JR Silva 0 Denunciar post Postado Maio 4, 2009 Estava com o AVIRA que detectou TR/crypt.XPACK.Gen.Trojan, após isso, instalei o Malwarebytes' Anti-Malware que detectou 2 Adware vídeo-Egg. Desinstalei o Avira, pois o mesmo não funcionava mais, agora não consigo mais instalar nenhum antivirus. Rodei o Combofix e o HijackThis que estarei postando a seguir. Muito Obrigado! ComboFix 09-05-02.4 - JR Silva 03/05/2009 1:43.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.334 [GMT -3:00] Executando de: c:\documents and settings\JR Silva.MICRO\Meus documentos\Novos Programas\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) FW: *disabled* . (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))) . 2009-05-03 04:29 . 2007-01-18 12:00 3968 ----a-w c:\windows\system32\drivers\AvgArCln.sys 2009-05-02 21:48 . 2009-05-02 21:48 -------- d-----w c:\arquivos de programas\Alwil Software 2009-05-02 20:24 . 2009-05-02 20:24 -------- d-----w c:\arquivos de programas\Sygate 2009-05-02 20:24 . 2009-05-02 20:24 -------- d-----w c:\arquivos de programas\Firebird 2009-05-02 20:24 . 2009-05-02 20:24 -------- d-----w c:\arquivos de programas\Corel 2009-05-02 20:24 . 2009-05-02 20:24 -------- d--h--w c:\documents and settings\JR Silva.MICRO\Recent(2) 2009-05-02 20:24 . 2009-05-02 20:24 -------- d-----w c:\arquivos de programas\Softwin 2009-05-02 20:24 . 2009-05-02 20:24 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-05-02 20:23 . 2009-05-02 20:24 -------- d-----w c:\arquivos de programas\SUPERAntiSpyware 2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\Malwarebytes 2009-04-30 22:07 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-30 22:07 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-04-29 12:28 . 2009-04-29 12:28 -------- d-----w c:\arquivos de programas\daniel web studio 2009-04-28 19:21 . 2009-02-13 14:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-24 11:14 . 2009-04-24 11:19 -------- d-----w c:\windows\system32\Adobe 2009-04-21 14:04 . 2004-10-15 21:32 14568 ----a-w c:\windows\system32\drivers\wg6n.sys 2009-04-21 14:04 . 2004-10-15 21:32 14568 ----a-w c:\windows\system32\drivers\wg5n.sys 2009-04-21 14:04 . 2004-10-15 21:32 14568 ----a-w c:\windows\system32\drivers\wg4n.sys 2009-04-21 14:04 . 2004-10-15 21:32 14568 ----a-w c:\windows\system32\drivers\wg3n.sys 2009-04-21 14:04 . 2004-10-15 21:17 60496 ----a-w c:\windows\system32\drivers\Teefer.sys 2009-04-21 14:04 . 2004-10-15 21:18 21075 ----a-w c:\windows\system32\drivers\wpsdrvnt.sys 2009-04-21 14:04 . 2004-10-15 21:32 83096 ----a-w c:\windows\system32\SSSensor.dll 2009-04-21 13:03 . 2009-04-21 13:03 -------- d-----w c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\Skype 2009-04-21 13:03 . 2009-04-21 13:03 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-04-20 09:15 . 2009-04-20 09:16 -------- dc----w C:\Arquivos Media Player 2009-04-19 13:29 . 2004-08-04 07:45 221184 ----a-w c:\windows\system32\wmpns.dll 2009-04-16 20:13 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 20:13 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 20:13 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 20:13 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 20:13 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 20:13 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 20:13 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 20:13 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 20:13 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 12:57 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-16 02:46 . 2009-04-16 02:46 -------- d-----w c:\windows\Sun 2009-04-16 02:45 . 2009-04-16 02:45 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-16 02:45 . 2009-04-16 02:45 -------- d-----w c:\arquivos de programas\Java 2009-04-14 08:22 . 2009-04-14 08:22 -------- d-----r c:\documents and settings\LocalService\Favoritos . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 04:30 . 2006-09-01 20:50 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-03 03:00 . 2009-02-03 09:01 898 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job 2009-05-02 12:02 . 2007-01-03 13:19 -------- d-----w c:\arquivos de programas\Windows Media Connect 2 2009-04-25 16:25 . 2008-10-31 19:09 -------- d-----w c:\arquivos de programas\DreaMule 2009-04-25 10:52 . 2006-09-02 13:15 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared 2009-04-20 18:22 . 2007-03-18 01:36 -------- d-----w c:\arquivos de programas\Google 2009-04-19 13:04 . 2001-10-28 18:07 39076 ----a-w c:\windows\system32\perfc016.dat 2009-04-19 13:04 . 2001-10-28 18:07 152918 ----a-w c:\windows\system32\perfh016.dat 2009-03-27 09:34 . 2008-09-09 22:04 -------- d-----w c:\arquivos de programas\McAfee 2009-03-11 13:44 . 2008-07-16 07:24 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy 2009-03-06 14:20 . 2004-08-04 00:45 286208 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:06 . 2004-08-04 00:45 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:11 . 2004-08-04 00:45 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 22:07 . 2004-08-04 00:40 2070272 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:06 . 2004-08-04 00:38 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:25 . 2004-08-04 00:40 2193280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2004-08-04 00:45 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-04 00:45 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:53 . 2004-08-04 00:45 731648 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-04 00:45 683520 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2004-08-04 00:45 730624 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 10:39 . 2001-10-28 15:07 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2004-08-04 00:45 56832 ----a-w c:\windows\system32\secur32.dll 2008-03-11 00:22 . 2008-03-11 00:16 4265560 ----a-w c:\arquivos de programas\FLV PlayerRCATSetup.exe 2008-03-10 23:15 . 2008-03-10 23:14 411248 ----a-w c:\arquivos de programas\FLV PlayerRCSetup.exe 2002-04-05 18:29 . 2008-03-15 15:09 1208320 ------w c:\arquivos de programas\SothinkHtmlEditor.exe 2001-04-26 15:00 . 2008-03-15 15:09 4723 ------w c:\arquivos de programas\license.txt 2001-04-26 15:00 . 2008-03-15 15:09 561152 ------w c:\arquivos de programas\SiteManager.exe 2001-04-26 15:00 . 2008-03-15 15:09 176128 ------w c:\arquivos de programas\TagDefine.exe 2001-04-26 15:00 . 2008-03-15 15:09 17034 ------w c:\arquivos de programas\HTMLKeyword.txt 2001-04-26 15:00 . 2008-03-15 15:09 1340187 ------w c:\arquivos de programas\SothinkHTMLEditor.chm . ------- Sigcheck ------- [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-05-02_22.25.26 ))))))))))))))))))))))))))))))))))))))))) . + 2007-01-31 13:33 . 2007-01-31 13:33 5632 c:\windows\system32\drivers\avgarkt.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-16 148888] "SmcService"="c:\arquiv~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\JR Silva.MICRO\Menu Iniciar\Programas\Inicializar\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Inicializa‡Æo R pida do Microsoft Office OneNote 2003.lnk - c:\arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll "wave3"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk] backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk] backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^MICRO1^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Adobe LM Service"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "MDM"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= R1 aswSP;avast! Self Protection; [x] R1 SASDIFSV;SASDIFSV; [x] R1 SASKUTIL;SASKUTIL; [x] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 gupdate1c985ddf42d753a;Google Update Service (gupdate1c985ddf42d753a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-03 133104] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] R3 SASENUM;SASENUM; [x] . Conteúdo da pasta 'Tarefas Agendadas' 2009-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-03 09:00] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\Mozilla\Firefox\Profiles\d7y5ujmh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q= FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\arquivos de programas\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-03 01:45 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(236) c:\windows\system32\ac3filter.acm . Tempo para conclusão: 2009-05-03 1:48 ComboFix-quarantined-files.txt 2009-05-03 04:47 ComboFix2.txt 2009-05-02 22:28 Pré-execução: 31 pasta(s) 16.111.845.376 bytes disponíveis Pós execução: 30 pasta(s) 16.107.540.480 bytes disponíveis 207 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:58:55, on 3/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [smcService] C:\ARQUIV~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Inicialização Rápida do Microsoft Office OneNote 2003.lnk = C:\Arquivos de programas\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/28.33/uploader2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163713723062 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Google Update Service (gupdate1c985ddf42d753a) (gupdate1c985ddf42d753a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Arquivos de programas\Sygate\SPF\smc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 5922 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 4, 2009 Olá JR Silva! Baixe o Kaspersky AVP Tool http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ Salve-o em sua área de trabalho. Execute o arquivo e vá seguindo os prompts. Quando terminar, marque a caixa ao lado de Meu Computador, e depois clique em Scan Tenha paciência, é um pouco demorado. Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer. Clique em Skip (queremos apenas o log). Obs: Talvez seja necessário clicar em Skip várias vezes, caso o programa encontre vários arquivos, portanto seja paciente. Quando o programa exibir a mensagem Scan Completed, clique na aba Events, desmarque a caixa de seleção "Show all events" e depois clique em "Save to file". Salve o log em local de fácil acesso. Rode novamente o ComboFix. Poste o log do KRT e o novo do ComboFix. Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 8, 2009 :cry: Brother! Não consigo rodar. Instalei, mas não consigo completar o scan. Será que teria outra opção? Obrigado! Aloha! Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 8, 2009 Olá, tente em modo de segurança. Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro. Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 9, 2009 Sam Spade, Já tentei de todas as formas possíveis, inclusive em modo de segurança: 1 - Conectado roda até 56%, após isso ele fica apenas aumentando o tempo de escaneamento. 2 - F8 - Não roda 3 - Desconectado- Não roda Ontem detectei mais um worm com o HijackThis, hoje rodei o Malwarebytes' Anti-Malware e foi detectado Rootkit.Bagle. Ps.: Brother, não sei se posso postar isso aqui, caso não possa me desculpe: Eu rodei o Trend Micro HouseCall enquanto escaneava eu baixei e consegui instalar o Avira, o mesmo detectou 17 WARNING's Não sei mais o que fazer. Me ajuda! Obrigado! Aloha! :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 9, 2009 Baixe > GMER Extraia os seus arquivos para o desktop. Dê um duplo-clique no gmer.exe. Clique na aba Rootkit e depois no botão Scan. IMPORTANTE: Não marque a caixa Show All. Quando o scan acabar, clique em Copy para copiar o conteúdo para a área de transferência. Abra o bloco de notas e cole o que copiou, e salve com o nome que desejar. Copie e cole o conteúdo desse bloco de notas na sua resposta. OBS: se não conseguir rodar o GMER, renomeie o seu .exe para qualquer nome, como por exemplo, abcde.exe e tente rodá-lo de novo. Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 13, 2009 Boa tarde, Só consegui rodar o Kaspersky on line, segue o log: KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, May 13, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, May 13, 2009 07:05:20 Records in database: 2171373 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 112820 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:44:06 No malware has been detected. The scan area is clean. The selected area was scanned. Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 14, 2009 Olá, o Kaspersky online deu PC limpo. Precisamos de análises mais profundas e com ferramentas mais especializadas. Não conseguiu baixar ou rodar o GMER? Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 16, 2009 Fala Brother! Executei como você indicou, segue o log: Ps.: Eu uso o Avira porque aparece esse Avast no log? Obrigado! GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-16 10:49:57 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF548F6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF548F574] SSDT F7C7C0E4 ZwCreateThread SSDT F7C7C0F3 ZwDeleteKey SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF548FA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF548F14C] SSDT F7C7C102 ZwLoadKey SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF548F64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF548F08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF548F0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF548F76E] SSDT F7C7C10C ZwReplaceKey SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF548F72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF548F8AE] SSDT F7C7C0DF ZwTerminateProcess ---- EOF - GMER 1.0.15 ---- Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 16, 2009 Kar.................! Brother ! Tenha paciência que demora um pouco! Imagina se só demorasse...Mais está tranquilo, consegui rodar...Obrigado!!!! 1- Scan ---- Scanned: 1080879 Detected: 0 Untreated: 0 Start time: 16/5/2009 12:01:03 Duration: 05:54:58 Finish time: 16/5/2009 17:56:01 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan.zip/sbRecovery.reg password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan1.zip/sbRecovery.reg password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan1.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan2.zip/sbRecovery.reg password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan2.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger.zip/M0000 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger1.zip/S0000 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger1.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger2.zip/D0000 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger2.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger3.zip/S0000 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger3.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger4.zip/Documents and Settings/All Users/Dados de aplicativos/MPK/1/I39742_4603897106 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger4.zip/Documents and Settings/All Users/Dados de aplicativos/Spybot - Search & Destroy/Recovery/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger5.zip/Documents and Settings/All Users/Dados de aplicativos/MPK/REFOG Keylogger.lnk password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger5.zip/Documents and Settings/All Users/Dados de aplicativos/Spybot - Search & Destroy/Recovery/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip/sbRecovery.reg password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip/1033 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip/1046 password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/01042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/02042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/03042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/04042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/05042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/01042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/02042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/03042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/04042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/05042008.rvl password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/sbRecovery.ini password protected 16/5/2009 12:41:38 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan.zip/sbRecovery.reg password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan1.zip/sbRecovery.reg password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan1.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan2.zip/sbRecovery.reg password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\ClientMan2.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger.zip/M0000 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger1.zip/S0000 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger1.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger2.zip/D0000 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger2.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger3.zip/S0000 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger3.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger4.zip/Documents and Settings/All Users/Dados de aplicativos/MPK/1/I39742_4603897106 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger4.zip/Documents and Settings/All Users/Dados de aplicativos/Spybot - Search & Destroy/Recovery/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger5.zip/Documents and Settings/All Users/Dados de aplicativos/MPK/REFOG Keylogger.lnk password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\KGBKeylogger5.zip/Documents and Settings/All Users/Dados de aplicativos/Spybot - Search & Destroy/Recovery/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip/sbRecovery.reg password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip/1033 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip/1046 password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip/sbRecovery.ini password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/01042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/02042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/03042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/04042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/JR Silva/05042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/01042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/02042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/03042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/04042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/MICRO1/05042008.rvl password protected 16/5/2009 15:29:29 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip/sbRecovery.ini password protected 16/5/2009 15:29:30 File: C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip/sbRecovery.ini password protected Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- 2- ComboFix 09-05-16.03 - JR Silva 16/05/2009 18:09.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.666 [GMT -3:00] Executando de: c:\documents and settings\JR Silva.MICRO\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))) . 2009-05-16 21:07 . 2009-05-17 06:34 -------- dc----w C:\32788R22FWJFW 2009-05-16 15:00 . 2009-05-16 15:00 -------- d-----w c:\windows\LastGood 2009-05-16 14:59 . 2008-07-08 17:54 148496 ----a-w c:\windows\system32\drivers\26912812.sys 2009-05-15 13:18 . 2009-05-15 13:18 -------- d-----w c:\arquivos de programas\GPLGS 2009-05-15 13:13 . 2007-07-13 01:33 87552 ----a-w c:\windows\system32\cpwmon2k.dll 2009-05-15 12:36 . 2009-05-15 12:36 -------- d-----w c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\VSRevoGroup 2009-05-12 20:05 . 2009-05-12 20:05 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard 2009-05-12 19:28 . 2009-05-12 20:07 104614 ----a-w c:\windows\hpoins04.dat 2009-05-12 19:28 . 2004-06-21 17:40 17176 ------w c:\windows\hpomdl04.dat 2009-05-12 15:33 . 2009-05-12 15:33 -------- dc----w C:\temp 2009-05-12 15:33 . 2009-05-12 15:33 -------- dc----w c:\temp\HP_WebRelease 2009-05-11 20:31 . 2009-05-11 20:31 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\IECompatCache 2009-05-11 20:29 . 2009-05-11 20:29 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\PrivacIE 2009-05-11 20:28 . 2009-05-11 20:28 -------- d-sh--w c:\documents and settings\JR Silva.MICRO\IETldCache 2009-05-11 20:26 . 2009-05-11 20:26 -------- d-----w c:\windows\ie8updates 2009-05-11 20:23 . 2009-05-11 20:25 -------- dc-h--w c:\windows\ie8 2009-05-11 20:22 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-05-10 03:42 . 2009-05-10 03:42 -------- d-sh--w C:\found.000 2009-05-08 23:24 . 2009-05-08 23:24 -------- d-----r c:\documents and settings\LocalService\Meus documentos 2009-05-08 21:50 . 2009-05-08 21:50 -------- d-----w c:\arquivos de programas\Avira 2009-05-08 21:13 . 2009-05-08 21:10 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-05-08 21:07 . 2009-05-08 21:24 -------- d-----w c:\documents and settings\JR Silva.MICRO\.housecall6.6 2009-05-08 13:27 . 2001-09-06 02:17 980034 -c--a-w c:\windows\system32\dllcache\cicap.sys 2009-05-08 13:26 . 2008-04-13 18:40 8192 -c--a-w c:\windows\system32\dllcache\changer.sys 2009-05-08 13:25 . 2001-09-06 02:15 49182 -c--a-w c:\windows\system32\dllcache\cem56n5.sys 2009-05-08 13:25 . 2001-09-06 02:15 22044 -c--a-w c:\windows\system32\dllcache\cem33n5.sys 2009-05-08 13:25 . 2001-09-06 02:15 22044 -c--a-w c:\windows\system32\dllcache\cem28n5.sys 2009-05-08 13:25 . 2001-09-06 02:15 27164 -c--a-w c:\windows\system32\dllcache\ce3n5.sys 2009-05-08 13:25 . 2001-09-06 02:15 21530 -c--a-w c:\windows\system32\dllcache\ce2n5.sys 2009-05-08 13:25 . 2001-08-18 00:52 7680 -c--a-w c:\windows\system32\dllcache\cd20xrnt.sys 2009-05-08 13:25 . 2008-04-13 18:46 17024 -c--a-w c:\windows\system32\dllcache\ccdecode.sys 2009-05-08 13:25 . 2001-09-06 02:15 715210 -c--a-w c:\windows\system32\dllcache\cbmdmkxx.sys 2009-05-08 13:25 . 2001-08-17 23:13 46108 -c--a-w c:\windows\system32\dllcache\cben5.sys 2009-05-08 13:24 . 2001-08-17 23:12 39680 -c--a-w c:\windows\system32\dllcache\cb325.sys 2009-05-08 13:24 . 2001-08-17 23:12 37916 -c--a-w c:\windows\system32\dllcache\cb102.sys 2009-05-08 13:24 . 2001-09-06 02:50 32256 -c--a-w c:\windows\system32\dllcache\diapi2NT.dll 2009-05-08 13:24 . 2001-08-17 23:13 164923 -c--a-w c:\windows\system32\dllcache\diapi2.sys 2009-05-08 13:24 . 2008-04-14 02:20 121856 -c--a-w c:\windows\system32\dllcache\camext30.dll 2009-05-08 13:24 . 2001-09-06 02:50 236032 -c--a-w c:\windows\system32\dllcache\camext20.dll 2009-05-08 13:24 . 2001-09-06 02:50 74240 -c--a-w c:\windows\system32\dllcache\camexo20.dll 2009-05-08 13:23 . 2001-08-18 01:04 171264 -c--a-w c:\windows\system32\dllcache\camdrv30.sys 2009-05-08 13:23 . 2001-08-18 01:04 223232 -c--a-w c:\windows\system32\dllcache\camdrv21.sys 2009-05-08 13:23 . 2001-08-18 01:05 314752 -c--a-w c:\windows\system32\dllcache\camdro21.sys 2009-05-08 13:17 . 2001-09-06 02:12 14080 -c--a-w c:\windows\system32\dllcache\bulltlp3.sys 2009-05-08 13:17 . 2001-08-17 23:11 31529 -c--a-w c:\windows\system32\dllcache\brzwlan.sys 2009-05-08 13:17 . 2001-08-18 00:12 10368 -c--a-w c:\windows\system32\dllcache\brusbscn.sys 2009-05-08 13:17 . 2001-08-18 00:12 11008 -c--a-w c:\windows\system32\dllcache\brusbmdm.sys 2009-05-08 13:17 . 2001-08-18 00:12 60416 -c--a-w c:\windows\system32\dllcache\brserwdm.sys 2009-05-08 13:17 . 2001-09-06 02:50 9728 -c--a-w c:\windows\system32\dllcache\brserif.dll 2009-05-08 13:17 . 2001-09-06 02:50 5120 -c--a-w c:\windows\system32\dllcache\brscnrsm.dll 2009-05-08 13:16 . 2001-09-06 02:12 39680 -c--a-w c:\windows\system32\dllcache\brparwdm.sys 2009-05-08 13:16 . 2001-08-18 00:12 3168 -c--a-w c:\windows\system32\dllcache\brparimg.sys 2009-05-08 13:16 . 2001-09-06 02:50 41472 -c--a-w c:\windows\system32\dllcache\brmfusb.dll 2009-05-08 13:16 . 2001-09-06 02:50 32256 -c--a-w c:\windows\system32\dllcache\brmfrsmg.exe 2009-05-08 13:16 . 2001-09-06 02:50 29696 -c--a-w c:\windows\system32\dllcache\brmflpt.dll 2009-05-08 13:16 . 2001-09-06 02:50 81920 -c--a-w c:\windows\system32\dllcache\brmfcwia.dll 2009-05-08 13:16 . 2001-09-06 02:50 15360 -c--a-w c:\windows\system32\dllcache\brmfbidi.dll 2009-05-08 13:16 . 2001-08-18 00:12 3968 -c--a-w c:\windows\system32\dllcache\brfiltup.sys 2009-05-08 13:16 . 2001-08-18 00:12 12160 -c--a-w c:\windows\system32\dllcache\brfiltlo.sys 2009-05-08 13:16 . 2001-08-18 00:12 2944 -c--a-w c:\windows\system32\dllcache\brfilt.sys 2009-05-08 13:16 . 2001-09-06 02:50 12800 -c--a-w c:\windows\system32\dllcache\brevif.dll 2009-05-08 13:16 . 2001-09-06 02:50 9728 -c--a-w c:\windows\system32\dllcache\brcoinst.dll 2009-05-08 13:15 . 2001-09-06 02:50 19456 -c--a-w c:\windows\system32\dllcache\brbidiif.dll 2009-05-08 13:15 . 2001-09-06 02:50 102912 -c--a-w c:\windows\system32\dllcache\binlsvc.dll 2009-05-08 13:15 . 2008-04-13 18:46 11776 -c--a-w c:\windows\system32\dllcache\bdasup.sys 2009-05-08 13:15 . 2001-08-18 00:28 871388 -c--a-w c:\windows\system32\dllcache\bcmdm.sys 2009-05-08 13:15 . 2001-08-17 23:11 26568 -c--a-w c:\windows\system32\dllcache\bcm4e5.sys 2009-05-08 13:15 . 2001-08-17 23:11 54271 -c--a-w c:\windows\system32\dllcache\bcm42xx5.sys 2009-05-08 13:15 . 2001-08-17 23:11 66557 -c--a-w c:\windows\system32\dllcache\bcm42u.sys 2009-05-08 13:15 . 2008-04-13 18:36 14208 -c--a-w c:\windows\system32\dllcache\battc.sys 2009-05-08 13:14 . 2001-08-17 23:48 36128 -c--a-w c:\windows\system32\dllcache\banshee.sys 2009-05-08 13:14 . 2001-09-06 02:49 342336 -c--a-w c:\windows\system32\dllcache\banshee.dll 2009-05-08 13:14 . 2001-09-06 02:09 97184 -c--a-w c:\windows\system32\dllcache\b57xp32.sys 2009-05-08 13:14 . 2001-08-17 23:13 89952 -c--a-w c:\windows\system32\dllcache\b1cbase.sys 2009-05-08 13:14 . 2001-08-17 23:19 36992 -c--a-w c:\windows\system32\dllcache\aztw2320.sys 2009-05-08 13:14 . 2001-08-17 23:13 37568 -c--a-w c:\windows\system32\dllcache\avmwan.sys 2009-05-08 13:14 . 2001-09-06 02:50 144384 -c--a-w c:\windows\system32\dllcache\avmenum.dll 2009-05-08 13:14 . 2001-09-06 02:50 87552 -c--a-w c:\windows\system32\dllcache\avmcoxp.dll 2009-05-08 13:14 . 2008-04-13 18:46 13696 -c--a-w c:\windows\system32\dllcache\avcstrm.sys 2009-05-08 13:14 . 2001-08-18 01:01 36096 -c--a-w c:\windows\system32\dllcache\avcaudio.sys 2009-05-08 13:14 . 2008-04-13 18:46 38912 -c--a-w c:\windows\system32\dllcache\avc.sys 2009-05-08 13:13 . 2001-08-17 23:49 23552 -c--a-w c:\windows\system32\dllcache\atixbar.sys 2009-05-08 13:13 . 2001-08-17 23:49 26624 -c--a-w c:\windows\system32\dllcache\ativxbar.sys 2009-05-08 13:13 . 2001-08-17 23:49 19456 -c--a-w c:\windows\system32\dllcache\ativttxx.sys 2009-05-08 13:13 . 2001-08-17 23:49 9472 -c--a-w c:\windows\system32\dllcache\ativmdcd.sys 2009-05-08 13:13 . 2001-08-17 23:49 17152 -c--a-w c:\windows\system32\dllcache\atitvsnd.sys 2009-05-08 13:13 . 2001-08-17 23:49 17152 -c--a-w c:\windows\system32\dllcache\atitunep.sys 2009-05-08 13:13 . 2001-08-17 23:49 26880 -c--a-w c:\windows\system32\dllcache\atirtsnd.sys 2009-05-08 13:13 . 2001-08-17 23:49 49920 -c--a-w c:\windows\system32\dllcache\atirtcap.sys 2009-05-08 13:13 . 2001-09-06 02:08 70656 -c--a-w c:\windows\system32\dllcache\atiragem.sys 2009-05-08 13:12 . 2001-08-17 23:49 10240 -c--a-w c:\windows\system32\dllcache\atipcxxx.sys 2009-05-08 13:12 . 2001-09-06 02:08 281600 -c--a-w c:\windows\system32\dllcache\atimtai.sys 2009-05-08 13:12 . 2001-09-06 02:08 75264 -c--a-w c:\windows\system32\dllcache\atimpae.sys 2009-05-08 13:12 . 2001-09-06 02:08 289792 -c--a-w c:\windows\system32\dllcache\atimpab.sys 2009-05-08 13:12 . 2001-09-06 02:50 37376 -c--a-w c:\windows\system32\dllcache\atievxx.exe 2009-05-08 13:12 . 2001-09-06 02:49 268160 -c--a-w c:\windows\system32\dllcache\atidvai.dll 2009-05-08 13:12 . 2001-09-06 02:49 137216 -c--a-w c:\windows\system32\dllcache\atidrae.dll 2009-05-08 13:12 . 2001-09-06 02:49 382592 -c--a-w c:\windows\system32\dllcache\atidrab.dll 2009-05-08 13:12 . 2001-08-17 23:49 46464 -c--a-w c:\windows\system32\dllcache\atibt829.sys 2009-05-08 13:11 . 2001-09-06 02:08 77824 -c--a-w c:\windows\system32\dllcache\ati.sys 2009-05-08 13:11 . 2001-09-06 02:49 96128 -c--a-w c:\windows\system32\dllcache\ati.dll 2009-05-08 13:11 . 2001-08-17 23:12 97354 -c--a-w c:\windows\system32\dllcache\aspndis3.sys 2009-05-08 13:11 . 2001-08-18 00:51 14848 -c--a-w c:\windows\system32\dllcache\asc3550.sys 2009-05-08 13:11 . 2001-08-18 00:52 22400 -c--a-w c:\windows\system32\dllcache\asc3350p.sys 2009-05-08 13:11 . 2001-08-18 00:52 26496 -c--a-w c:\windows\system32\dllcache\asc.sys 2009-05-08 13:11 . 2001-08-18 00:47 6272 -c--a-w c:\windows\system32\dllcache\apmbatt.sys 2009-05-08 13:10 . 2004-08-04 00:31 36224 -c--a-w c:\windows\system32\dllcache\an983.sys 2009-05-08 13:10 . 2001-08-18 00:52 12032 -c--a-w c:\windows\system32\dllcache\amsint.sys 2009-05-08 13:10 . 2001-08-17 23:11 16969 -c--a-w c:\windows\system32\dllcache\amb8002.sys 2009-05-08 13:10 . 2001-08-18 00:51 5248 -c--a-w c:\windows\system32\dllcache\aliide.sys 2009-05-08 13:10 . 2001-08-18 00:49 26624 -c--a-w c:\windows\system32\dllcache\alifir.sys 2009-05-08 13:10 . 2001-08-17 23:11 27678 -c--a-w c:\windows\system32\dllcache\ali5261.sys 2009-05-08 13:10 . 2001-08-18 01:07 56960 -c--a-w c:\windows\system32\dllcache\aic78xx.sys 2009-05-08 13:10 . 2001-08-18 01:07 55168 -c--a-w c:\windows\system32\dllcache\aic78u2.sys 2009-05-08 13:10 . 2001-08-18 00:52 12800 -c--a-w c:\windows\system32\dllcache\aha154x.sys 2009-05-08 13:09 . 2001-08-18 01:07 101888 -c--a-w c:\windows\system32\dllcache\adpu160m.sys 2009-05-08 13:09 . 2001-08-17 23:11 46112 -c--a-w c:\windows\system32\dllcache\adptsf50.sys 2009-05-08 13:09 . 2004-08-04 00:32 10880 -c--a-w c:\windows\system32\dllcache\admjoy.sys 2009-05-08 13:07 . 2008-04-13 18:40 12288 -c--a-w c:\windows\system32\dllcache\4mmdat.sys 2009-05-08 13:07 . 2001-08-17 23:48 148352 -c--a-w c:\windows\system32\dllcache\3dfxvsm.sys 2009-05-08 13:07 . 2001-09-06 02:49 689216 -c--a-w c:\windows\system32\dllcache\3dfxvs.dll 2009-05-08 13:07 . 2001-08-18 00:28 762780 -c--a-w c:\windows\system32\dllcache\3cwmcru.sys 2009-05-08 13:07 . 2001-08-18 01:06 11264 -c--a-w c:\windows\system32\dllcache\1394vdbg.sys 2009-05-08 13:07 . 2008-04-13 18:46 53376 -c--a-w c:\windows\system32\dllcache\1394bus.sys 2009-05-08 13:05 . 2001-09-06 02:49 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-15 20:28 . 2009-05-05 05:25 1223768 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-15 14:25 . 2009-05-15 14:25 155195 ----a-w c:\arquivos de programas\VIAudioi.rar 2009-05-15 13:13 . 2007-06-07 07:04 -------- d-----w c:\arquivos de programas\Acro Software 2009-05-13 12:03 . 2001-10-28 18:07 39076 ----a-w c:\windows\system32\perfc016.dat 2009-05-13 12:03 . 2001-10-28 18:07 152918 ----a-w c:\windows\system32\perfh016.dat 2009-05-12 20:05 . 2006-09-03 01:24 -------- d-----w c:\arquivos de programas\HP 2009-05-07 21:12 . 2007-03-18 01:36 -------- d-----w c:\arquivos de programas\Google 2009-05-02 12:02 . 2007-01-03 13:19 -------- d-----w c:\arquivos de programas\Windows Media Connect 2 2009-04-25 16:25 . 2008-10-31 19:09 -------- d-----w c:\arquivos de programas\DreaMule 2009-04-25 10:52 . 2006-09-02 13:15 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared 2009-04-16 02:45 . 2009-04-16 02:45 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-16 02:45 . 2009-04-16 02:45 -------- d-----w c:\arquivos de programas\Java 2009-03-08 07:34 . 2004-08-04 00:45 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 07:34 . 2004-08-04 00:45 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 07:33 . 2004-08-04 00:45 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 07:33 . 2004-08-04 00:45 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 07:32 . 2004-08-04 00:45 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 07:32 . 2004-08-04 00:45 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 07:31 . 2004-08-04 00:45 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 07:31 . 2004-08-04 00:44 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 07:31 . 2004-08-04 00:45 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 07:22 . 2001-10-28 15:07 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:20 . 2004-08-04 00:45 286208 ----a-w c:\windows\system32\pdh.dll 2008-03-11 00:22 . 2008-03-11 00:16 4265560 ----a-w c:\arquivos de programas\FLV PlayerRCATSetup.exe 2008-03-10 23:15 . 2008-03-10 23:14 411248 ----a-w c:\arquivos de programas\FLV PlayerRCSetup.exe 2002-04-05 18:29 . 2008-03-15 15:09 1208320 ------w c:\arquivos de programas\SothinkHtmlEditor.exe 2001-04-26 15:00 . 2008-03-15 15:09 4723 ------w c:\arquivos de programas\license.txt 2001-04-26 15:00 . 2008-03-15 15:09 561152 ------w c:\arquivos de programas\SiteManager.exe 2001-04-26 15:00 . 2008-03-15 15:09 176128 ------w c:\arquivos de programas\TagDefine.exe 2001-04-26 15:00 . 2008-03-15 15:09 17034 ------w c:\arquivos de programas\HTMLKeyword.txt 2001-04-26 15:00 . 2008-03-15 15:09 1340187 ------w c:\arquivos de programas\SothinkHTMLEditor.chm . ------- Sigcheck ------- [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-16 148888] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\JR Silva.MICRO\Menu Iniciar\Programas\Inicializar\ is-H1JVO.lnk - c:\documents and settings\JR Silva.MICRO\Desktop\Virus Removal Tool\is-H1JVO\startup.exe [2009-5-16 65536] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll "wave3"= serwvdrv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk] backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização Rápida do Microsoft Office OneNote 2003.lnk] backup=c:\windows\pss\Inicialização Rápida do Microsoft Office OneNote 2003.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk] backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^JR Silva.MICRO^Menu Iniciar^Programas^Inicializar^is-U92T7.lnk] backup=c:\windows\pss\is-U92T7.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^JR Silva.MICRO^Menu Iniciar^Programas^Inicializar^Microsoft Office OneNote 2003 Quick Launch.lnk] backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^MICRO1^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/5/2009 18:48 114768] R1 is-G7D0Sdrv;is-G7D0Sdrv;c:\windows\system32\drivers\82533934.sys [6/5/2009 04:19 148496] R1 is-H1JVOdrv;is-H1JVOdrv;c:\windows\system32\drivers\26912812.sys [16/5/2009 11:59 148496] R1 is-U92T7drv;is-U92T7drv;c:\windows\system32\drivers\08750997.sys [5/5/2009 02:24 148496] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [8/5/2009 18:50 108289] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/5/2009 18:48 20560] S1 SASDIFSV;SASDIFSV;\??\c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS --> c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys --> c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [?] S2 gupdate1c985ddf42d753a;Google Update Service (gupdate1c985ddf42d753a);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2009 06:01 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [30/4/2009 19:07 38496] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2/11/2007 10:47 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2/11/2007 10:47 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2/11/2007 10:47 109992] S3 SASENUM;SASENUM;\??\c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS --> c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [?] --- --- *NewlyCreated* - IS-H1JVODRV *Deregistered* - aujasnkj [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Conteúdo da pasta 'Tarefas Agendadas' 2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-03 09:00] 2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{437FF51F-8055-478F-AF75-34D986490EF9}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1242130207&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dcompose%253fsubject%253dGoogle%2526body%253dhttp%253a%252f%252fwww.google.com.br%252f&lc=1046&id=64855&mkt=pt-BR uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {6E23660B-B424-4FE1-87A9-491F07FA537C} = 189.39.240.2,189.39.240.3 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\JR Silva.MICRO\Dados de aplicativos\Mozilla\Firefox\Profiles\d7y5ujmh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - plugin: c:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 18:12 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(3348) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2009-05-16 18:15 ComboFix-quarantined-files.txt 2009-05-16 21:15 ComboFix2.txt 2009-05-12 11:26 Pré-execução: 30 pasta(s) 18.539.622.400 bytes disponíveis Pós execução: 29 pasta(s) 18.550.263.808 bytes disponíveis 298 --- E O F --- 2009-05-13 06:17 Gigantesco os logs, mas consegui! VlW!!!!!!!!!!! Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 18, 2009 Olá, tudo que usamos não acusou nada. O PC está limpo. Sobre os Warnings do Avira, veja sobre isso aqui. Poste o log dos Warnings se tiver alguma dúvida sobre isso. Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 18, 2009 Mais uma vez venho lhe agradecer a atenção dispensada. Obrigado! Continuo na dúvida sobre Warnings, se der para você dar uma espiada no log, fico muito grato. Avira AntiVir Personal Report file date: sexta-feira, 8 de maio de 2009 18:57 Scanning for 1385351 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MICRO Version information: BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/aaaa 11:20:00 AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/aaaa 12:57:30 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 14:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 15:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 14:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/aaaa 00:33:26 ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 4/30/aaaa 21:55:14 ANTIVIR3.VDF : 7.1.3.178 195584 Bytes 5/8/aaaa 21:55:26 Engineversion : 8.2.0.166 AEVDF.DLL : 8.1.1.1 106868 Bytes 5/8/aaaa 21:56:51 AESCRIPT.DLL : 8.1.1.81 385401 Bytes 5/8/aaaa 21:56:48 AESCN.DLL : 8.1.1.10 127348 Bytes 5/8/aaaa 21:56:40 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/aaaa 22:24:41 AEPACK.DLL : 8.1.3.16 397686 Bytes 5/8/aaaa 21:56:34 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/aaaa 00:01:56 AEHEUR.DLL : 8.1.0.128 1757559 Bytes 5/8/aaaa 21:56:22 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/aaaa 00:01:56 AEGEN.DLL : 8.1.1.42 348531 Bytes 5/8/aaaa 21:55:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/aaaa 18:32:40 AECORE.DLL : 8.1.6.9 176500 Bytes 5/8/aaaa 21:55:31 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/aaaa 18:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 12:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 14:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 18:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 14:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 19:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 14:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 19:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 12:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 14:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/aaaa 15:45:45 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 14:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: sexta-feira, 8 de maio de 2009 18:57 Starting search for hidden objects. '72496' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'java.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'soundman.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'McSACore.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 34 processes with 34 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '51' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Meus documentos JR\Cursos\Construção de Sites\Programas\fireworks_mx_trial_br.exe [WARNING] The file could not be opened! C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Meus documentos JR\Cursos\Sebrae\Truques de venda\www.sdr.com [WARNING] The file could not be opened! C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Meus documentos JR\Outros\Hacker e Cracker\Programas\amac.exe [WARNING] The file could not be opened! C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Meus documentos JR\Outros\Hacker e Cracker\Programas\HijackThis 2.0.2.exe [WARNING] The file could not be opened! C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Meus documentos JR\Outros\Hacker e Cracker\Programas\IP Invisivel_ProxyWay.exe [WARNING] The file could not be opened! C:\Documents and Settings\JR Silva.MICRO\Meus documentos\Meus documentos JR\Outros\Hacker e Cracker\Programas\spf_firewall.exe [WARNING] The file could not be opened! Begin scan in 'E:\' E:\System Volume Information\_restore{6F0425EC-9E25-43DE-9146-6BFF2D4854D6}\RP240\A0054955.exe [0] Archive type: CAB SFX (self extracting) --> \MSPLauncher.CHS [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\System Volume Information\_restore{6F0425EC-9E25-43DE-9146-6BFF2D4854D6}\RP243\A0055276.exe [0] Archive type: CAB SFX (self extracting) --> \MSPLauncher.CHS [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\System Volume Information\_restore{6F0425EC-9E25-43DE-9146-6BFF2D4854D6}\RP244\A0055293.exe [0] Archive type: CAB SFX (self extracting) --> \MSPLauncher.CHS [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\System Volume Information\_restore{6F0425EC-9E25-43DE-9146-6BFF2D4854D6}\RP245\A0055294.exe [0] Archive type: CAB SFX (self extracting) --> \MSPLauncher.CHS [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\System Volume Information\_restore{6F0425EC-9E25-43DE-9146-6BFF2D4854D6}\RP246\A0055301.exe [0] Archive type: CAB SFX (self extracting) --> \MSPLauncher.CHS [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: sexta-feira, 8 de maio de 2009 20:23 Used time: 1:25:40 Hour(s) The scan has been done completely. 9082 Scanned directories 533657 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 7 Files cannot be scanned 533650 Files not concerned 4071 Archives were scanned 17 Warnings 1 Notes 72496 Objects were scanned with rootkit scan 0 Hidden objects were found Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 18, 2009 Olá, não há nenhuma infecção nesses warnings. O Avira informa apenas sobre as ações que não conseguiu fazer em determinados arquivos. Vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /u Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix, deletar os arquivos e pastas relacionados e apagará pontos da Restauração do sistema que possam estar infectados, criando um ponto limpo. Atualize o Internet Explorer. Baixe e instale o Internet Explorer 8. Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada: Baixe > JavaRa Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search. Se estiver atualizado, receberá um aviso de que tem a última versão. Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas. Leia estes artigos sobre segurança: Proteja seu PC Cuidados ao navegar na net. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
JR Silva 0 Denunciar post Postado Maio 20, 2009 Venho agradecer de coração todo o tempo dispensado as minhas dúvidas e aproveito para PARABENIZÁ-LO! :clap: Que este tópico, assim como os demais, sirva de exemplo para essa galera que usa o PC de forma errônea (prejudicando outras pessoas). Que vocês possam refletir e usar suas energias de forma positiva como os profissionais e amigos que nos ajudam aqui, pois só agindo assim construiremos um mundo melhor para todos. Paz e Luz a todos! Abraços... Aloha! Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Maio 20, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
