and settings\Kaua\Desktop\KomboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-10 to 2009-04-10 ))))))))))))))))))))))))))))

.

 

2009-04-10 17:16 . 2009-04-10 17:16 495,616 --a------ C:\uninstall.exe

2009-04-10 17:15 . 1999-03-22 13:01 58,368 --a------ C:\jt.exe

2009-04-10 17:15 . 2005-02-15 20:30 108 --a------ C:\findlop.bat

2009-04-10 17:14 . 2009-04-10 17:14 24,776 --a------ C:\findlop.zip

2009-04-10 16:05 . 2009-04-10 16:22 <DIR> d-------- C:\Lop SD

2009-04-10 16:05 . 2009-04-10 16:05 530,106 --a------ C:\LopSD.exe

2009-04-10 16:04 . 2009-04-10 16:15 <DIR> d-------- C:\FindyKill

2009-04-10 16:01 . 2009-04-10 16:03 1,793,953 --a------ c:\arquivos de programas\FindyKill.exe

2009-04-10 15:32 . 2009-04-10 15:32 401,720 --a------ c:\arquivos de programas\ABC.exe.exe

2009-04-10 13:43 . 2009-04-10 13:43 20,480 --a------ c:\windows\system32\H@tKeysH@@k.DLL

2009-04-10 13:32 . 2007-07-21 18:40 768,512 --a------ c:\windows\system32\dllcache\helpctr.exe

2009-04-10 13:32 . 2007-07-21 18:40 380,928 --a------ c:\windows\system32\dllcache\msinfo.dll

2009-04-10 13:32 . 2007-07-21 18:40 159,744 --a------ c:\windows\system32\dllcache\msconfig.exe

2009-04-10 13:32 . 2007-07-21 18:40 102,400 --a------ c:\windows\system32\dllcache\pchshell.dll

2009-04-10 13:32 . 2007-07-21 18:40 99,840 --a------ c:\windows\system32\dllcache\helphost.exe

2009-04-10 13:32 . 2007-07-21 18:40 35,328 --a------ c:\windows\system32\dllcache\notiflag.exe

2009-04-10 13:32 . 2007-07-21 18:40 21,504 --a------ c:\windows\system32\dllcache\brpinfo.dll

2009-04-10 13:32 . 2007-07-21 18:40 18,944 --a------ c:\windows\system32\dllcache\hscupd.exe

2009-04-10 13:12 . 2009-04-10 13:12 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\AVGTOOLBAR

2009-04-10 13:12 . 2009-04-10 14:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-04-10 12:47 . 2009-04-10 12:47 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\BitDefender

2009-04-10 09:58 . 2009-04-10 09:58 121 --a------ c:\windows\bdagent.INI

2009-04-09 21:31 . 2009-04-09 21:31 <DIR> d-------- C:\SUED

2009-04-09 21:31 . 2009-04-09 21:31 <DIR> d-------- C:\ARTBA

2009-04-09 18:12 . 2009-04-09 18:12 <DIR> d-------- c:\arquivos de programas\CAPCOM

2009-04-09 14:40 . 2009-04-10 13:34 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-04-09 14:40 . 2009-04-10 13:34 <DIR> d-------- c:\arquivos de programas\McAfee

2009-04-09 14:40 . 2009-04-09 14:40 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Cisco Systems

2009-04-09 14:39 . 2009-04-09 14:41 <DIR> d-------- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2009-04-09 11:06 . 2009-04-09 11:06 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-04-08 22:13 . 2009-04-08 22:13 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-04-08 22:13 . 2009-04-10 13:36 <DIR> d-------- c:\arquivos de programas\ESET

2009-04-06 16:17 . 2009-04-06 16:17 <DIR> d-------- C:\!KillBox

2009-04-06 11:18 . 2008-05-07 01:55 1,292,800 --------- c:\windows\system32\dllcache\quartz.dll

2009-04-06 11:18 . 2007-04-02 03:36 546,304 --------- c:\windows\system32\dllcache\hhctrl.ocx

2009-04-06 11:18 . 2008-06-14 14:59 272,384 --------- c:\windows\system32\dllcache\bthport.sys

2009-04-06 11:18 . 2008-07-07 17:18 253,952 --------- c:\windows\system32\dllcache\es.dll

2009-04-06 11:18 . 2008-06-24 13:30 74,240 --------- c:\windows\system32\dllcache\mscms.dll

2009-04-06 11:17 . 2008-06-18 05:03 2,458,112 --------- c:\windows\system32\dllcache\WMVCore.dll

2009-04-06 11:17 . 2008-08-14 10:39 2,190,208 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-06 11:17 . 2008-08-14 10:39 2,146,816 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-06 11:17 . 2008-08-14 10:39 2,067,200 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-04-06 11:17 . 2008-08-14 10:39 2,024,960 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-06 11:17 . 2008-06-18 05:03 938,496 --------- c:\windows\system32\dllcache\WMNetmgr.dll

2009-04-06 11:17 . 2008-12-05 03:53 144,896 --------- c:\windows\system32\dllcache\schannel.dll

2009-04-06 11:17 . 2008-06-18 01:09 100,864 --------- c:\windows\system32\dllcache\logagent.exe

2009-04-06 11:16 . 2008-07-03 10:03 8,490,496 --------- c:\windows\system32\dllcache\shell32.dll

2009-04-06 11:16 . 2009-02-09 10:55 1,847,552 --------- c:\windows\system32\dllcache\win32k.sys

2009-04-06 11:16 . 2008-04-11 15:40 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll

2009-04-06 11:16 . 2008-10-24 08:25 455,936 --------- c:\windows\system32\dllcache\mrxsmb.sys

2009-04-06 11:16 . 2008-12-11 07:24 333,184 --------- c:\windows\system32\dllcache\srv.sys

2009-04-06 11:16 . 2008-05-01 11:32 331,776 --------- c:\windows\system32\dllcache\msadce.dll

2009-04-06 11:16 . 2007-10-25 09:28 222,720 --------- c:\windows\system32\dllcache\wmasf.dll

2009-04-06 11:16 . 2008-05-08 09:14 203,008 --------- c:\windows\system32\dllcache\rmcast.sys

2009-04-05 23:05 . 2009-04-05 23:05 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\Apple Computer

2009-04-05 22:59 . 2009-04-05 22:59 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-04-05 22:59 . 2009-04-05 23:02 <DIR> d-------- c:\arquivos de programas\Safari

2009-04-05 22:49 . 2009-04-05 22:49 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-04-05 22:49 . 2009-04-05 22:49 <DIR> d-------- c:\arquivos de programas\Apple Software Update

2009-04-05 20:55 . 2009-04-05 21:19 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\IObit

2009-04-05 19:03 . 2007-10-12 16:33 180,224 -ra------ c:\windows\system32\igfxres.dll

2009-04-05 18:56 . 2007-03-09 11:00 57,344 --------- c:\windows\system32\dllcache\agentdpv.dll

2009-04-05 18:55 . 2009-04-10 13:33 <DIR> d-------- c:\windows\system32\dllcache

2009-04-05 18:53 . 2009-04-05 18:53 749 -rah----- c:\windows\WindowsShell.Manifest

2009-04-05 18:53 . 2009-04-05 18:53 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2009-04-05 18:53 . 2009-04-05 18:53 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2009-04-05 18:53 . 2009-04-05 18:53 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2009-04-05 18:53 . 2009-04-05 18:53 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2009-04-05 18:53 . 2009-04-05 18:53 488 -rah----- c:\windows\system32\logonui.exe.manifest

2009-04-05 14:32 . 2009-04-05 14:32 <DIR> d--h----- c:\windows\system32\GroupPolicy

2009-04-04 17:19 . 2009-04-09 10:38 <DIR> d-------- c:\arquivos de programas\Marcos Velasco Security

2009-04-03 10:45 . 2009-04-03 10:45 3,639 --a------ c:\windows\VGSCDAPI.VXD

2009-04-02 21:43 . 2003-10-03 16:28 45,056 --a------ c:\windows\system32\vusetup.dll

2009-04-02 21:43 . 2004-11-23 14:17 11,264 --a------ c:\windows\system32\drivers\vulfntr.sys

2009-04-02 21:43 . 2005-01-05 18:02 6,912 --a------ c:\windows\system32\drivers\vulfnth.sys

2009-04-02 21:41 . 1998-11-13 13:18 308,224 --a------ c:\windows\IsUn0416.exe

2009-03-31 23:45 . 2009-04-02 01:10 <DIR> d-------- c:\arquivos de programas\NARC-FAS

2009-03-31 11:13 . 2009-03-31 11:13 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-30 23:43 . 2009-03-30 23:51 <DIR> d-------- c:\arquivos de programas\WALL-E.www.THEREBELS.com.br.KABULOZO 

2009-03-30 12:14 . 2009-03-30 23:51 <DIR> d-------- c:\arquivos de programas\tthug2

2009-03-28 22:00 . 2009-04-05 16:00 <DIR> d-------- c:\arquivos de programas\Crazy Frog Racer

2009-03-28 18:53 . 2009-03-28 18:53 <DIR> d-------- c:\arquivos de programas\Brad Smith

2009-03-28 15:21 . 2009-04-09 23:51 <DIR> d-------- c:\arquivos de programas\Bad Boys II

2009-03-28 15:03 . 2009-03-28 15:03 <DIR> d-------- c:\windows\system32\xircom

2009-03-28 15:03 . 2009-03-28 15:03 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2009-03-28 10:45 . 2009-03-28 10:45 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\Malwarebytes

2009-03-28 10:45 . 2009-03-28 10:45 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-03-28 10:45 . 2009-03-28 10:45 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-03-28 10:45 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-28 10:45 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-28 09:17 . 2009-03-28 09:17 8,192 --a------ c:\windows\system32\usettings.db

2009-03-28 09:17 . 2009-03-28 09:17 2 --a------ c:\windows\system32\LOGFILES

2009-03-27 22:11 . 2007-08-30 13:12 67,752 --a------ c:\windows\system32\drivers\avfwot.sys

2009-03-27 22:11 . 2007-08-30 13:12 61,096 --a------ c:\windows\system32\drivers\avfwim.sys

2009-03-27 12:30 . 2009-03-27 22:11 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-27 12:30 . 2009-04-06 16:10 <DIR> d-------- c:\arquivos de programas\zasr

2009-03-27 11:47 . 2009-03-27 11:47 <DIR> d-------- c:\arquivos de programas\VS Revo Group

2009-03-25 00:31 . 2009-03-25 00:31 11 -ra------ c:\windows\amunres.lsl

2009-03-24 21:50 . 2009-04-02 23:49 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-23 11:02 . 2009-03-23 11:02 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\Ace

2009-03-22 21:26 . 2009-03-22 21:31 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\TMNT

2009-03-22 20:40 . 2009-03-23 21:23 <DIR> d-------- c:\arquivos de programas\R.F.G.T.M.N.T

2009-03-22 11:16 . 2009-03-22 11:36 <DIR> d-------- c:\arquivos de programas\Simpsons game

2009-03-21 23:55 . 2009-03-21 23:55 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-03-21 23:55 . 2009-03-22 00:32 <DIR> d-------- c:\arquivos de programas\DAP

2009-03-21 23:55 . 2009-03-21 23:55 479,298 --a------ c:\windows\system32\wbocx.ocx

2009-03-21 23:55 . 2009-03-21 23:55 172,032 --a------ c:\windows\system32\AniGIF.ocx

2009-03-21 23:55 . 2009-03-21 23:55 50,688 --a------ c:\windows\system32\wbhelp2.dll

2009-03-21 20:28 . 2009-03-21 20:28 <DIR> d-------- C:\GAMES

2009-03-20 23:05 . 2009-03-20 23:08 <DIR> d-------- c:\arquivos de programas\Bywifi

2009-03-20 11:29 . 2009-03-27 10:14 <DIR> d-------- c:\arquivos de programas\Alwil Software

2009-03-20 10:58 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll

2009-03-20 00:46 . 2009-03-20 00:46 <DIR> d-------- c:\arquivos de programas\VDOWNLOADER

2009-03-20 00:18 . 2009-03-20 00:28 <DIR> d-------- c:\documents and settings\Kaua\Dados de aplicativos\Audacity

2009-03-19 22:13 . 2009-03-20 12:42 <DIR> d-------- c:\arquivos de programas\Iron Man

2009-03-19 19:39 . 2009-03-19 21:57 <DIR> d-------- c:\arquivos de programas\GTA você

2009-03-19 19:33 . 2009-03-19 19:34 <DIR> d-------- c:\arquivos de programas\Dave Mirra freestyle BMX

2009-03-19 10:59 . 2004-08-04 00:45 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-03-19 10:59 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-03-19 10:59 . 2001-09-05 23:50 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-03-19 10:52 . 2006-12-13 17:52 20,992 --a------ c:\windows\system32\drivers\motmodem.sys

2009-03-18 11:02 . 2009-03-18 11:02 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trymedia

2009-03-18 10:51 . 2009-04-05 15:56 <DIR> d-------- c:\arquivos de programas\Crashday

2009-03-15 23:08 . 2009-03-15 23:08 <DIR> d-------- c:\arquivos de programas\SNMPcfg Admin

2009-03-12 02:59 . 2009-03-12 12:27 <DIR> d-------- c:\arquivos de programas\Uplink Demo

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 19:24 5,999 ----a-w c:\arquivos de programas\hijackthis.log

2009-04-10 17:12 --------- d-----w c:\arquivos de programas\AVG

2009-04-10 16:35 --------- d-----w c:\arquivos de programas\DkZ Studio

2009-04-10 02:53 --------- d-----w c:\arquivos de programas\BeachSoccer

2009-04-10 02:51 --------- d-----w c:\arquivos de programas\AWOMO

2009-04-10 02:49 --------- d-----w c:\arquivos de programas\Ares

2009-04-10 02:45 114,688 ----a-w c:\windows\ZSSnp211.exe

2009-04-10 02:45 --------- d-----w c:\arquivos de programas\3Danalizer

2009-04-10 02:44 33,280 ----a-w c:\windows\system32\rundll32.exe.tmp

2009-04-10 02:43 70,144 ----a-w c:\windows\system32\notepad.exe.tmp

2009-04-10 02:43 212,992 ----a-w c:\windows\system32\NeroCheck.exe

2009-04-10 02:30 400,384 ----a-w c:\windows\system32\cmd.exe.tmp

2009-04-10 02:26 73,216 ----a-w c:\windows\ST6UNST.EXE

2009-04-10 02:25 86,016 ----a-w c:\windows\SOUNDMAN.EXE

2009-04-10 02:15 286,720 ----a-w c:\windows\SETUP1.EXE

2009-04-10 02:15 1,826,816 ----a-w c:\windows\SkyTel.exe

2009-04-10 02:14 16,858,624 ----a-w c:\windows\RTHDCPL.EXE

2009-04-10 01:42 2,808,832 ----a-w c:\windows\ALCWZRD.EXE

2009-04-10 01:41 69,632 ----a-w c:\windows\ALCMTR.EXE

2009-04-09 21:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-09 18:35 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\Winamp

2009-04-06 00:19 --------- d-----w c:\arquivos de programas\IObit

2009-04-05 21:52 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-04-05 21:50 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-05 19:37 --------- d-----w c:\arquivos de programas\PS6 Rip

2009-04-05 19:20 --------- d-----w c:\arquivos de programas\NFSU

2009-03-31 16:48 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\BrOffice.org2

2009-03-29 00:11 --------- d-----w c:\arquivos de programas\TuneUp Utilities 2009

2009-03-27 14:47 --------- d-----w c:\arquivos de programas\Vistart

2009-03-27 00:52 --------- d-----w c:\arquivos de programas\mobile PhoneTools

2009-03-22 19:04 --------- d-----w c:\arquivos de programas\XMen-TheOfficialGame

2009-03-22 03:31 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-03-21 03:01 --------- d-----w c:\arquivos de programas\Valve

2009-03-20 03:43 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\America's Army Deploy Client

2009-03-20 03:43 --------- d-----w c:\arquivos de programas\LClock

2009-03-19 13:56 24,192 ----a-w c:\documents and settings\Kaua\usbsermptxp.sys

2009-03-19 13:56 22,768 ----a-w c:\windows\system32\drivers\usbsermpt.sys

2009-03-19 13:56 22,768 ----a-w c:\documents and settings\Kaua\usbsermpt.sys

2009-03-18 02:47 --------- d-----w c:\arquivos de programas\Winamp

2009-03-08 17:48 --------- d-----w c:\arquivos de programas\Tropa de Elite Multiplayer BETA - ed software

2009-03-08 16:07 --------- d-----w c:\arquivos de programas\Steam

2009-03-07 23:27 --------- d-----w c:\arquivos de programas\Arquivos comuns\Thraex Software

2009-03-07 20:11 --------- d-----w c:\arquivos de programas\Half-Life Model Viewer

2009-03-05 04:27 5,152 ----a-w c:\windows\system32\drivers\io.sys

2009-03-03 23:31 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-03-02 01:23 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\uTorrent

2009-03-01 05:04 --------- d-----w c:\arquivos de programas\VisualTooltip2.2

2009-03-01 02:06 --------- d-----w c:\arquivos de programas\Swat 4

2009-02-28 21:34 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-02-27 04:25 --------- d-----w c:\arquivos de programas\ViOrb

2009-02-27 02:35 --------- d-----w c:\arquivos de programas\Pro Beach Soccer

2009-02-26 13:10 --------- d-----w c:\arquivos de programas\Xpadder

2009-02-26 04:10 98,304 ----a-w c:\windows\system32\CmdLineExt.dll

2009-02-26 00:26 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\fretsonfire

2009-02-26 00:25 --------- d-----w c:\arquivos de programas\Guitar Hero III

2009-02-24 20:35 --------- d-----w c:\arquivos de programas\OW

2009-02-23 23:06 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NexonTW

2009-02-23 10:36 --------- d-----w c:\arquivos de programas\Gamania

2009-02-23 04:07 --------- d-----w c:\arquivos de programas\CamSpace

2009-02-23 00:26 --------- d-----w c:\arquivos de programas\O3DS

2009-02-22 03:37 --------- d-----w c:\arquivos de programas\SopCast

2009-02-21 22:06 --------- d-----w c:\arquivos de programas\Google

2009-02-21 00:39 --------- d-----w c:\arquivos de programas\NFSMW

2009-02-17 12:40 --------- d-----w c:\arquivos de programas\PC_Track.Mania.Sunrise.Extreme.(rip)

2009-02-16 14:29 --------- d-----w c:\arquivos de programas\Juiced

2009-02-16 13:58 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\THQ

2009-02-16 04:46 --------- d-----w c:\arquivos de programas\PRSL

2009-02-16 04:45 --------- d-----w c:\arquivos de programas\WWE RAW Ultimate Impact (2009)

2009-02-16 04:45 --------- d-----w c:\arquivos de programas\SDW

2009-02-16 04:35 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\PowerRangers

2009-02-15 22:24 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\GDP

2009-02-15 22:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\GDP

2009-02-14 22:59 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\mioObjects

2009-02-14 22:58 407,047 ----a-w c:\windows\system32\mioengine.exe

2009-02-14 22:58 --------- d-----w c:\arquivos de programas\Mioplanet

2009-02-14 22:01 --------- d-----w c:\arquivos de programas\Motorola

2009-02-14 21:05 --------- d-----w c:\arquivos de programas\PhotoScape

2009-02-14 19:25 --------- d-----w c:\arquivos de programas\Climatempo Widget

2009-02-14 19:12 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe AIR

2009-02-14 14:40 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\iPhone.7CCB4030DFE6D86D4B1855092C3371D97ACC5FBC.1

2009-02-14 14:40 --------- d-----w c:\arquivos de programas\Desktop iPhone

2009-02-12 21:41 --------- d-----w c:\documents and settings\Kaua\Dados de aplicativos\InstallShield

2009-02-12 17:43 --------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2009-02-12 17:41 --------- d-----w c:\arquivos de programas\Ahead

2009-02-12 15:23 --------- d-----w c:\arquivos de programas\UnZixWin

2009-02-12 13:32 --------- d-----w c:\arquivos de programas\TVUPlayer

2009-02-12 13:26 --------- d-----w c:\arquivos de programas\Megacubo

2009-02-12 03:31 --------- d-----w c:\arquivos de programas\BrOffice.org 2.0

2009-02-12 03:28 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Borland

2009-02-11 21:15 --------- d-----w c:\arquivos de programas\Realtek

2009-02-09 13:55 1,847,552 ----a-w c:\windows\system32\win32k.sys

2009-02-02 16:24 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-25 13:54 2,325,632 ----a-w c:\windows\system32\TUKernel.exe

2009-01-24 22:00 603,904 ----a-w c:\windows\system32\TUProgSt.exe

2009-01-24 22:00 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe

2009-01-20 17:34 315,392 ----a-w c:\windows\HideWin.exe

2009-01-16 16:21 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll

2008-10-30 20:34 39,424 ----a-w c:\arquivos de programas\mozilla firefox\components\FFComm.dll

2008-09-29 11:07 22,576 ----a-w c:\arquivos de programas\mozilla firefox\components\Scriptff.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Style Change Application"="c:\arquivos de programas\Styler\Styler.exe" [2006-05-03 364544]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-04-09 951296]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-21 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2009-04-09 114688]

"Domino"="c:\windows\Domino.exe" [2006-08-18 106496]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-02-02 136600]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-04-09 212992]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 696320]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 154480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-12 199192]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-12 137752]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-09 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-21 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2009-03-01 00:58 210168 c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ares"="c:\arquivos de programas\Ares\Ares.exe" -h

"Steam"="c:\pacsteamt\steam.exe" -silent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\BitPim\\bitpimw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\NFSU2\\speed2.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= c:\\Arquivos de programas\\Windows Live\\Messenger\\MsnMsgr.Exe

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\PC_Track.Mania.Sunrise.Extreme.(rip)\\TMS\\TmSunrise.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Gamania\\Counter-Strike Online\\Bin\\NMService.exe"=

"c:\\Arquivos de programas\\Gamania\\Counter-Strike Online\\Bin\\CSOLauncher.exe"=

"c:\\Level Up! Games\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\PS6 Rip\\pes6.exe"=

"c:\\PacSteamT\\SteamApps\\common\\eets\\Eets.exe"=

"c:\\Arquivos de programas\\Swat 4\\Sw_4_By_Toxic\\Content\\System\\Swat4DedicatedServer.exe"=

"c:\\Arquivos de programas\\Bywifi\\bywifi.exe"=

"c:\\Arquivos de programas\\Iron Man\\IronMan.exe"=

"c:\\Arquivos de programas\\Tropa de Elite Multiplayer BETA - ed software\\System\\Game\\data.exe"=

"c:\\WINDOWS\\system32\\NeroCheck.exe"=

"c:\\pacsteamt\\steam.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\WINDOWS\\Domino.exe"=

"c:\\Arquivos de programas\\Motorola\\SMSERIAL\\sm56hlpr.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\Arquivos de programas\\Styler\\Styler.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\WINDOWS\\system32\\regsvr32.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\WINDOWS\\system32\\dumprep.exe"=

"c:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE"=

"c:\\WINDOWS\\regedit.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\ZSSnp211.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jucheck.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\system32\\cmd.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\Bad Boys II\\BBpc.exe"=

"c:\\Arquivos de programas\\TuneUp Utilities 2009\\Shredder.exe"=

"c:\\Arquivos de programas\\Winamp\\winamp.exe"=

"c:\\Arquivos de programas\\WinRAR\\WinRAR.exe"=

 

R2 AntiVirMailService;Avira Premium Security Suite MailGuard; [x]

R2 antivirwebservice;Avira Premium Security Suite WebGuard; [x]

R2 AVEService;Avira Premium Security Suite MailGuard helper service; [x]

R2 BDVEDISK;BDVEDISK; [x]

R2 gupdate1c994496999e4bd;Google Update Service (gupdate1c994496999e4bd);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

R3 Arrakis3;BitDefender Arrakis Server; [x]

R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]

R3 dpti930;dpti930; [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-02-27 17792]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]

R3 MotDev;Motorola Inc. USB Device; [x]

R3 vcache;vcache;c:\windows\system32\DRIVERS\vcache.sys [2008-12-04 39040]

R3 vfilter;vfilter;c:\windows\system32\DRIVERS\vfilter.sys [2008-12-04 20480]

R3 XDva223;XDva223; [x]

S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2009-03-05 5152]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-24 603904]

 

 

--- ---

 

*Deregistered* - 6to4

*Deregistered* - AFD

*Deregistered* - Aspi32

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avipbb

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - gupdate1c994496999e4bd

*Deregistered* - HTTP

*Deregistered* - ImapiService

*Deregistered* - io.sys

*Deregistered* - Ip6Fw

*Deregistered* - IpFilterDriver

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - JavaQuickStarterService

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - SENS

*Deregistered* - sfdrv01

*Deregistered* - sfhlp02

*Deregistered* - sfvfs02

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - ssmdrv

*Deregistered* - StarWindServiceAE

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - Tcpip6

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - TuneUp.ProgramStatisticsSvc

*Deregistered* - tunmp

*Deregistered* - Update

*Deregistered* - upnphost

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WmiApSrv

*Deregistered* - WS2IFSL

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 17:36]

 

2009-04-06 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

 

2009-04-06 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\ [2009-04-05 21:19]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Abrir com Wordperfect

LSP: avsda.dll

FF - ProfilePath - c:\documents and settings\Kaua\Dados de aplicativos\Mozilla\Firefox\Profiles\gvfl0q2l.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\arquivos de programas\Mozilla Firefox\components\Scriptff.dll

FF - component: c:\documents and settings\Kaua\Dados de aplicativos\Mozilla\Firefox\Profiles\gvfl0q2l.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll

FF - plugin: c:\arquivos de programas\AWOMO\npgdp.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 17:39:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-484763869-1425521274-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1148)

c:\arquivos de programas\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

 

- - - - - - - > 'lsass.exe'(1220)

c:\windows\system32\avsda.dll

.

Tempo para conclusão: 2009-04-10 17:59:19

ComboFix-quarantined-files.txt 2009-04-10 20:59:09

ComboFix2.txt 2009-04-08 14:47:26

ComboFix3.txt 2009-04-07 01:20:29

ComboFix4.txt 2009-03-28 18:16:06

 

Pré-execução: 20 pasta(s) 15.989.870.592 bytes disponíveis

Pós execução: 19 pasta(s) 15,970,750,464 bytes disponíveis

 

509 --- E O F --- 2009-04-10 14:38:41

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Kaua Fabiano

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Vá a este link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 1963

Windows 5.1.2600 Service Pack 2

 

10/4/2009 21:16:38

mbam-log-2009-04-10 (21-16-38).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 234232

Tempo decorrido: 2 hour(s), 9 minute(s), 39 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

---

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at Kau.ua ? 21:15:43, on 10/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winxymibq.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winwmuad.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\windclclc.exe

C:\WINDOWS\system32\verclsid.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\wintxfr.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winbscnsl.exe

C:\WINDOWS\explorer.exe

C:\DOCUME~1\Kaua\CONFIG~1\Temp\winvfdxof.exe

C:\Arquivos de programas\Simpsons game\Simpsons.exe

C:\Arquivos de programas\ABC.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptsn.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [style Change Application] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Styler.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)

O23 - Service: Google Update Service (gupdate1c994496999e4bd) (gupdate1c994496999e4bd) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 6669 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Kaua Fabiano

 

<@> Baixe: < Kaspersky Virus Removal Tool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatorio giganteeesco :blink:

intao vamos por pates :thumbsup:

Kaspersky 1

Scan

----

Scanned: 716571

Detected: 329

Untreated: 1

Start time: 11/4/2009 Kau.ua ? 00:05:30

Duration: 06:38:46

Finish time: 11/4/2009 Kau.ua ? 06:44:16

 

 

Detected

--------

Status Object

------ ------

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\winrar\winrar.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\windows media player\wmplayer.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\bitpim\bitpimw.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\outlook express\wab.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\google\google earth\googleearth.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\stardock\object desktop\iconpackager\iconexplorer.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\megacubo\megacubo.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\windows nt\acessórios\wordpad.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\xpadder\xpadder.exe

disinfected: virus Virus.Win32.Sality.y File: c:\windows\zssnp211.exe

disinfected: virus Virus.Win32.Sality.y File: c:\windows\domino.exe

disinfected: virus Virus.Win32.Sality.y File: c:\windows\system32\nerocheck.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\motorola\smserial\sm56hlpr.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\styler\styler.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\ares\ares.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\windows live\installer\wlsetupsvc.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\outlook express\setup50.exe

disinfected: virus Virus.Win32.Sality.y File: c:\windows\system32\zipfldr.dll

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\msn gaming zone\windows\bckgzm.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\msn gaming zone\windows\chkrzm.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\netmeeting\conf.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\gamania\counter-strike online\bin\csolauncher.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\msn gaming zone\windows\hrtzzm.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\internet explorer\connection wizard\icwconn1.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\internet explorer\connection wizard\icwconn2.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\internet explorer\connection wizard\inetwiz.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\internet explorer\connection wizard\isignup.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\movie maker\moviemk.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\motorola phone tools\mphonetools.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\k-lite codec pack\media player classic\mplayerc.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\messenger\msmsgs.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\ea games\need for speed hot pursuit 2\nfshp2.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\photoscape\photoscape.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\windows nt\pinball\pinball.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\msn gaming zone\windows\rvsezm.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\msn gaming zone\windows\shvlzm.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\broffice.org 2.0\program\soffice.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\nfsu2\speed2.exe

disinfected: virus Virus.Win32.Sality.y File: c:\arquivos de programas\unzixwin\unzixwin.exe

disinfected: virus Virus.Win32.Sality.y File: C:\uninstall.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\3Danalizer\3DAnalyze.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Ares\chatServer.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Ares\Uninstall.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Arquivos comuns\Adobe AIR\Versions\1.0\Resources\template.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Arquivos comuns\Motorola Shared\MotPCSDrivers\USB Networking\usblan_ifconfig.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Bad Boys II\BBpc.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BeachSoccer\BeachSoccer.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BeachSoccer\uninstall.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BitPim\bitpim.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BitPim\helpers\ffmpeg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BitPim\helpers\pngtopnm.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BitPim\helpers\pnmtopng.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BitPim\helpers\ppmquant.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\configimport.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\gengal.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\msfontextract.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\msi-pkgchk.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\nsplugin.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\pkgchk.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\sbase.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\scalc.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\sdraw.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\senddoc.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\setofficelang.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\simpress.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\smath.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.bin

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\swriter.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\testtool.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\uno.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\unopkg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\python-core-2.3.4\bin\python.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\BrOffice.org 2.0\program\python-core-2.3.4\lib\distutils\command\wininst.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Bywifi\bywifi.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\CAPCOM\resident evil 4\game.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\CAPCOM\resident evil 4\launcher.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\CAPCOM\resident evil 4\Loader.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\CAPCOM\resident evil 4\SetupTool.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\CAPCOM\resident evil 4\crack resd 4\game.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Climatempo Widget\Climatempo Widget.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Crashday\UHARC.EXE

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Crashday\textures\fonts\FontCreator.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Crashday\textures\fonts\PROJECT1.EXE

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Crazy Frog Racer\CONFIGURE.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Crazy Frog Racer\cracktro.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Crazy Frog Racer\CrazyFrog2.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Dave Mirra freestyle BMX\NgBMX.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Dave Mirra freestyle BMX\uninstall.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Desktop iPhone\Desktop iPhone.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\eauninstall.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\Need For Speed Hot Pursuit 2_uninst.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\Support\go_ez.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\Support\Need For Speed Hot Pursuit 2_code.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\Support\Need For Speed Hot Pursuit 2_eReg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\Support\Need For Speed Hot Pursuit 2_EZ.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\EA Games\Need For Speed Hot Pursuit 2\Support\Need For Speed Hot Pursuit 2_uninst.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Fantastic Four\Launcher.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Fantastic Four\Game\Game.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Gamania\Counter-Strike Online\uninst.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Gamania\Counter-Strike Online\Bin\cstrike-online.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Gamania\Counter-Strike Online\Bin\NMService.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Google\Google Earth\earthflashsol.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Google\Google Earth\gpsbabel.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\GTA você\gta-você.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Guitar Hero III\FretsOnFire.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Half-Life Model Viewer\hlmv.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Half-Life Model Viewer\Uninstal.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Internet Explorer\iedw.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwrmind.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwtutor.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\IObit\Advanced SystemCare 3\Sup_DAP.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Iron Man\GameLauncher.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Iron Man\IronMan.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Iron Man\SetupReg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Juiced\Juiced.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Juiced\JuicedConfig.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Juiced\SetupReg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Juiced\mediaCenter\mediacenterstartJuiced.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Juiced\mediaCenter\mediacenterstartJuicedConfig.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Filters\ac3config.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Filters\divxconfig.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Filters\DivXsm.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Filters\Haali\gdsmux.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\dsconfig.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\fourcc.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\graphstudio.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\mediainfo.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\minicalc.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\StatsReader.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\VobSubStrip.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\K-Lite Codec Pack\Tools\gspot\gspot.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Marcos Velasco Security\MV AntiSpy 4.0\ANTISPY.EXE

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Marcos Velasco Security\MV AntiSpy 4.0\KILLPROCESS.EXE

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Megacubo\bin\pv.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Mioplanet\PixelRuler\PixelRuler.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Motorola Phone Tools\AMRCodec.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Motorola Phone Tools\AvqBTEnum.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Motorola Phone Tools\LiveUpdateLauncher.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Motorola Phone Tools\MMCenter.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Motorola Phone Tools\MOffice.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Motorola Phone Tools\TMonitor.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\MSN Gaming Zone\Windows\zClientm.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NARC-FAS\charlie.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NetMeeting\cb32.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NetMeeting\wb32.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU\NFSUNDER\SetupReg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU\NFSUNDER\Speed.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU\NFSUNDER\3DSetup\3DSetup.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU2\eauninstall.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU2\SetupReg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU2\Support\EasyInfo.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU2\Support\EReg.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU2\Support\Need for Speed Underground 2_code.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\NFSU2\Support\Need for Speed Underground 2_uninst.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\O3DS\mk_folders.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\O3DS\mk_icon.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\O3DS\oni3.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\O3DS\Oni3Launcher.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Outlook Express\msimn.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Outlook Express\oemig50.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Outlook Express\wabmig.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PC_Track.Mania.Sunrise.Extreme.(rip)\TMS\Install-Game.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PC_Track.Mania.Sunrise.Extreme.(rip)\TMS\TmSunrise.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PC_Track.Mania.Sunrise.Extreme.(rip)\TMS\TmSunriseLauncher.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PhotoFiltre Studio\pf-studio.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PhotoFiltre Studio\Uninst.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Pro Beach Soccer\BeachSoccer.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Pro Beach Soccer\KeyMapper.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\Pro Beach Soccer\Resolution.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PRSL\EngineImplementation_Retail.exe

disinfected: virus Virus.Win32.Sality.y File: C:\Arquivos de programas\PRSL\GameLauncher.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam esqueça o post acima

Upei um arquivo no megaupload(RELATORIO DO KASPERSKY)

Só nao coloquei aqui pq eli é gigantesco

Arquivo

Mas Aqui esta o do hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at Kau.ua ? 07:23:52, on 11/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Megaupload\Mega Manager\MegaManager.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\ABC.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptsn.dll (file missing)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [style Change Application] C:\Arquivos de programas\Styler\Styler.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: is-F9MRO.lnk = C:\Arquivos de programas\Virus Removal Tool\is-F9MRO\startup.exe

O4 - Startup: Styler.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)

O23 - Service: Google Update Service (gupdate1c994496999e4bd) (gupdate1c994496999e4bd) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 6389 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Kaua Fabiano

 

<!> A infecção é pelo Sality,que infecta executáveis e de difícil remoção/desinfecção.

<><><><><><><><><><><><><><>

<@> Vá à este endereço,e execute a vacina antisality.

 

< Win32_Sality >

 

<@> Execute estas instruções:

 

Win32/Sality

 

<!> Baixe os três arquivos,para a pasta: C:\Sality <-- Crie esta pasta!

 

<1> rmsality.exe

<2> rmsality.nt

<3> rmsality.dos

 

<!> Execute o arquivo: rmsality.exe

 

<!> Você também pode especificar os discos,para restaurar,como parâmetro de um comando.

<!> Exemplo: C:\Sality\rmsality C: D:

<!> Se o comando é usado sem parâmetros,será restaurado todos os discos no computador.

<!> Ps: O êxito do removedor,necessita de direitos administrativos.

<!> Para a funcionalidade apropriada do removedor,é necessário salvar o rmsality.nt e o rmsality.dos,na mesma pasta que o rmsality.exe.

<!> Ps: Caso possua ficheiro(s) infectados,execute o procedimento logo abaixo.

<!> Vá em Iniciar --> Executar --> Digite:

 

c:\Sality\rmsality c:\windows\explorer.exe --> Aperte Enter.

<><><><><><><><><><><>

<@> Baixe: < drweb.gif >

<@> Salve-o no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!

<@> Poste: DrWeb.csv

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só mais uma coisa q eu quera te perguntar

alguns virus ja foram removidos :thumbsup:

mais o win xp ainda nao esta reconhecendo o pendrive

preciso q o pen funcione urgentemente

Mtu obrigado DigRam

Abraço..

 

Meu pc nao esta mais com virus :rolleyes:

a vacina antisality nao encontrou nenhum virus e nao apareceu o relatorio

mais o problema do pen drive ainda esta no pc <_<

 

Vlw DigRam

Compartilhar este post


Link para o post
Compartilhar em outros sites
Só mais uma coisa q eu quera te perguntar

alguns virus ja foram removidos :thumbsup:

mais o win xp ainda nao esta reconhecendo o pendrive

preciso q o pen funcione urgentemente

Mtu obrigado DigRam

Abraço..

 

Meu pc nao esta mais com virus :rolleyes:

a vacina antisality nao encontrou nenhum virus e nao apareceu o relatorio

mais o problema do pen drive ainda esta no pc <_<

 

Vlw DigRam

<><><><><><><><><><><>

Opa! Kaua Fabiano

 

<!> Rode o DrWebCureIt,e poste o relatório. :thumbsup:

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui esta o log do Dr.Web

Log

----------------------------------

DrWeb.csv

 

uninstall.exe;C:\;Trojan.Swizzor.9827;Eliminado.;

FindyKill.exe\data013;C:\Arquivos de programas\FindyKill.exe;Tool.Prockill;;

FindyKill.exe;C:\Arquivos de programas;A pasta contem objectos infectados;Movido.;

KB888111xpsp2.exe;C:\Arquivos de programas\Realtek\Audio\InstallShield;Win32.Sector.5;Desinfectado.;

winbscnsl.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

windclclc.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winglad.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

wingtdg.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winhwkx.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winikpd.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winqwgtdo.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

wintxfr.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winvfdxof.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winvlffg.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winycdxe.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

winyughhp.exe;C:\Documents and Settings\Kaua\Configurações locais\temp;Trojan.PWS.Multi.29;Eliminado.;

KomboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Kaua\Desktop\Arquivos\KomboFix.exe/data002;Program.PsExec.171;;

data002;C:\Documents and Settings\Kaua\Desktop\Arquivos;O arquivo contém objectos infectados;;

KomboFix.exe;C:\Documents and Settings\Kaua\Desktop\Arquivos;A pasta contem objectos infectados;Movido.;

Process.exe;C:\FindyKill\Tools;Tool.Prockill;;

GPL FUNK.exe;C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\DADOSD~1\That Face Camp Shim;Trojan.Swizzor.based;Eliminado.;

audio 16 one.exe;C:\Lop SD\Backup-Lop\DOCUME~1\Kaua\DADOSD~1\EXTRAC~1;Trojan.Swizzor.based;Eliminado.;

iktzeitp.exe;C:\Lop SD\Backup-Lop\DOCUME~1\Kaua\DADOSD~1\EXTRAC~1;Trojan.Swizzor.based;Eliminado.;

LoadMemo.exe;C:\Lop SD\Backup-Lop\DOCUME~1\Kaua\DADOSD~1\EXTRAC~1;Trojan.Swizzor.based;Eliminado.;

weysshwm.exe;C:\Lop SD\Backup-Lop\DOCUME~1\Kaua\DADOSD~1\EXTRAC~1;Trojan.Swizzor.based;Eliminado.;

A0009935.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP20;Win32.Sector.5;Desinfectado.;

A0009936.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP20;Win32.Sector.5;Desinfectado.;

A0009937.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP20;Win32.Sector.5;Desinfectado.;

------------------------------------------

------------------------------------------

A0016292.exe\data013;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41\A0016292.exe;Tool.Prockill;;

A0016292.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;A pasta contem objectos infectados;Movido.;

A0016293.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;Win32.Sector.5;Desinfectado.;

A0016294.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41\A0016294.exe/data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;O arquivo contém objectos infectados;;

A0016294.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;A pasta contem objectos infectados;Movido.;

A0016295.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;Trojan.Swizzor.based;Eliminado.;

A0016296.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;Trojan.Swizzor.based;Eliminado.;

A0016297.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;Trojan.Swizzor.based;Eliminado.;

A0016298.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;Trojan.Swizzor.based;Eliminado.;

A0016299.exe;C:\System Volume Information\_restore{B91FEDF3-EF22-4A14-9672-A6558A9D2F0A}\RP41;Trojan.Swizzor.based;Eliminado.;

-------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Kaua Fabiano

 

<!> Ainda existem infecções pelo Sality,e a correção do problema relacionado ao pendrive,exige a desinfecção do computador.

<><><><><><><><><><><>

<@> Baixe: < McAfee Avert Stinger >

<@> Salve-o no Desktop!

<@> Clique em Add,e adicione as demais unidades de disco que possua. ( Por exemplo, a unidade D:\ ).

<@> Em seguida,clique em "Scan now".

<@> Aguarde o término do Scan.

<><><><><><><><><><><>

<@> Execute,novamente,a ferramenta: Kaspersky Virus Removal Tool,e poste seu relatório.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Uffa Processo muito demorado :upset:

mais aqui esta o Log Do Kaspersky

 

Abraços...

Compartilhar este post


Link para o post
Compartilhar em outros sites
Uffa Processo muito demorado :upset:

mais aqui esta o Log Do Kaspersky

 

Abraços...

<><><><><><><><><>

Opa! Kaua Fabiano

 

<!> A infecção é extença e,se não houver êxito na desinfecção,formate o computador e substitua a memória RAM.

<!> Não faça backups,pois pode ocorrer reinfecção!

<><><><><><><><><>

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.