Pantoja 5 Denunciar post Postado Maio 22, 2009 Olá pessoal, acho que meu PC ta com alguma praga. Se vocês puderem me ajudar eu agradeço. Segue o Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:30, on 22/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe F:\PROGRA~1\FlashGet\FlashGet.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE F:\programas\Microsoft Office\Office12\GrooveMonitor.exe F:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe F:\programas\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\Pen_Tablet.exe F:\programas\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe F:\programas\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe F:\jogos\Xfire\Xfire.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe F:\programas\Adobe\Reader 8.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Panta\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 82.98.231.89 browser-security.microsoft.com O1 - Hosts: 82.98.231.89 best-click-scanner.info O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com O1 - Hosts: 82.98.231.89 onlinenotifyq.net O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - F:\programas\TextAloud\TAForIE.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Flashget] F:\PROGRA~1\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200" O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "F:\programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\programas\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [387dcea3] rundll32.exe "C:\WINDOWS\system32\tyciiakg.dll",b O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "F:\jogos\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = F:\jogos\Xfire\Xfire.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe O8 - Extra context menu item: &Download All with FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ASKService - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - F:\programas\Nero7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - F:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8442 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Maio 22, 2009 Vá em Painel de Controle > Adicionar ou Remover Programas. Encontre e desinstale o AskBarDis. - Faça o download do HostsXpert e salve-o no desktop; - Extraia o arquivo para seu desktop e execute o HostsXpert.exe; - Clique no botão Restore MS Hosts Files e feche o programa. - Faça o download do Malwarebytes Anti-Malware e salve-o no desktop; ● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil); ● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir; ● Após a instalação execute o programa; ● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação; ● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você; ● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover. OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente; ● O log pode ser consultado clicando em Logs do menu principal também; Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
Pantoja 5 Denunciar post Postado Maio 23, 2009 Caro MGuitar, todos os processos foram realizados com sucesso menos a remoção do AskBarDis pois o mesmo nao se encontrava no "Adicionar remover programas" Seguem os logs: Malwarebytes' Anti-Malware 1.36 Versão do banco de dados: 2168 Windows 5.1.2600 Service Pack 3 22/5/2009 21:24:43 mbam-log-2009-05-22 (21-24-43).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 144501 Tempo decorrido: 11 minute(s), 20 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 5 Chaves do Registro infectadas: 27 Valores do Registro infectados: 4 Ítens do Registro infectados: 2 Pastas infectadas: 0 Arquivos infectados: 123 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: C:\WINDOWS\system32\cbXOHBQI.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tyciiakg.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gmmzon.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jkkHXNfC.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\dozvrp.dll (Trojan.Vundo.H) -> Delete on reboot. Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43c09ad1-dcb8-4997-9808-071a971f5984} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{43c09ad1-dcb8-4997-9808-071a971f5984} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76ea4047-5a03-4d24-9d2d-fbc3ad5f5fac} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{76ea4047-5a03-4d24-9d2d-fbc3ad5f5fac} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhxnfc (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00805045-4ee4-4144-8431-c80526d2096b} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00805045-4ee4-4144-8431-c80526d2096b} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098dfc70-1e71-4dc0-a963-3536df4293a1} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{098dfc70-1e71-4dc0-a963-3536df4293a1} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b2651cf-caa6-4445-805a-4ad14549e97c} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b2651cf-caa6-4445-805a-4ad14549e97c} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18a5d82a-4bf6-43ea-bd79-c8e7e0f6c04f} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{18a5d82a-4bf6-43ea-bd79-c8e7e0f6c04f} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0b2651cf-caa6-4445-805a-4ad14549e97c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{43c09ad1-dcb8-4997-9808-071a971f5984} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76ea4047-5a03-4d24-9d2d-fbc3ad5f5fac} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c57720b3-8a0f-403d-bd56-3f7abe5a72dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iokey (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\387dcea3 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7fc793e3-2599-4e31-9806-1e7bff68f894} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{c57720b3-8a0f-403d-bd56-3f7abe5a72dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c57720b3-8a0f-403d-bd56-3f7abe5a72dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Ítens do Registro infectados: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxohbqi -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxohbqi -> Delete on reboot. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\system32\cbXOHBQI.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\IQBHOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\IQBHOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dozvrp.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jkkHXNfC.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dhpalkiy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yiklaphd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\evsibuet.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\teubisve.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frcmxusw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wsuxmcrf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fwlefeiv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\viefelwf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\heqqbrlq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qlrbqqeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kbqtobdx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xdbotqbk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ldmqcyfq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qfycqmdl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwgypkdv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vdkpygwm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oaiyberq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qrebyiao.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ojrxhfne.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\enfhxrjo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\suwanpxf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fxpnawus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tyciiakg.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\gkaiicyt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vwvjucfa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\afcujvwv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wmsvpclr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rlcpvsmw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awrbiv.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\system32\rrrtnd.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\system32\gmmzon.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\system32\jlbser.dll (Trojan.BHO.H) -> Delete on reboot. C:\Documents and Settings\Panta\Configurações locais\Temp\spwttlpg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Panta\Configurações locais\Temporary Internet Files\Content.IE5\7BTI963Z\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Panta\Configurações locais\Temporary Internet Files\Content.IE5\86BS3LZG\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Panta\Configurações locais\Temporary Internet Files\Content.IE5\86BS3LZG\index[3] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP180\A0066312.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP180\A0068392.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP183\A0073570.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP183\A0074617.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP185\A0076821.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP186\A0076990.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP187\A0078161.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP196\A0079336.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP196\A0079495.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP196\A0081542.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP196\A0081662.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP202\A0083301.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP202\A0083402.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP202\A0083428.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP203\A0084619.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP204\A0084845.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP208\A0086217.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP208\A0087261.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP208\A0096483.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{34F1AD4D-DB7A-4FC2-8CDE-739C4D8369B5}\RP209\A0096628.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\craarm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bxjdmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gdzkuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ghmiey.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\otlenvow.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\owwexz.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jygvxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lduuwfpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lfdoij.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lkpwrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nghaanid.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nhcvuhwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmibvmuj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmqleb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rgpzem.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rytuktvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tbssxuly.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tumcojpd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ulpvxycx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vvorqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vxxisity.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\whgkgt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\beffrhll.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bftkpz.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cwxisesi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dweqbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ehewtjfx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ekfnpwvq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ekknfixm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gtszju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\igtqkghi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iifdbXNE.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lteuuz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwmamp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nawyjt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\odvhck.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\oixsawsc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tgxggqkd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wplteh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wstryptt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\irbvdhdh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iteoandn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iuleyyqh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ivshpade.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\slvwaisv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\impkcawe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\brpvoa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bshkvlvi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ncmdmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\necygj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yqtlyqfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dgufpw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcaaaay.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\euhsfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wyxbdwak.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qavezg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qrqsyhtu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vbwtmgil.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkyyxirn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\a9k.bin (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qmhpbk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRjkhIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. ===================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:30:31, on 22/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe F:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE F:\PROGRA~1\FlashGet\FlashGet.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE F:\programas\Microsoft Office\Office12\GrooveMonitor.exe F:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe F:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\Pen_Tablet.exe F:\programas\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe F:\programas\PowerISO\PWRISOVM.EXE C:\Documents and Settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe F:\programas\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\wscntfy.exe F:\jogos\Xfire\Xfire.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Panta\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - f:\programas\FlashGet\jccatch.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - F:\programas\TextAloud\TAForIE.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Flashget] F:\PROGRA~1\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200" O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "F:\programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\programas\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\programas\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "F:\jogos\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = F:\jogos\Xfire\Xfire.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe O8 - Extra context menu item: &Download All with FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ASKService - Unknown owner - C:\Arquivos de programas\AskBarDis\bar\bin\AskService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - F:\programas\Nero7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - F:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8331 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Maio 23, 2009 Abra o Malwarebytes e clique na guia Quarentena. Selecione todos os itens e clique no botão Remover Tudo. - Faça o download do ComboFix e salve-o na área de trabalho; ● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus; ● Duplo clique no ícone combofix.exe para iniciar o scan; ● Leia o contrato que aparecerá e clique em Sim para continuar; ● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim; ● Aguarde enquanto o ComboFix faz o scan; ● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento; ● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta; ● Se quiser sair ou parar o ComboFix, tecle N; ● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde; ● Será gerado um log em C:\ComboFix.txt. Cole este log em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Pantoja 5 Denunciar post Postado Maio 25, 2009 ComboFix 09-05-24.07 - Panta 25/05/2009 8:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2820 [GMT -3:00] Executando de: f:\download_firefox\ComboFix.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ahmcunvd.ini c:\windows\system32\AutoRun.inf c:\windows\system32\awuhmgyl.ini c:\windows\system32\baaefb.dll c:\windows\system32\bhhngrbq.dll c:\windows\system32\biiqwymf.dll c:\windows\system32\biuips.dll c:\windows\system32\bmxlgndw.ini c:\windows\system32\bpkahl.dll c:\windows\system32\bqafvafr.ini c:\windows\system32\bqeerc.dll c:\windows\system32\brfrlh.dll c:\windows\system32\bwaheohg.ini c:\windows\system32\cdkjbouj.dll c:\windows\system32\cpexfudf.ini c:\windows\system32\cvtoaufj.dll c:\windows\system32\cxtiaaqh.dll c:\windows\system32\dafwuwtt.dll c:\windows\system32\dapqnrix.dll c:\windows\system32\dcyjcluj.ini c:\windows\system32\dhljibva.ini c:\windows\system32\dmdymwyn.dll c:\windows\system32\dmyetn.dll c:\windows\system32\dttgbwch.ini c:\windows\system32\ekalxirx.dll c:\windows\system32\eshohpah.ini c:\windows\system32\fqxucqqa.dll c:\windows\system32\frdbxfaa.dll c:\windows\system32\gwpqvdha.dll c:\windows\system32\hgpeflpe.dll c:\windows\system32\hhxpnb.dll c:\windows\system32\hkmsuacc.dll c:\windows\system32\howtgjxe.dll c:\windows\system32\icluoskb.dll c:\windows\system32\iewbalsc.ini c:\windows\system32\iktgvg.dll c:\windows\system32\itdufrtl.ini c:\windows\system32\ivxxlbmp.dll c:\windows\system32\jhcascon.ini c:\windows\system32\jngkxfmp.dll c:\windows\system32\jqcnjeuw.ini c:\windows\system32\kgmirp.dll c:\windows\system32\knmyaidb.ini c:\windows\system32\ldldrs.dll c:\windows\system32\liyqab.dll c:\windows\system32\lowsftpa.ini c:\windows\system32\ltulzc.dll c:\windows\system32\luqjrtqi.dll c:\windows\system32\lwpfhvxf.dll c:\windows\system32\mgjbrtgc.dll c:\windows\system32\mmqyrrgv.ini c:\windows\system32\mrqcnapu.ini c:\windows\system32\mscysyec.dll c:\windows\system32\mvioosty.dll c:\windows\system32\nkcdpbhk.ini c:\windows\system32\owaiwurq.ini c:\windows\system32\pcbqxd.dll c:\windows\system32\phdqyiii.ini c:\windows\system32\pvdazw.dll c:\windows\system32\qnueol.dll c:\windows\system32\qtnifcky.ini c:\windows\system32\qybbwbox.dll c:\windows\system32\qyqwffvm.dll c:\windows\system32\rejvnuri.ini c:\windows\system32\rmhxneuk.dll c:\windows\system32\rqwple.dll c:\windows\system32\scyxiqua.ini c:\windows\system32\sybbvk.dll c:\windows\system32\sydjhkjk.dll c:\windows\system32\tevcmolv.ini c:\windows\system32\tlidmtsf.ini c:\windows\system32\tseysy.dll c:\windows\system32\vnhoel.dll c:\windows\system32\vrxkhink.dll c:\windows\system32\vvfbfxiy.ini c:\windows\system32\vytbhp.dll c:\windows\system32\wdbdbl.dll c:\windows\system32\wszodb.dll c:\windows\system32\wtahbkvb.ini c:\windows\system32\wvavki.dll c:\windows\system32\xeljbnxu.dll c:\windows\system32\xmzbud.dll c:\windows\system32\xpnxfnti.dll c:\windows\system32\xvqqopmd.ini c:\windows\system32\ytwcth.dll c:\windows\system32\yxljyvry.ini c:\windows\system32\zpuyri.dll F:\install.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))) . 2009-05-23 00:11 . 2009-05-23 00:11 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Malwarebytes 2009-05-23 00:11 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-23 00:11 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-23 00:11 . 2009-05-23 00:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-05-20 21:08 . 2009-05-20 21:08 -------- d-----w c:\windows\Downloaded Installations 2009-05-20 21:03 . 2009-05-20 21:03 -------- d-----w c:\windows\speech 2009-05-07 14:11 . 2009-05-07 14:11 -------- d-----w c:\arquivos de programas\AnswerWorks 4.0 2009-05-07 14:08 . 2009-05-07 14:14 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Autodesk 2009-05-07 14:08 . 2009-05-07 14:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Autodesk 2009-05-07 14:05 . 2009-05-07 14:13 -------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared 2009-05-07 14:05 . 2009-05-07 14:05 -------- d-----w c:\arquivos de programas\Autodesk 2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-25 11:55 . 2009-04-07 16:14 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-05-25 10:55 . 2008-11-10 02:13 168864 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Mozilla\Firefox\Profiles\0vglj8l6.default\FlashGot.exe 2009-05-25 10:54 . 2008-11-15 01:17 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\WTablet 2009-05-24 04:46 . 2009-04-23 12:58 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\My Battle for Middle-earth II Files 2009-05-23 12:12 . 2009-05-02 03:24 4009156 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-05-18 18:15 . 2008-11-09 02:03 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\uTorrent 2009-05-05 14:05 . 2009-04-03 21:21 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Xfire 2009-04-28 18:26 . 2008-11-07 22:22 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-04-23 22:52 . 2001-10-28 12:07 76188 ----a-w c:\windows\system32\perfc016.dat 2009-04-23 22:52 . 2001-10-28 12:07 463636 ----a-w c:\windows\system32\perfh016.dat 2009-04-23 22:52 . 2008-11-11 17:29 -------- d-----w c:\arquivos de programas\MSBuild 2009-04-23 22:49 . 2009-04-23 22:49 -------- d-----w c:\arquivos de programas\Reference Assemblies 2009-04-23 22:44 . 2009-04-23 22:44 -------- d-----w c:\arquivos de programas\Microsoft Games for Windows - LIVE 2009-04-21 21:22 . 2009-04-14 00:17 183112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-18 20:20 . 2009-04-18 20:21 1506816 ----a-w c:\windows\Internet Logs\xDB5.tmp 2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Sierra Entertainment 2009-04-16 23:58 . 2008-11-07 22:12 -------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-04-13 23:32 . 2009-04-13 23:32 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Leadertech 2009-04-13 22:34 . 2009-04-13 22:34 74080 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_13_19_16_34_small.dmp.zip 2009-04-12 02:32 . 2009-04-12 02:34 1390592 ----a-w c:\windows\Internet Logs\xDB4.tmp 2009-04-12 02:32 . 2009-04-12 02:34 50688 ----a-w c:\windows\Internet Logs\xDB3.tmp 2009-04-12 02:00 . 2009-04-12 02:28 1079808 ----a-w c:\windows\Internet Logs\xDB1.tmp 2009-04-12 02:00 . 2009-04-12 02:28 1390592 ----a-w c:\windows\Internet Logs\xDB2.tmp 2009-04-11 15:51 . 2009-04-11 15:51 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Age of Empires 3 2009-04-11 13:40 . 2009-04-11 13:40 -------- d-----w c:\arquivos de programas\AskBarDis 2009-04-05 18:51 . 2009-04-05 18:51 -------- d-----w c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment 2009-04-05 13:58 . 2009-03-25 21:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-04 01:55 . 2009-04-04 01:55 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\Xfire 2009-04-03 22:32 . 2009-04-03 22:32 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts 2009-04-03 21:22 . 2009-04-03 21:22 -------- d-----w c:\documents and settings\NetworkService\Dados de aplicativos\Xfire 2009-04-01 14:31 . 2009-04-01 14:31 57344 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\50\5b902232-56940c9b-n\Decora-SSE.dll 2009-04-01 14:31 . 2009-04-01 14:31 24064 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\4e09eacf-43b1d0b0-n\Decora-D3D.dll 2009-04-01 14:30 . 2009-04-01 14:30 315392 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f1a990-n\jogl.dll 2009-04-01 14:30 . 2009-04-01 14:30 20480 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f1a990-n\jogl_awt.dll 2009-04-01 14:30 . 2009-04-01 14:30 114688 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f1a990-n\jogl_cg.dll 2009-04-01 14:30 . 2009-04-01 14:30 20480 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\45\4f710eed-747fab0d-n\gluegen-rt.dll 2009-04-01 14:30 . 2009-04-01 14:30 499712 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\33\258cea61-7b0624a4-n\msvcp71.dll 2009-04-01 14:30 . 2009-04-01 14:30 499712 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\33\258cea61-7b0624a4-n\jmc.dll 2009-04-01 14:30 . 2009-04-01 14:30 348160 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\33\258cea61-7b0624a4-n\msvcr71.dll 2009-04-01 14:29 . 2008-11-08 23:04 -------- d-----w c:\arquivos de programas\Java 2009-04-01 14:29 . 2009-04-01 14:29 152576 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-01 00:38 . 2009-04-01 00:38 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Red Alert 3 2009-04-01 00:07 . 2009-03-25 21:26 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Bioshock 2009-03-16 17:18 . 2009-04-02 13:32 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll 2009-03-16 17:18 . 2009-04-02 13:32 517448 ----a-w c:\windows\system32\XAudio2_4.dll 2009-03-16 17:18 . 2009-04-02 13:32 235352 ----a-w c:\windows\system32\xactengine3_4.dll 2009-03-16 17:18 . 2009-04-02 13:32 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll 2009-03-10 13:45 . 2009-02-28 18:49 7 ----a-w c:\windows\system32\nar.bin 2009-03-09 18:27 . 2009-04-02 13:32 453456 ----a-w c:\windows\system32\d3dx10_41.dll 2009-03-09 18:27 . 2009-04-02 13:32 4178264 ----a-w c:\windows\system32\D3DX9_41.dll 2009-03-09 18:27 . 2009-04-02 13:32 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll 2009-03-09 08:19 . 2008-11-08 23:04 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-28 13:08 . 2008-11-11 00:46 717296 ----a-w c:\windows\system32\drivers\sptd.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-16 21:22 333192 ----a-w c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-11-07 133104] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="f:\programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Steam"="f:\jogos\Steam\Steam.exe" [2008-10-30 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 86016] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Flashget"="f:\progra~1\FlashGet\FlashGet.exe" [2007-09-25 2007088] "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-07 99840] "Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2003-05-04 258116] "GrooveMonitor"="f:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="f:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="f:\programas\QuickTime\QTTask.exe" [2009-01-05 413696] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ZoneAlarm Client"="f:\programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "PWRISOVM.EXE"="f:\programas\PowerISO\PWRISOVM.EXE" [2006-03-18 184320] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-23 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Panta\Menu Iniciar\Programas\Inicializar\ Xfire.lnk - f:\jogos\Xfire\Xfire.exe [2009-4-29 3145552] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ AutoCAD Startup Accelerator.lnk - c:\arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-3-5 11000] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "f:\\programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "f:\\programas\\FlashGet\\flashget.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "f:\\programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "f:\\programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "f:\\programas\\eMule\\emule.exe"= "f:\\programas\\Ultra Fractal 5\\Uf5.exe"= "f:\\Download_Utorrent\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\pes2009.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "f:\\jogos\\Left4Dead\\hl2.exe"= "f:\\jogos\\Xfire\\Xfire.exe"= "f:\\Download_Utorrent\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "f:\\jogos\\Guitar Hero III\\GH3.exe"= "f:\\jogos\\Half-Life 2\\hl2.exe"= "f:\\jogos\\Microsoft Games\\Age of Empires III\\age3y.exe"= "f:\\jogos\\Microsoft Games\\Age of Empires III\\age3x.exe"= "f:\\jogos\\FlatOut Ultimate Carnage\\Fouc.exe"= R2 ASKService;ASKService;c:\arquivos de programas\AskBarDis\bar\bin\AskService.exe [11/4/2009 10:40 464264] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [14/11/2008 22:16 1373480] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/11/2008 19:25 38656] . Conteúdo da pasta 'Tarefas Agendadas' 2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] . - - - - ORFÃOS REMOVIDOS - - - - SafeBoot-procexp90.Sys . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/br/ uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - f:\progra~1\FlashGet\jc_all.htm IE: &Download with FlashGet - f:\progra~1\FlashGet\jc_link.htm IE: E&xportar para o Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Panta\Dados de aplicativos\Mozilla\Firefox\Profiles\0vglj8l6.default\ FF - plugin: f:\programas\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF - plugin: f:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: f:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin2.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin3.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin4.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin5.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin6.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin7.dll ---- FIREFOX POLICIES ---- f:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 09:07 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1078081533-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:87,f7,68,24,91,14,a5,77,23,c3,10,6d,a9,a9,3c,2c,cc,da,d9,68,28,99,7b, da,c8,97,51,be,90,e8,f9,41,a0,48,35,38,a9,de,07,c9,9a,0c,9c,9a,d0,65,43,0f,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-606747145-1078081533-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:86,d3,da,15,a1,c7,d3,43,d7,43,2e,1f,87,6e,40,f2,98,2b,c4,76,4b, 0d,28,7c,75,e9,27,2c,56,8b,af,b2,7e,4b,9f,1e,d1,d0,9d,2f,6c,a1,0e,3c,e4,0a,\ "rkeysecu"=hex:59,a1,8e,eb,12,d3,21,f7,e5,ba,93,6c,60,f5,14,8f . Tempo para conclusão: 2009-05-25 9:08 ComboFix-quarantined-files.txt 2009-05-25 12:08 Pré-execução: 6.068.084.736 bytes disponíveis Pós execução: 7.513.284.608 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 295 --- E O F --- 2009-04-13 22:32 Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Maio 26, 2009 Selecione e copie este conteúdo abaixo dentro do quote. Cole-o no Bloco de Notas do PC e salve-o no desktop como CFScript.txt Folder::c:\arquivos de programas\AskBarDis File:: c:\windows\Internet Logs\xDB5.tmp c:\windows\Internet Logs\xDB4.tmp c:\windows\Internet Logs\xDB3.tmp c:\windows\Internet Logs\xDB1.tmp c:\windows\Internet Logs\xDB2.tmp Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] Driver:: ASKService Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta: ● Se for solicitado à você, pressione Enter para iniciar o processo de remoção; ● Não use o mouse nem o teclado quando o ComboFix estiver rodando; ● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt; ● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente. Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
Pantoja 5 Denunciar post Postado Maio 26, 2009 ComboFix 09-05-24.07 - Panta 26/05/2009 18:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2810 [GMT -3:00] Executando de: c:\documents and settings\Panta\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Panta\Desktop\CFScript.txt FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: c:\windows\Internet Logs\xDB1.tmp c:\windows\Internet Logs\xDB2.tmp c:\windows\Internet Logs\xDB3.tmp c:\windows\Internet Logs\xDB4.tmp c:\windows\Internet Logs\xDB5.tmp . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\AskBarDis c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll c:\arquivos de programas\AskBarDis\bar\bin\askPopStp.dll c:\arquivos de programas\AskBarDis\bar\bin\AskService.exe c:\arquivos de programas\AskBarDis\bar\bin\psvince.dll c:\arquivos de programas\AskBarDis\bar\Cache\files.ini c:\arquivos de programas\AskBarDis\bar\History\search c:\arquivos de programas\AskBarDis\bar\Settings\config.dat c:\arquivos de programas\AskBarDis\bar\Settings\config.dat.bak c:\arquivos de programas\AskBarDis\bar\Settings\prevCfg2.htm c:\arquivos de programas\AskBarDis\unins000.dat c:\arquivos de programas\AskBarDis\unins000.exe c:\arquivos de programas\AskBarDis\zonealarm.ico c:\windows\Internet Logs\xDB1.tmp c:\windows\Internet Logs\xDB2.tmp c:\windows\Internet Logs\xDB3.tmp c:\windows\Internet Logs\xDB4.tmp c:\windows\Internet Logs\xDB5.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASKSERVICE -------\Service_ASKService (((((((((((((((( Arquivos/Ficheiros criados de 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))) . 2009-05-25 21:18 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll 2009-05-25 21:18 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-05-25 21:18 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-05-25 21:18 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-05-25 21:18 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-05-25 21:18 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-05-25 21:18 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-05-25 21:18 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-05-25 21:18 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-05-25 21:12 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-05-23 00:11 . 2009-05-23 00:11 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Malwarebytes 2009-05-23 00:11 . 2009-04-06 18:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-23 00:11 . 2009-04-06 18:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-23 00:11 . 2009-05-23 00:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-05-20 21:08 . 2009-05-20 21:08 -------- d-----w c:\windows\Downloaded Installations 2009-05-20 21:03 . 2009-05-20 21:03 -------- d-----w c:\windows\speech 2009-05-07 14:11 . 2009-05-07 14:11 -------- d-----w c:\arquivos de programas\AnswerWorks 4.0 2009-05-07 14:08 . 2009-05-07 14:14 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Autodesk 2009-05-07 14:08 . 2009-05-07 14:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Autodesk 2009-05-07 14:05 . 2009-05-07 14:13 -------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared 2009-05-07 14:05 . 2009-05-07 14:05 -------- d-----w c:\arquivos de programas\Autodesk 2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-26 21:15 . 2009-04-07 16:14 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-05-26 21:15 . 2008-11-15 01:17 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\WTablet 2009-05-26 20:10 . 2008-11-10 02:13 168864 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Mozilla\Firefox\Profiles\0vglj8l6.default\FlashGot.exe 2009-05-25 22:05 . 2008-11-11 17:26 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-05-25 21:08 . 2009-04-03 21:21 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Xfire 2009-05-24 04:46 . 2009-04-23 12:58 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\My Battle for Middle-earth II Files 2009-05-23 12:12 . 2009-05-02 03:24 4009156 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-05-18 18:15 . 2008-11-09 02:03 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\uTorrent 2009-04-28 18:26 . 2008-11-07 22:22 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2009-04-23 22:52 . 2001-10-28 12:07 76188 ----a-w c:\windows\system32\perfc016.dat 2009-04-23 22:52 . 2001-10-28 12:07 463636 ----a-w c:\windows\system32\perfh016.dat 2009-04-23 22:52 . 2008-11-11 17:29 -------- d-----w c:\arquivos de programas\MSBuild 2009-04-23 22:49 . 2009-04-23 22:49 -------- d-----w c:\arquivos de programas\Reference Assemblies 2009-04-23 22:44 . 2009-04-23 22:44 -------- d-----w c:\arquivos de programas\Microsoft Games for Windows - LIVE 2009-04-22 03:20 . 2009-04-22 03:20 14311680 ----a-w c:\windows\system32\xlive.dll 2009-04-22 03:20 . 2009-04-22 03:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll 2009-04-21 21:22 . 2009-04-14 00:17 183112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-17 00:17 . 2009-04-17 00:17 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Sierra Entertainment 2009-04-16 23:58 . 2008-11-07 22:12 -------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2009-04-13 23:32 . 2009-04-13 23:32 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Leadertech 2009-04-13 22:34 . 2009-04-13 22:34 74080 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_13_19_16_34_small.dmp.zip 2009-04-11 15:51 . 2009-04-11 15:51 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Age of Empires 3 2009-04-05 18:51 . 2009-04-05 18:51 -------- d-----w c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment 2009-04-05 13:58 . 2009-03-25 21:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-04-04 01:55 . 2009-04-04 01:55 -------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\Xfire 2009-04-03 22:32 . 2009-04-03 22:32 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Electronic Arts 2009-04-03 21:22 . 2009-04-03 21:22 -------- d-----w c:\documents and settings\NetworkService\Dados de aplicativos\Xfire 2009-04-01 14:31 . 2009-04-01 14:31 57344 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\50\5b902232-56940c9b-n\Decora-SSE.dll 2009-04-01 14:31 . 2009-04-01 14:31 24064 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\15\4e09eacf-43b1d0b0-n\Decora-D3D.dll 2009-04-01 14:30 . 2009-04-01 14:30 315392 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f1a990-n\jogl.dll 2009-04-01 14:30 . 2009-04-01 14:30 20480 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f1a990-n\jogl_awt.dll 2009-04-01 14:30 . 2009-04-01 14:30 114688 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\62\6baea4fe-41f1a990-n\jogl_cg.dll 2009-04-01 14:30 . 2009-04-01 14:30 20480 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\45\4f710eed-747fab0d-n\gluegen-rt.dll 2009-04-01 14:30 . 2009-04-01 14:30 499712 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\33\258cea61-7b0624a4-n\msvcp71.dll 2009-04-01 14:30 . 2009-04-01 14:30 499712 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\33\258cea61-7b0624a4-n\jmc.dll 2009-04-01 14:30 . 2009-04-01 14:30 348160 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\33\258cea61-7b0624a4-n\msvcr71.dll 2009-04-01 14:29 . 2008-11-08 23:04 -------- d-----w c:\arquivos de programas\Java 2009-04-01 14:29 . 2009-04-01 14:29 152576 ----a-w c:\documents and settings\Panta\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-01 00:38 . 2009-04-01 00:38 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Red Alert 3 2009-04-01 00:07 . 2009-03-25 21:26 -------- d-----w c:\documents and settings\Panta\Dados de aplicativos\Bioshock 2009-03-16 17:18 . 2009-04-02 13:32 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll 2009-03-16 17:18 . 2009-04-02 13:32 517448 ----a-w c:\windows\system32\XAudio2_4.dll 2009-03-16 17:18 . 2009-04-02 13:32 235352 ----a-w c:\windows\system32\xactengine3_4.dll 2009-03-16 17:18 . 2009-04-02 13:32 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll 2009-03-10 13:45 . 2009-02-28 18:49 7 ----a-w c:\windows\system32\nar.bin 2009-03-09 18:27 . 2009-04-02 13:32 453456 ----a-w c:\windows\system32\d3dx10_41.dll 2009-03-09 18:27 . 2009-04-02 13:32 4178264 ----a-w c:\windows\system32\D3DX9_41.dll 2009-03-09 18:27 . 2009-04-02 13:32 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll 2009-03-09 08:19 . 2008-11-08 23:04 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:20 . 2004-08-04 03:45 286208 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:06 . 2004-08-04 03:45 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-28 13:08 . 2008-11-11 00:46 717296 ----a-w c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((( SnapShot@2009-05-25_12.07.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-26 21:15 . 2009-05-26 21:15 16384 c:\windows\Temp\Perflib_Perfdata_2c0.dat - 2008-11-07 22:23 . 2007-07-27 12:41 26488 c:\windows\system32\spupdsvc.exe + 2008-11-07 22:23 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe + 2008-11-17 23:32 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll - 2008-11-17 23:32 . 2007-11-30 11:18 18296 c:\windows\system32\spmsg.dll + 2004-08-04 03:45 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll + 2001-10-28 12:07 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe + 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\pngfilt.dll - 2004-08-04 03:45 . 2008-12-20 22:47 44544 c:\windows\system32\pngfilt.dll - 2008-11-07 21:59 . 2008-04-14 02:20 91648 c:\windows\system32\mtxoci.dll + 2008-11-07 21:59 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll + 2004-08-04 03:45 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll - 2004-08-04 03:45 . 2008-04-14 02:20 66560 c:\windows\system32\mtxclu.dll - 2007-08-13 20:54 . 2008-12-20 22:46 52224 c:\windows\system32\msfeedsbs.dll + 2007-08-13 20:54 . 2009-02-20 17:11 52224 c:\windows\system32\msfeedsbs.dll + 2008-11-07 21:59 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll - 2008-11-07 21:59 . 2008-04-14 02:20 58880 c:\windows\system32\msdtclog.dll - 2004-08-04 03:45 . 2008-12-20 22:46 27648 c:\windows\system32\jsproxy.dll + 2004-08-04 03:45 . 2009-02-20 17:11 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 20:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 20:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe + 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\iernonce.dll - 2004-08-04 03:45 . 2008-12-20 22:46 44544 c:\windows\system32\iernonce.dll + 2004-08-04 03:45 . 2009-02-20 17:11 78336 c:\windows\system32\ieencode.dll - 2004-08-04 03:45 . 2008-12-19 09:14 70656 c:\windows\system32\ie4uinit.exe + 2004-08-04 03:45 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe - 2007-08-13 20:36 . 2008-12-20 22:46 63488 c:\windows\system32\icardie.dll + 2007-08-13 20:36 . 2009-02-20 17:11 63488 c:\windows\system32\icardie.dll + 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll + 2001-10-28 12:07 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe - 2004-08-04 03:45 . 2008-12-20 22:47 44544 c:\windows\system32\dllcache\pngfilt.dll + 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\dllcache\pngfilt.dll + 2008-06-12 14:22 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-06-12 14:22 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll - 2008-11-10 15:15 . 2008-12-20 22:46 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-11-10 15:15 . 2009-02-20 17:11 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-06-12 14:22 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll - 2004-08-04 03:45 . 2008-12-20 22:46 27648 c:\windows\system32\dllcache\jsproxy.dll + 2004-08-04 03:45 . 2009-02-20 17:11 27648 c:\windows\system32\dllcache\jsproxy.dll + 2008-11-10 15:15 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe - 2008-11-10 15:15 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe + 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 03:45 . 2008-12-20 22:46 44544 c:\windows\system32\dllcache\iernonce.dll + 2009-02-20 17:11 . 2009-02-20 17:11 78336 c:\windows\system32\dllcache\ieencode.dll - 2004-08-04 03:45 . 2008-12-19 09:14 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-04 03:45 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2008-11-10 15:15 . 2008-12-20 22:46 63488 c:\windows\system32\dllcache\icardie.dll + 2008-11-10 15:15 . 2009-02-20 17:11 63488 c:\windows\system32\dllcache\icardie.dll + 2008-11-11 17:30 . 2009-05-25 22:05 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-11-11 17:30 . 2009-03-11 21:09 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-11-11 17:30 . 2009-05-25 22:05 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-11-11 17:30 . 2009-03-11 21:09 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-11-11 17:30 . 2009-05-25 22:05 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-11-11 17:30 . 2009-03-11 21:09 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-05-25 22:05 . 2008-12-20 22:47 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll + 2009-05-25 22:05 . 2008-12-20 22:46 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll + 2009-05-25 22:05 . 2008-12-20 22:46 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll + 2009-05-25 22:05 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe + 2009-05-25 22:05 . 2008-12-20 22:46 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll + 2009-05-25 22:05 . 2008-04-14 02:20 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll + 2009-05-25 22:05 . 2008-12-19 09:14 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe + 2009-05-25 22:05 . 2008-12-20 22:46 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll + 2008-05-05 10:24 . 2008-05-05 10:24 3072 c:\windows\system32\xpsp4res.dll - 2004-08-04 03:45 . 2008-04-14 02:20 354304 c:\windows\system32\winhttp.dll + 2004-08-04 03:45 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll + 2004-08-04 03:45 . 2009-02-20 17:11 233472 c:\windows\system32\webcheck.dll - 2004-08-04 03:45 . 2008-12-20 22:47 233472 c:\windows\system32\webcheck.dll + 2008-11-07 21:59 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe + 2008-11-07 21:59 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2008-11-07 21:59 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll - 2004-08-04 03:45 . 2008-12-20 22:47 105984 c:\windows\system32\url.dll + 2004-08-04 03:45 . 2009-02-20 17:11 105984 c:\windows\system32\url.dll + 2004-08-04 03:45 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe + 2004-08-04 03:45 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll + 2004-08-04 03:45 . 2009-02-20 17:11 102912 c:\windows\system32\occache.dll - 2004-08-04 03:45 . 2008-12-20 22:47 102912 c:\windows\system32\occache.dll + 2004-08-04 03:45 . 2009-02-09 10:53 730624 c:\windows\system32\ntdll.dll + 2004-08-04 03:45 . 2009-02-20 17:11 671232 c:\windows\system32\mstime.dll - 2004-08-04 03:45 . 2008-12-20 22:47 671232 c:\windows\system32\mstime.dll - 2004-08-04 03:45 . 2008-12-20 22:47 193024 c:\windows\system32\msrating.dll + 2004-08-04 03:45 . 2009-02-20 17:11 193024 c:\windows\system32\msrating.dll - 2004-08-04 03:45 . 2008-12-20 22:47 477696 c:\windows\system32\mshtmled.dll + 2004-08-04 03:45 . 2009-02-20 17:11 477696 c:\windows\system32\mshtmled.dll + 2007-08-13 20:54 . 2009-02-20 17:11 459264 c:\windows\system32\msfeeds.dll - 2007-08-13 20:54 . 2008-12-20 22:46 459264 c:\windows\system32\msfeeds.dll - 2008-11-07 21:59 . 2008-04-14 02:20 161792 c:\windows\system32\msdtcuiu.dll + 2008-11-07 21:59 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll - 2008-11-07 21:59 . 2008-04-14 02:20 956928 c:\windows\system32\msdtctm.dll + 2008-11-07 21:59 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll + 2008-11-07 21:59 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll + 2004-08-04 03:45 . 2009-02-09 10:53 731648 c:\windows\system32\lsasrv.dll + 2007-08-13 20:34 . 2009-02-20 17:11 268288 c:\windows\system32\iertutil.dll + 2004-08-04 03:45 . 2009-02-20 17:11 385024 c:\windows\system32\iedkcs32.dll - 2007-07-11 14:27 . 2008-12-20 22:46 383488 c:\windows\system32\ieapfltr.dll + 2007-07-11 14:27 . 2009-02-20 17:11 383488 c:\windows\system32\ieapfltr.dll + 2001-10-28 12:06 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll - 2001-10-28 12:06 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll - 2004-08-04 03:45 . 2008-12-20 22:46 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 03:45 . 2009-02-20 17:11 230400 c:\windows\system32\ieaksie.dll - 2004-08-04 03:45 . 2008-12-20 22:46 153088 c:\windows\system32\ieakeng.dll + 2004-08-04 03:45 . 2009-02-20 17:11 153088 c:\windows\system32\ieakeng.dll + 2004-08-04 03:45 . 2009-02-20 17:11 133120 c:\windows\system32\extmgr.dll - 2004-08-04 03:45 . 2008-12-20 22:46 133120 c:\windows\system32\extmgr.dll + 2004-08-04 03:45 . 2009-02-20 17:11 214528 c:\windows\system32\dxtrans.dll - 2004-08-04 03:45 . 2008-12-20 22:46 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 03:45 . 2009-02-20 17:11 347136 c:\windows\system32\dxtmsft.dll - 2004-08-04 03:45 . 2008-12-20 22:46 347136 c:\windows\system32\dxtmsft.dll + 2004-08-04 03:45 . 2009-03-03 00:06 826368 c:\windows\system32\dllcache\wininet.dll - 2004-08-04 03:45 . 2008-12-20 22:47 826368 c:\windows\system32\dllcache\wininet.dll + 2008-12-16 12:31 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll - 2004-08-04 03:45 . 2008-12-20 22:47 233472 c:\windows\system32\dllcache\webcheck.dll + 2004-08-04 03:45 . 2009-02-20 17:11 233472 c:\windows\system32\dllcache\webcheck.dll + 2004-08-04 03:45 . 2009-02-20 17:11 105984 c:\windows\system32\dllcache\url.dll - 2004-08-04 03:45 . 2008-12-20 22:47 105984 c:\windows\system32\dllcache\url.dll - 2004-08-04 03:45 . 2008-12-20 22:47 102912 c:\windows\system32\dllcache\occache.dll + 2004-08-04 03:45 . 2009-02-20 17:11 102912 c:\windows\system32\dllcache\occache.dll + 2004-08-04 03:45 . 2009-02-20 17:11 671232 c:\windows\system32\dllcache\mstime.dll - 2004-08-04 03:45 . 2008-12-20 22:47 671232 c:\windows\system32\dllcache\mstime.dll + 2004-08-04 03:45 . 2009-02-20 17:11 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 03:45 . 2008-12-20 22:47 193024 c:\windows\system32\dllcache\msrating.dll + 2004-08-04 03:45 . 2009-02-20 17:11 477696 c:\windows\system32\dllcache\mshtmled.dll - 2004-08-04 03:45 . 2008-12-20 22:47 477696 c:\windows\system32\dllcache\mshtmled.dll + 2008-11-10 15:15 . 2009-02-20 17:11 459264 c:\windows\system32\dllcache\msfeeds.dll - 2008-11-10 15:15 . 2008-12-20 22:46 459264 c:\windows\system32\dllcache\msfeeds.dll + 2008-06-12 14:22 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2008-06-12 14:22 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll + 2008-06-12 14:22 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2008-11-07 22:00 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe + 2008-11-10 15:15 . 2009-02-20 17:11 268288 c:\windows\system32\dllcache\iertutil.dll + 2004-08-04 03:45 . 2009-02-20 17:11 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2008-11-10 15:15 . 2008-12-20 22:46 383488 c:\windows\system32\dllcache\ieapfltr.dll + 2008-11-10 15:15 . 2009-02-20 17:11 383488 c:\windows\system32\dllcache\ieapfltr.dll + 2001-10-28 12:06 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll - 2001-10-28 12:06 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 03:45 . 2009-02-20 17:11 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 03:45 . 2008-12-20 22:46 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 03:45 . 2008-12-20 22:46 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 03:45 . 2009-02-20 17:11 153088 c:\windows\system32\dllcache\ieakeng.dll - 2004-08-04 03:45 . 2008-12-20 22:46 133120 c:\windows\system32\dllcache\extmgr.dll + 2004-08-04 03:45 . 2009-02-20 17:11 133120 c:\windows\system32\dllcache\extmgr.dll - 2004-08-04 03:45 . 2008-12-20 22:46 214528 c:\windows\system32\dllcache\dxtrans.dll + 2004-08-04 03:45 . 2009-02-20 17:11 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 03:45 . 2008-12-20 22:46 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-04 03:45 . 2009-02-20 17:11 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-04 03:45 . 2009-02-20 17:11 124928 c:\windows\system32\dllcache\advpack.dll - 2004-08-04 03:45 . 2008-12-20 22:46 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 03:45 . 2009-02-20 17:11 124928 c:\windows\system32\advpack.dll - 2004-08-04 03:45 . 2008-12-20 22:46 124928 c:\windows\system32\advpack.dll + 2004-08-04 03:45 . 2009-02-09 10:53 683520 c:\windows\system32\advapi32.dll - 2004-08-04 03:45 . 2008-04-14 02:20 683520 c:\windows\system32\advapi32.dll + 2008-11-11 17:30 . 2009-05-25 22:05 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-11-11 17:30 . 2009-03-11 21:09 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-11-11 17:30 . 2009-03-11 21:09 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-11-11 17:30 . 2009-05-25 22:05 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-11-11 17:30 . 2009-03-11 21:09 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-11-11 17:30 . 2009-05-25 22:05 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-11-11 17:30 . 2009-05-25 22:05 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-11-11 17:30 . 2009-03-11 21:09 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-11-11 17:30 . 2009-05-25 22:05 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-11-11 17:30 . 2009-03-11 21:09 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-11-11 17:30 . 2009-03-11 21:09 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-11-11 17:30 . 2009-05-25 22:05 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-11-11 17:30 . 2009-03-11 21:09 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-11-11 17:30 . 2009-05-25 22:05 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-05-25 22:05 . 2008-12-20 22:47 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll + 2009-05-25 22:05 . 2008-12-20 22:47 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll + 2009-05-25 22:05 . 2008-12-20 22:47 105984 c:\windows\ie7updates\KB963027-IE7\url.dll + 2009-05-25 22:05 . 2008-07-09 07:35 395128 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll + 2009-05-25 22:05 . 2008-07-08 12:58 233336 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe + 2009-05-25 22:05 . 2008-12-20 22:47 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll + 2009-05-25 22:05 . 2008-12-20 22:47 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll + 2009-05-25 22:05 . 2008-12-20 22:47 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll + 2009-05-25 22:05 . 2008-12-20 22:47 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll + 2009-05-25 22:05 . 2008-12-20 22:46 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll + 2009-05-25 22:05 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe + 2009-05-25 22:05 . 2008-12-20 22:46 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll + 2009-05-25 22:05 . 2008-12-20 22:46 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll + 2009-05-25 22:05 . 2008-12-20 22:46 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll + 2009-05-25 22:05 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll + 2009-05-25 22:05 . 2008-12-20 22:46 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll + 2009-05-25 22:05 . 2008-12-20 22:46 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll + 2009-05-25 22:05 . 2008-12-20 22:46 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll + 2009-05-25 22:05 . 2008-12-20 22:46 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll + 2009-05-25 22:05 . 2008-12-20 22:46 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll + 2009-05-25 22:05 . 2008-12-20 22:46 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll + 2004-08-04 03:45 . 2009-02-20 17:11 1160192 c:\windows\system32\urlmon.dll - 2004-08-04 03:45 . 2008-12-20 22:47 1160192 c:\windows\system32\urlmon.dll - 2004-08-04 03:45 . 2008-05-07 05:11 1292800 c:\windows\system32\quartz.dll + 2004-08-04 03:45 . 2008-12-20 22:14 1292800 c:\windows\system32\quartz.dll - 2004-08-04 03:40 . 2008-08-14 13:24 2149376 c:\windows\system32\ntoskrnl.exe + 2004-08-04 03:40 . 2009-02-09 11:25 2149376 c:\windows\system32\ntoskrnl.exe + 2004-08-04 00:40 . 2009-02-09 11:25 2028032 c:\windows\system32\ntkrnlpa.exe - 2004-08-04 00:40 . 2008-08-14 13:24 2028032 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 03:45 . 2009-02-20 17:11 3595264 c:\windows\system32\mshtml.dll + 2004-08-04 03:45 . 2009-03-21 14:08 1028608 c:\windows\system32\kernel32.dll - 2004-08-04 03:45 . 2008-04-14 02:20 1028608 c:\windows\system32\kernel32.dll + 2007-08-13 20:54 . 2009-02-20 17:11 6066176 c:\windows\system32\ieframe.dll + 2007-02-12 18:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat - 2007-02-12 18:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat - 2004-08-04 03:45 . 2008-12-20 22:47 1160192 c:\windows\system32\dllcache\urlmon.dll + 2004-08-04 03:45 . 2009-02-20 17:11 1160192 c:\windows\system32\dllcache\urlmon.dll + 2008-05-07 05:11 . 2008-12-20 22:14 1292800 c:\windows\system32\dllcache\quartz.dll - 2008-05-07 05:11 . 2008-05-07 05:11 1292800 c:\windows\system32\dllcache\quartz.dll + 2008-11-08 13:40 . 2009-02-09 11:25 2193280 c:\windows\system32\dllcache\ntoskrnl.exe - 2008-11-08 13:40 . 2008-08-14 13:24 2028032 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-11-08 13:40 . 2009-02-09 11:25 2028032 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-11-08 13:40 . 2009-02-10 22:07 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe - 2008-11-08 13:40 . 2008-08-14 13:24 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-11-08 13:40 . 2009-02-09 11:25 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe - 2008-11-08 13:40 . 2008-08-14 13:24 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-08-04 03:45 . 2009-02-20 17:11 3595264 c:\windows\system32\dllcache\mshtml.dll + 2009-03-21 14:08 . 2009-03-21 14:08 1028608 c:\windows\system32\dllcache\kernel32.dll + 2008-11-10 15:15 . 2009-02-20 17:11 6066176 c:\windows\system32\dllcache\ieframe.dll + 2008-11-10 15:15 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat - 2008-11-10 15:15 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat + 2008-11-11 17:30 . 2009-05-25 22:05 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-11-11 17:30 . 2009-03-11 21:09 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-11-11 17:30 . 2009-05-25 22:05 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-11-11 17:30 . 2009-03-11 21:09 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-05-25 22:05 . 2008-12-20 22:47 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll + 2009-05-25 22:05 . 2009-01-16 23:16 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll + 2009-05-25 22:05 . 2008-12-20 22:46 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll + 2009-05-25 22:05 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat + 2008-11-08 13:40 . 2009-02-09 11:25 2193280 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-11-08 13:40 . 2009-02-09 11:25 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-11-08 13:40 . 2008-08-14 13:24 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2008-11-08 13:40 . 2008-08-14 13:24 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-11-08 13:40 . 2009-02-10 22:07 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-11-08 13:40 . 2009-02-09 11:25 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2008-11-08 13:40 . 2008-08-14 13:24 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-11-10 14:15 . 2009-05-07 03:16 24699336 c:\windows\system32\MRT.exe . -- Snapshot resetado para data atual -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-11-07 133104] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="f:\programas\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Steam"="f:\jogos\Steam\Steam.exe" [2008-10-30 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 86016] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Flashget"="f:\progra~1\FlashGet\FlashGet.exe" [2007-09-25 2007088] "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-07 99840] "Ink Monitor"="c:\arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2003-05-04 258116] "GrooveMonitor"="f:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="f:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="f:\programas\QuickTime\QTTask.exe" [2009-01-05 413696] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ZoneAlarm Client"="f:\programas\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "PWRISOVM.EXE"="f:\programas\PowerISO\PWRISOVM.EXE" [2006-03-18 184320] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-23 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Panta\Menu Iniciar\Programas\Inicializar\ Xfire.lnk - f:\jogos\Xfire\Xfire.exe [2009-4-29 3145552] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ AutoCAD Startup Accelerator.lnk - c:\arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-3-5 11000] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "f:\\programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "f:\\programas\\FlashGet\\flashget.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "f:\\programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "f:\\programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "f:\\programas\\eMule\\emule.exe"= "f:\\programas\\Ultra Fractal 5\\Uf5.exe"= "f:\\Download_Utorrent\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\pes2009.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "f:\\jogos\\Left4Dead\\hl2.exe"= "f:\\jogos\\Xfire\\Xfire.exe"= "f:\\Download_Utorrent\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "f:\\jogos\\Guitar Hero III\\GH3.exe"= "f:\\jogos\\Half-Life 2\\hl2.exe"= "f:\\jogos\\Microsoft Games\\Age of Empires III\\age3y.exe"= "f:\\jogos\\Microsoft Games\\Age of Empires III\\age3x.exe"= "f:\\jogos\\FlatOut Ultimate Carnage\\Fouc.exe"= R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [14/11/2008 22:16 1373480] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/11/2008 19:25 38656] . Conteúdo da pasta 'Tarefas Agendadas' 2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/br/ uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - f:\progra~1\FlashGet\jc_all.htm IE: &Download with FlashGet - f:\progra~1\FlashGet\jc_link.htm IE: E&xportar para o Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Panta\Dados de aplicativos\Mozilla\Firefox\Profiles\0vglj8l6.default\ FF - plugin: f:\programas\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF - plugin: f:\programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: f:\programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin2.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin3.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin4.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin5.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin6.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin7.dll ---- FIREFOX POLICIES ---- f:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-26 18:15 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-606747145-1078081533-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:87,f7,68,24,91,14,a5,77,23,c3,10,6d,a9,a9,3c,2c,cc,da,d9,68,28,99,7b, da,c8,97,51,be,90,e8,f9,41,a0,48,35,38,a9,de,07,c9,9a,0c,9c,9a,d0,65,43,0f,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-606747145-1078081533-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:86,d3,da,15,a1,c7,d3,43,d7,43,2e,1f,87,6e,40,f2,98,2b,c4,76,4b, 0d,28,7c,75,e9,27,2c,56,8b,af,b2,7e,4b,9f,1e,d1,d0,9d,2f,6c,a1,0e,3c,e4,0a,\ "rkeysecu"=hex:59,a1,8e,eb,12,d3,21,f7,e5,ba,93,6c,60,f5,14,8f . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(3304) f:\progra~1\FlashGet\fgmgr.dll f:\jogos\Xfire\xfire_toucan_36913.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\windows\system32\nvsvc32.exe f:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe f:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Tempo para conclusão: 2009-05-26 18:17 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-05-26 21:17 ComboFix2.txt 2009-05-25 12:08 Pré-execução: 7.014.846.464 bytes disponíveis Pós execução: 6.942.273.536 bytes disponíveis 494 --- E O F --- 2009-05-25 22:06 ------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:23:48, on 26/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE F:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe F:\PROGRA~1\FlashGet\FlashGet.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE F:\programas\Microsoft Office\Office12\GrooveMonitor.exe F:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe F:\programas\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe F:\programas\PowerISO\PWRISOVM.EXE C:\Documents and Settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe F:\programas\DAEMON Tools Lite\daemon.exe F:\jogos\Xfire\Xfire.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Panta\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (file missing) O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - F:\programas\TextAloud\TAForIE.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Flashget] F:\PROGRA~1\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200" O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "F:\programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\programas\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\programas\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Panta\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "F:\jogos\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = F:\jogos\Xfire\Xfire.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe O8 - Extra context menu item: &Download All with FlashGet - F:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - F:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - F:\programas\Nero7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - F:\jogos\Need for Speed Undercover\PB\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7659 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Maio 27, 2009 Execute o HijackThis, clique em Do a system scan only, marque a entrada abaixo no log e clique no botão Fix checked O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll (file missing) No mais, os logs estão limpos. Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta. Vá em Iniciar > Executar, digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema e marque a opção "Desativar restauração do sistema" > OK. Após isto, volte neste mesmo local e desmarque a opção. Recomendo que faça uma limpeza na máquina. Baixe o CCleaner e instale-o (sem instalar a toolbar do Yahoo ao término da instalação) Abra o programa e clique em Analisar > Executar Limpeza; Após clique em Registro > Procurar erros > Corrigir erros selecionados. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Junho 3, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
