Ben-Hur 0 Denunciar post Postado Junho 19, 2009 O explorer.exe vem dando erros... algumas vezes seu processo é automaticamente finalizado sendo necessario que eu o inicialize para continuar a ultilizar o pc.Esse problema começou apos um problema com o Msn messenger. Segue o Hiajcklog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:07, on 19/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\Spyware Doctor\pctsTray.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Glass2k\Glass2k.exe C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\WINDOWS\dllmgr.exe C:\Arquivos de programas\DNA\btdna.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\SYSTEM32\zukmqc.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Windows Services] Nrtdl.exe O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe O4 - HKLM\..\Run: [Winsock2 driver] ZUKMQC.EXE O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\RunOnce: [Winsock2 driver] ZUKMQC.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- End of file - 9457 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 20, 2009 Boa Noite! Ben-Hur <@> Baixe: < > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 20, 2009 Segue os logs Combofix e Hijack respectivamente: ComboFix 09-06-18.02 - Administrador 19/06/2009 22:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1498 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\kazaabackupfiles c:\documents and settings\Administrador\l5o5f9l4j2y.exe c:\documents and settings\Administrador\l5o5f9l4j2y7.exe c:\documents and settings\Administrador\update.exe c:\windows\system32\winmgr.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))) . 2009-06-20 00:11 . 2009-06-20 00:11 -------- d-sh--r- C:\MEMORY 2009-06-19 22:16 . 2009-06-19 22:16 91140 ---h--w- c:\windows\system32\uhioay.exe 2009-06-19 22:15 . 2009-06-19 22:15 91140 ---h--w- c:\windows\system32\zukmqc.exe 2009-06-19 21:59 . 2009-06-19 21:59 91140 ----a-w- C:\bus.exe 2009-06-18 20:35 . 2009-06-18 22:02 84996 --sh--r- c:\windows\dllmgr.exe 2009-06-18 20:35 . 2009-06-18 20:39 84996 ----a-w- c:\documents and settings\Administrador\udpte.exe 2009-06-18 18:08 . 2009-06-18 18:08 108544 --sh--r- c:\documents and settings\poste.exe 2009-06-18 17:40 . 2009-06-18 18:08 108544 ----a-w- c:\documents and settings\Administrador\new.exe 2009-06-18 17:40 . 2009-06-18 17:40 -------- d-sh--r- C:\5_5 2009-06-17 17:02 . 2009-06-17 17:02 -------- d-sh--r- C:\NEXT 2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\arquivos de programas\AxBx 2009-06-16 23:57 . 2009-06-16 23:57 91140 ---h--w- c:\windows\system32\ayloyik.exe 2009-06-16 23:55 . 2009-06-16 23:55 91140 ---h--w- c:\windows\system32\jftwqlv.exe 2009-06-16 23:53 . 2009-06-16 23:53 91140 ---h--w- c:\windows\system32\dkpzmsf.exe 2009-06-16 23:50 . 2009-06-20 01:32 200354 ----a-w- c:\windows\system32\log.dll 2009-06-16 23:50 . 2009-06-16 23:50 91140 ---h--w- c:\windows\system32\winctrl.exe 2009-06-16 23:07 . 2009-06-16 23:07 62976 ----a-w- C:\cftmos.exe 2009-06-16 21:16 . 2009-06-16 21:33 84592 ----a-w- c:\documents and settings\Administrador\dada31.exe 2009-06-16 21:13 . 2009-06-16 21:30 84996 --sh--r- c:\windows\Nrtdl.exe 2009-06-16 21:13 . 2009-06-16 21:15 84996 ----a-w- c:\documents and settings\Administrador\dada.exe 2009-06-15 21:54 . 2009-06-15 21:54 -------- d-sh--r- C:\FILES 2009-06-10 22:00 . 2009-06-10 22:00 -------- d-sh--r- C:\DATA 2009-06-04 00:01 . 2009-06-04 00:01 1878984 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-05-23 00:01 . 2009-05-23 00:01 -------- d-----w- c:\arquivos de programas\Defraggler . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 01:29 . 2009-04-08 18:24 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-06-20 01:25 . 2008-12-21 12:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA 2009-06-19 21:55 . 2009-03-13 16:10 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-19 21:55 . 2008-07-30 16:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2009-06-19 21:55 . 2008-12-21 12:17 -------- d-----w- c:\arquivos de programas\DNA 2009-06-18 18:04 . 2009-04-08 18:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor 2009-06-15 22:30 . 2008-07-30 15:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\foobar2000 2009-05-28 15:59 . 2009-03-13 16:06 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware 2009-05-22 23:05 . 2008-10-27 17:10 -------- d-----w- c:\arquivos de programas\CCleaner 2009-05-18 23:27 . 2009-04-08 18:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-05-15 23:55 . 2008-08-09 16:54 34 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat 2009-05-08 21:23 . 2009-05-08 21:23 -------- d-----w- c:\arquivos de programas\Free WMA to MP3 Converter 2009-04-25 20:46 . 2009-04-25 20:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX 2009-04-25 20:46 . 2008-09-25 20:56 -------- d-----w- c:\arquivos de programas\EA Games 2009-04-25 20:17 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite 2009-04-25 20:14 . 2009-04-25 17:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite 2009-04-25 20:14 . 2008-10-21 21:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools 2009-04-25 17:50 . 2009-04-25 17:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-04-25 17:49 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar 2009-04-25 17:22 . 2008-10-21 21:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-04-25 17:21 . 2009-04-25 17:21 -------- d-----w- c:\arquivos de programas\PowerISO 2009-04-25 10:34 . 2008-12-21 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent 2009-04-23 16:26 . 2009-04-23 16:26 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-23 16:26 . 2009-04-23 16:26 -------- d-----w- c:\arquivos de programas\Java 2009-04-23 16:23 . 2009-04-11 22:10 -------- d-----w- c:\arquivos de programas\Total Video Converter 2009-04-23 00:40 . 2008-08-18 01:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire 2009-04-05 15:38 . 2001-10-28 14:07 77658 ----a-w- c:\windows\system32\perfc016.dat 2009-04-05 15:38 . 2001-10-28 14:07 449496 ----a-w- c:\windows\system32\perfh016.dat . ------- Sigcheck ------- [-] 2004-08-04 02:45 803328 048367EF3E654F8FB83E4DBB1E26B81D c:\windows\system32\wininet.dll [7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\VistaMizer\old\wininet.dll [-] 2007-03-11 13:18 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys [-] 2004-08-04 02:45 543744 3550BFE59972A67AC2F7781041D28EA7 c:\windows\system32\winlogon.exe [7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\VistaMizer\old\winlogon.exe [-] 2007-03-11 02:20 2276352 A53C82CFAEA08A66E5BE639BA79B8E3F c:\windows\system32\ntkrnlpa.exe [7] 2007-03-11 02:20 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\VistaMizer\old\ntkrnlpa.exe [-] 2004-08-04 02:40 2409472 4BF58C65F1867CDBD1494561C07CF6FB c:\windows\system32\ntoskrnl.exe [7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\VistaMizer\old\ntoskrnl.exe [-] 2004-08-04 02:45 1552896 D3C07AB98492D1518F5E8341ADBC4F76 c:\windows\explorer.exe [7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\VistaMizer\old\explorer.exe [-] 2004-08-04 02:45 25088 A3F0971DBBA9657034C303B39464EA5B c:\windows\system32\ctfmon.exe [7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\VistaMizer\old\ctfmon.exe [-] 2007-03-11 02:21 1548288 B23D1FC94C037AE5F0E05A78B52596A4 c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-21 342848] "SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Winsock2 driver"="ZUKMQC.EXE" - c:\windows\system32\zukmqc.exe [2009-06-19 91140] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Glass2k"="c:\arquivos de programas\Glass2k\Glass2k.exe" [2007-10-16 56325] "DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 185896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-23 148888] "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2009-03-15 180224] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816] "Windows Dll Management Service"="dllmgr.exe" - c:\windows\dllmgr.exe [2009-06-18 84996] "Winsock2 driver"="ZUKMQC.EXE" - c:\windows\system32\zukmqc.exe [2009-06-19 91140] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 101376] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216] Thoosje Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288] Thoosje Vista Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1715400] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoDevMgrUpdate"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 14:05 356352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-07 15:06 10520 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk backup=c:\windows\pss\WinFlip.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"= "c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"= "c:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Arquivos de programas\\DNA\\btdna.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= "c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"= "c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"= "c:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\System\\poste.exe"= "c:\\Documents and Settings\\Administrador\\new.exe"= "c:\\WINDOWS\\system32\\zukmqc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7700:TCP"= 7700:TCP:THE DUEL "7800:TCP"= 7800:TCP:THE DUEL R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/4/2009 15:24 130936] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/3/2009 12:06 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/3/2009 12:06 107912] R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [17/2/2009 11:43 9968] R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [17/2/2009 11:43 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [7/3/2009 12:06 908056] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 12:06 298264] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/1/2009 18:59 55136] R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [6/2/2009 18:08 533360] R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [17/2/2009 11:43 7408] S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [8/4/2009 15:24 348752] S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?] S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431}] c:\next\FILES\NEXT.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-24KL2R3251431}] c:\memory\S-v-6-2009\PeAcE.exe . . ------- Scan Suplementar ------- . uStart Page = about:blank mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/ IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147 FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-19 22:33 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Winsock2 driver = ZUKMQC.EXE?copper903?##ddos##?alo???????Winsock2 driver?K???fucker?SNapper Fucking BOTS :D??????????mIRC v5.91 Khaled Mardam-Be HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Winsock2 driver = ZUKMQC.EXE?copper903?##ddos##?alo???????Winsock2 driver?K???fucker?SNapper Fucking BOTS :D??????????mIRC v5.91 Khaled Mardam-Be Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\sfc_os.dll c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll . Tempo para conclusão: 2009-06-20 22:35 ComboFix-quarantined-files.txt 2009-06-20 01:35 Pré-execução: 20 pasta(s) 45.549.174.784 bytes disponíveis Pós execução: 20 pasta(s) 45.534.404.608 bytes disponíveis 245 ------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:50:30, on 19/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Glass2k\Glass2k.exe C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\WINDOWS\dllmgr.exe C:\Arquivos de programas\DNA\btdna.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\SYSTEM32\zukmqc.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\explorer.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe O4 - HKLM\..\Run: [Winsock2 driver] ZUKMQC.EXE O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\RunOnce: [Winsock2 driver] ZUKMQC.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- End of file - 8813 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 20, 2009 Bom Dia! Ben-Hur <@> Abra o HijackThis e,em Modo Seguro,dê Fix nestas entradas: O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe O4 - HKLM\..\Run: [Winsock2 driver] ZUKMQC.EXE O4 - HKCU\..\RunOnce: [Winsock2 driver] ZUKMQC.EXE <@> Terminando,volte ao Modo Normal! <><><><><><><><><><> <@> Baixe: < > ( ...by andymanchesta ) <@> Salve-o no Disco Local-C e,descompacte-o aí mesmo. <@> Reinicie o computador em Modo de Segurança. <-- Link! <@> Dê um duplo clique em: < runThis.bat > <!> Caso uma janela abra e feche,repentinamente!<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK! <!> Reinicie o computador e execute,novamente,o SDFix. <!> Caso não funcione,verifique a variável %comspec%. <!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas. <!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe: <!> Valor: %SystemRoot%\system32\cmd.exe <@> Aperte o Y. <@> Aguarde a conclusão! <@> Terminando,aperte Enter. ( Ou,qualquer tecla!) <@> O computador será reiniciado! <@> Aguarde,ainda,a conclusão da limpeza. <@> Poste: Report.txt <-- <><><><><><><><><><> <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt Registry::[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-24KL2R3251431}] [-HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZUKMQC.EXE] [-HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ZUKMQC.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Winsock2 driver"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Winsock2 driver"=- File:: c:\Arquivos de programas\Arquivos comuns\System\poste.exe c:\documents and settings\Administrador\dada31.exe c:\documents and settings\Administrador\udpte.exe c:\documents and settings\Administrador\dada.exe c:\documents and settings\Administrador\new.exe c:\documents and settings\poste.exe c:\windows\system32\winctrl.exe c:\windows\system32\ayloyik.exe c:\windows\system32\jftwqlv.exe c:\windows\system32\dkpzmsf.exe c:\memory\S-v-6-2009\PeAcE.exe c:\windows\system32\uhioay.exe c:\windows\system32\zukmqc.exe c:\windows\system32\log.dll c:\next\FILES\NEXT.exe c:\windows\dllmgr.exe c:\windows\Nrtdl.exe C:\cftmos.exe DirLook:: c:\arquivos de programas\AxBx Folder:: c:\memory\S-v-6-2009 c:\next\FILES C:\MEMORY C:\FILES C:\DATA C:\5_5 C:\NEXT <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 20, 2009 Segue os logs Report, Combofix e Hijackthis respectivamente: SDFix: Version 1.240 Run by Administrador on sáb 20/06/2009 at 13:43 Microsoft Windows XP [versão 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-20 14:03:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Arquivos de programas\DAEMON Tools Lite\" "h0"=dword:00000001 "hdf12"=hex:01,27,f9,9d,93,05,20,1d,8e,32,8b,e6,01,c0,cd,1f,8d,4a,8e,6b,23,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,a7,5c,65,48,3a,a0,a1,29,f3,78,4a,b7,f9,39,b1,68,b9,.. "hdf12"=hex:b1,f8,64,bc,3a,54,a7,ec,6e,32,00,e0,22,49,fa,cf,ad,f8,8f,7e,68,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:6b,8f,2c,be,d3,09,f8,24,d8,fa,39,25,fc,95,f6,f4,d1,f7,9d,eb,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b0,1e,26,be,98,ab,75,6d,64,d6,78,e6,1b,6e,05,f0,1c,e0,2a,6f,1d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:10,04,cc,0b,e6,69,41,1f,29,a4,2d,5e,6e,b8,84,41,8f,48,c4,d5,ca,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0e,e1,ee,7f,90,0e,7d,62,05,20,40,97,73,dc,74,40,aa,9b,cc,12,58,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Arquivos de programas\DAEMON Tools Lite\" "h0"=dword:00000001 "hdf12"=hex:01,27,f9,9d,93,05,20,1d,8e,32,8b,e6,01,c0,cd,1f,8d,4a,8e,6b,23,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,a7,5c,65,48,3a,a0,a1,29,f3,78,4a,b7,f9,39,b1,68,b9,.. "hdf12"=hex:b1,f8,64,bc,3a,54,a7,ec,6e,32,00,e0,22,49,fa,cf,ad,f8,8f,7e,68,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:6b,8f,2c,be,d3,09,f8,24,d8,fa,39,25,fc,95,f6,f4,d1,f7,9d,eb,8a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:b0,1e,26,be,98,ab,75,6d,64,d6,78,e6,1b,6e,05,f0,1c,e0,2a,6f,1d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:10,04,cc,0b,e6,69,41,1f,29,a4,2d,5e,6e,b8,84,41,8f,48,c4,d5,ca,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:0e,e1,ee,7f,90,0e,7d,62,05,20,40,97,73,dc,74,40,aa,9b,cc,12,58,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\DreaMule\\emule.exe"="C:\\Arquivos de programas\\DreaMule\\emule.exe:*:Enabled:Dreamule" "C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit" "C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Arquivos de programas\\Megacubo\\megacubo.exe"="C:\\Arquivos de programas\\Megacubo\\megacubo.exe:*:Enabled:MegaCubo" "C:\\Arquivos de programas\\Garena\\Garena.exe"="C:\\Arquivos de programas\\Garena\\Garena.exe:*:Enabled:Garena" "C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"="C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe:*:Enabled:Client" "C:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"="C:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe:*:Enabled:Guitar Hero III" "C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War" "C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox" "C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" "C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager" "C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"="C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme:*:Enabled:GunBound" "C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"="C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe:*:Enabled:Gunz" "C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"="C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe:*:Enabled:Ultima Online Client" "C:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"="C:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe:*:Enabled:The Duel" "C:\\Arquivos de programas\\Arquivos comuns\\System\\poste.exe"="C:\\Arquivos de programas\\Arquivos comuns\\System\\poste.exe:*:Enabled:Windows Update" "C:\\Documents and Settings\\Administrador\\new.exe"="C:\\Documents and Settings\\Administrador\\new.exe:*:Enabled:Windows Update" "C:\\WINDOWS\\system32\\zukmqc.exe"="C:\\WINDOWS\\system32\\zukmqc.exe:*:Disabled:zukmqc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" Remaining Files : Files with Hidden Attributes : Thu 18 Jun 2009 108,544 ..SHR --- "C:\Documents and Settings\poste.exe" Thu 18 Jun 2009 84,996 ..SHR --- "C:\WINDOWS\dllmgr.exe" Tue 16 Jun 2009 84,996 ..SHR --- "C:\WINDOWS\Nrtdl.exe" Thu 14 May 2009 53,248 A.SHR --- "C:\DATA\FILES\BEAST.exe" Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\ayloyik.exe" Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\dkpzmsf.exe" Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\jftwqlv.exe" Fri 19 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\uhioay.exe" Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\winctrl.exe" Fri 19 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\zukmqc.exe" Thu 18 Jun 2009 108,544 ..SHR --- "C:\Arquivos de programas\Arquivos comuns\System\poste.exe" Sat 21 Feb 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 30 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! ----------------------------------------------------------------------------------------------------------------------------------------- ComboFix 09-06-19.01 - Administrador 20/06/2009 14:15.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1335 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt FILE :: "c:\arquivos de programas\Arquivos comuns\System\poste.exe" "C:\cftmos.exe" "c:\documents and settings\Administrador\dada.exe" "c:\documents and settings\Administrador\dada31.exe" "c:\documents and settings\Administrador\new.exe" "c:\documents and settings\Administrador\udpte.exe" "c:\documents and settings\poste.exe" "c:\memory\S-v-6-2009\PeAcE.exe" "c:\next\FILES\NEXT.exe" "c:\windows\dllmgr.exe" "c:\windows\Nrtdl.exe" "c:\windows\system32\ayloyik.exe" "c:\windows\system32\dkpzmsf.exe" "c:\windows\system32\jftwqlv.exe" "c:\windows\system32\log.dll" "c:\windows\system32\uhioay.exe" "c:\windows\system32\winctrl.exe" "c:\windows\system32\zukmqc.exe" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\5_5 C:\DATA C:\FILES C:\MEMORY C:\NEXT c:\5_5\5\DesKTop.ini c:\arquivos de programas\Arquivos comuns\System\poste.exe C:\cftmos.exe c:\data\FILES\BEAST.exe c:\data\FILES\Desktop.ini c:\documents and settings\Administrador\dada.exe c:\documents and settings\Administrador\dada31.exe c:\documents and settings\Administrador\new.exe c:\documents and settings\Administrador\udpte.exe c:\documents and settings\poste.exe c:\files\REMOVED\Desktop.ini c:\memory\S-v-6-2009\Desktop.ini c:\memory\S-v-6-2009\PeAcE.exe c:\next\FILES\Desktop.ini c:\next\FILES\NEXT.exe c:\windows\dllmgr.exe c:\windows\Nrtdl.exe c:\windows\system32\ayloyik.exe c:\windows\system32\dkpzmsf.exe c:\windows\system32\jftwqlv.exe c:\windows\system32\log.dll c:\windows\system32\uhioay.exe c:\windows\system32\winctrl.exe c:\windows\system32\zukmqc.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))) . 2009-06-20 16:42 . 2009-06-20 16:42 577536 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-06-20 16:41 . 2009-06-20 16:41 -------- d-----w- c:\windows\ERUNT 2009-06-20 16:32 . 2009-06-20 17:04 -------- d-----w- C:\SDFix 2009-06-20 16:29 . 2009-06-20 16:32 1529241 ----a-w- C:\SDFix.exe 2009-06-19 21:59 . 2009-06-19 21:59 91140 ----a-w- C:\bus.exe 2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\arquivos de programas\AxBx 2009-06-04 00:01 . 2009-06-04 00:01 1878984 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-05-23 00:01 . 2009-05-23 00:01 -------- d-----w- c:\arquivos de programas\Defraggler . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-20 17:15 . 2008-12-21 12:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA 2009-06-20 17:05 . 2009-03-13 16:10 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-20 17:05 . 2008-07-30 16:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit 2009-06-20 17:05 . 2008-12-21 12:17 -------- d-----w- c:\arquivos de programas\DNA 2009-06-20 01:29 . 2009-04-08 18:24 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-06-18 18:04 . 2009-04-08 18:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor 2009-06-15 22:30 . 2008-07-30 15:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\foobar2000 2009-05-28 15:59 . 2009-03-13 16:06 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware 2009-05-22 23:05 . 2008-10-27 17:10 -------- d-----w- c:\arquivos de programas\CCleaner 2009-05-18 23:27 . 2009-04-08 18:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-05-15 23:55 . 2008-08-09 16:54 34 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat 2009-05-08 21:23 . 2009-05-08 21:23 -------- d-----w- c:\arquivos de programas\Free WMA to MP3 Converter 2009-04-25 20:46 . 2009-04-25 20:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX 2009-04-25 20:46 . 2008-09-25 20:56 -------- d-----w- c:\arquivos de programas\EA Games 2009-04-25 20:17 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite 2009-04-25 20:14 . 2009-04-25 17:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite 2009-04-25 20:14 . 2008-10-21 21:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools 2009-04-25 17:50 . 2009-04-25 17:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-04-25 17:49 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar 2009-04-25 17:22 . 2008-10-21 21:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-04-25 17:21 . 2009-04-25 17:21 -------- d-----w- c:\arquivos de programas\PowerISO 2009-04-25 10:34 . 2008-12-21 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent 2009-04-23 16:26 . 2009-04-23 16:26 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-23 16:26 . 2009-04-23 16:26 -------- d-----w- c:\arquivos de programas\Java 2009-04-23 16:23 . 2009-04-11 22:10 -------- d-----w- c:\arquivos de programas\Total Video Converter 2009-04-23 00:40 . 2008-08-18 01:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire 2009-04-05 15:38 . 2001-10-28 14:07 77658 ----a-w- c:\windows\system32\perfc016.dat 2009-04-05 15:38 . 2001-10-28 14:07 449496 ----a-w- c:\windows\system32\perfh016.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\arquivos de programas\AxBx ---- 2009-06-17 16:57 . 2009-06-17 16:57 75 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\CleanVirusMSN.url 2009-06-17 16:57 . 2009-06-17 16:57 2378 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\unins000.dat 2009-05-04 15:40 . 2009-05-04 15:40 1972600 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\CleanVirusMSN.exe 2009-05-04 14:58 . 2009-05-04 14:58 345280 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\mdpe_msn2.dat 2009-05-04 14:57 . 2009-05-04 14:57 9309 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\sig_msn2.dat 2009-02-27 13:25 . 2009-02-27 13:25 10612576 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\mdpe_msn.dat 2009-02-27 13:22 . 2009-02-27 13:22 1248048 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\sig_msn.dat 2006-02-07 22:08 . 2006-02-07 22:08 139264 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\vk_sscan.dll 2004-06-27 04:00 . 2004-06-27 04:00 77257 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\unins000.exe ------- Sigcheck ------- [-] 2004-08-04 02:45 803328 048367EF3E654F8FB83E4DBB1E26B81D c:\windows\system32\wininet.dll [7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\VistaMizer\old\wininet.dll [-] 2007-03-11 13:18 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys [-] 2004-08-04 02:45 543744 3550BFE59972A67AC2F7781041D28EA7 c:\windows\system32\winlogon.exe [7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\VistaMizer\old\winlogon.exe [-] 2007-03-11 02:20 2276352 A53C82CFAEA08A66E5BE639BA79B8E3F c:\windows\system32\ntkrnlpa.exe [7] 2007-03-11 02:20 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\VistaMizer\old\ntkrnlpa.exe [-] 2004-08-04 02:40 2409472 4BF58C65F1867CDBD1494561C07CF6FB c:\windows\system32\ntoskrnl.exe [7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\VistaMizer\old\ntoskrnl.exe [-] 2004-08-04 02:45 1552896 D3C07AB98492D1518F5E8341ADBC4F76 c:\windows\explorer.exe [7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\VistaMizer\old\explorer.exe [-] 2004-08-04 02:45 25088 A3F0971DBBA9657034C303B39464EA5B c:\windows\system32\ctfmon.exe [7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\VistaMizer\old\ctfmon.exe [-] 2007-03-11 02:21 1548288 B23D1FC94C037AE5F0E05A78B52596A4 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-20_01.33.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-20 16:46 . 2009-06-20 16:46 16384 c:\windows\temp\Perflib_Perfdata_400.dat + 2009-06-20 16:41 . 2009-06-20 16:41 253952 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2009-06-20 16:41 . 2008-08-07 18:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-06-20 16:41 . 2009-06-20 16:41 253952 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2009-06-20 16:41 . 2008-08-07 18:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-06-20 16:41 . 2009-06-20 16:41 8921088 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2009-06-20 16:41 . 2009-06-20 16:41 8921088 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-21 342848] "SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Glass2k"="c:\arquivos de programas\Glass2k\Glass2k.exe" [2007-10-16 56325] "DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 185896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-23 148888] "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2009-03-15 180224] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 101376] c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\ Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216] Thoosje Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288] Thoosje Vista Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1715400] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoDevMgrUpdate"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 14:05 356352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-07 15:06 10520 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk] path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk backup=c:\windows\pss\WinFlip.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Arquivos de programas\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"= "c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"= "c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"= "c:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Arquivos de programas\\DNA\\btdna.exe"= "c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"= "c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"= "c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"= "c:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7700:TCP"= 7700:TCP:THE DUEL "7800:TCP"= 7800:TCP:THE DUEL R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/4/2009 15:24 130936] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/3/2009 12:06 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/3/2009 12:06 107912] R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [17/2/2009 11:43 9968] R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [17/2/2009 11:43 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [7/3/2009 12:06 908056] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 12:06 298264] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/1/2009 18:59 55136] R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [6/2/2009 18:08 533360] R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [17/2/2009 11:43 7408] S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [8/4/2009 15:24 348752] S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?] S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?] . . ------- Scan Suplementar ------- . uStart Page = about:blank mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/ IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147 FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-20 14:17 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(896) c:\windows\system32\sfc_os.dll c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll . Tempo para conclusão: 2009-06-20 14:19 ComboFix-quarantined-files.txt 2009-06-20 17:19 ComboFix2.txt 2009-06-20 01:35 Pré-execução: 21 pasta(s) 45.404.958.720 bytes disponíveis Pós execução: 21 pasta(s) 45.391.020.032 bytes disponíveis 278 ------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:28:19, on 20/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Glass2k\Glass2k.exe C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\DNA\btdna.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe C:\WINDOWS\system32\CF9947.exe C:\WINDOWS\explorer.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- End of file - 8719 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 20, 2009 Boa Tarde! Ben-Hur <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK. <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! <><><><><><><><><><> <@> Faça um escaneamento,online,em: < Eset Nod32 > <@> Utilize o navegador Internet Explorer. <@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar. <@> Marque a caixa: "YES, I accept the Terms of Use" --> Start. <@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 21, 2009 Segue o log do ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=82c77b3d7e3d9e48a01ea0c18a64e05f # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-21 04:50:33 # local_time=2009-06-21 01:50:33 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1046 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1026 61 83 95 70830149375000 # scanned=60908 # found=2 # cleaned=2 # scan_time=721 C:\Arquivos de programas\Arquivos comuns\System\poste.exe Win32/Injector.QX cavalo de Tróia (limpo por exclusão (após a próxima reinicialização) - em quarentena) 00000000000000000000000000000000 C:\Arquivos de programas\LevelUpGames\The Duel\GunzLauncher.exe provavelmente uma variante de Win32/TrojanDownloader.Agent cavalo de Tróia (limpo por exclusão - em quarentena) 00000000000000000000000000000000 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 21, 2009 Boa Tarde! Ben-Hur <@> Baixe: < Malwarebytes > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <><><><><><><><><><><> <@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 23, 2009 Desculpe a demora....não tive como fazer isso antes... ai segue o log Malwarebytes e Hiajck respectivamente: Malwarebytes' Anti-Malware 1.38 Versão do banco de dados: 2325 Windows 5.1.2600 Service Pack 2 23/6/2009 17:47:21 mbam-log-2009-06-23 (17-47-21).txt Tipo de Verificação: Completa (C:\|D:\|) Objetos verificados: 157404 Tempo decorrido: 24 minute(s), 34 second(s) Processos da Memória infectados: 1 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 1 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 6 Processos da Memória infectados: C:\WINDOWS\dllmgr.exe (Backdoor.Bot) -> Unloaded process successfully. Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Trojan.Agent) -> Quarantined and deleted successfully. Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\dllmgr.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\administrador\clt.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\documents and settings\administrador\suf.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\system volume information\_restore{0c162325-8188-4ae7-8296-b75498d6106e}\RP33\A0004921.exe (Rogue.Installer) -> Quarantined and deleted successfully. c:\WINDOWS\images003-jpg.zip (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Arquivos de programas\Arquivos comuns\System\poste.exe (Trojan.Agent) -> Delete on reboot. ---------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:50:45, on 23/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Glass2k\Glass2k.exe C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Windows\system32\Fixdirs32.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\abod.exe C:\Arquivos de programas\DNA\btdna.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe O4 - HKLM\..\Run: [MSN] C:\Windows\system32\Fixdirs32.exe O4 - HKLM\..\Run: [virx] abod.exe O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- End of file - 9228 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 24, 2009 Boa Noite! Ben-Hur <@> Abra o HijackThis e,em Modo Seguro,dê Fix nestas entradas: O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe O4 - HKLM\..\Run: [MSN] C:\Windows\system32\Fixdirs32.exe O4 - HKLM\..\Run: [virx] abod.exe <@> Reinicie em Modo Normal! <><><><><><><><><> <@> Baixe: < Avenger.zip > <@> Descompacte-o,para o Desktop! <@> Selecione e copie,tudo o que estiver abaixo da palavra CODE,para o Bloco de Notas. Files to delete:C:\Windows\system32\Fixdirs32.exeC:\WINDOWS\dllmgr.exeC:\WINDOWS\abod.exeDrivers to disable:CiSvc <@> Estando desconectado,vá ao Bloco de Notas e aplique os atalhos: ( control + a ) --> ( control + c ) <@> Execute,agora,o Avenger.exe <@> Clique com o direito do mouse,na janela Input script here. <@> Clique em Paste ou ( control + v ). <-- Colar! <@> Clique em Execute. <@> Escolha "Yes",duas vezes,quando solicitado. <@> Terminando o script,o computador será reiniciado. <@> Ps: Na mensagem: "Não há nenhum disco na unidade. Insira um disco na unidade." --> Clique em continuar! <@> É possivel que o computador,seja reiniciado mais de uma vez! <@> Poste: <1> C:\avenger.txt <-- Relatório! <2> Log do HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 24, 2009 segue o log Avenger e Hijack respectivamente: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\system32\Fixdirs32.exe" deleted successfully. Error: file "C:\WINDOWS\dllmgr.exe" not found! Deletion of file "C:\WINDOWS\dllmgr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\abod.exe" deleted successfully. Driver "CiSvc" disabled successfully. Completed script processing. ******************* Finished! Terminate. ------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:16, on 24/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\ARQUIV~1\AVG\AVG8\avgnsx.exe C:\ARQUIV~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Glass2k\Glass2k.exe C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\DNA\btdna.exe C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe -- End of file - 8963 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 25, 2009 Boa Noite! Ben-Hur <@> Baixe: < > (...par A.Rothstein & dj Quiou ) <@> Salve-o no desktop! <@> Feche programas que estejam abertos,e execute a ferramenta. <@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde! <@> Terminando,teremos relacionados os itens que serão removidos. <@> Clique no botão Supression para remover os itens encontrados. <@> Clique,à seguir,em Quitter. <@> Poste,caso queira,o relatório: ( C:\TCleaner.txt ) <-- °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° <@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema. <@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema. <@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok. <@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok. <@> Para maiores detalhes,leia o Tutorial: < Link > °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° <!> O log do HijackThis está limpo! <!> Tudo Ok? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 25, 2009 postarei em breve o log do toolcleaner.... bem, existem duas coisas que ainda me incomodam: 1º- o Windows Live Messenger executa sozinho(nao ao ligar o computador) por exemplo: eu fexo o Windows live Messenger, alguns minutos ou até segundos depois ele "aparece" no canto direito embaixo denovo como se eu nao o tivesse fechado. 2º- Apareceram algumas vezes uma "janelinha" de prompt com uma mensagem de aviso de uma tentativa de invasão ou coisa parecida. obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 25, 2009 postarei em breve o log do toolcleaner.... bem, existem duas coisas que ainda me incomodam: 1º- o Windows Live Messenger executa sozinho(nao ao ligar o computador) por exemplo: eu fexo o Windows live Messenger, alguns minutos ou até segundos depois ele "aparece" no canto direito embaixo denovo como se eu nao o tivesse fechado. 2º- Apareceram algumas vezes uma "janelinha" de prompt com uma mensagem de aviso de uma tentativa de invasão ou coisa parecida. obrigado! <><><><><><><><><> Bom Dia! Ben-Hur 1º- o Windows Live Messenger executa sozinho(nao ao ligar o computador) por exemplo: eu fexo o Windows live Messenger, alguns minutos ou até segundos depois ele "aparece" no canto direito embaixo denovo como se eu nao o tivesse fechado. <!> Procure desabilitá-lo,da inicialização,indo ao Utilitário da configuração do sistema. <!> Ps: Caso não resolva,desinstale-o! Sendo que,durante o processo,escolha Reparar. <><><><><><><><><> 2º- Apareceram algumas vezes uma "janelinha" de prompt com uma mensagem de aviso de uma tentativa de invasão ou coisa parecida. <!> Verificou se está relacionado ao Avg8? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 26, 2009 Bem, nao vou postar o log do ToolCleaner pois ele apenas removeu coisas que para mim eram superficiais, e como voce disse que nao era necessario entao fica por isso mesmo. Porem segue uma imagem da "janelinha" prompt que eu disse: Não sei se possui relaçao com o AVG8.De qualquer maneira pretendo mudar de anti-virus.Penso em instalar o Avast Home Edition. Bem, o problema inicial com o Explorer foi resolvido!Mais uma vez Muito Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 26, 2009 Boa Noite! Ben-Hur Porem segue uma imagem da "janelinha" prompt que eu disse: <!> Pelo visto,ainda,temos malware no PC. Não sei se possui relaçao com o AVG8.De qualquer maneira pretendo mudar de anti-virus.Penso em instalar o Avast Home Edition. <!> O Avira é superior,mas...fica à seu gosto a escolha. <><><><><><><><><><> <@> Utilizando o Windows Explorer,delete o ficheiro em destaque: C:\DOCUME~1\ADMINI~1\red.exe <-- <@> Baixe: < a-squared Free 4.5 > <!> Link Opcional: < > <@> Salve-o em Arquivos de programas. <@> Abra o programa e clique em: Atualizar agora --> Aguarde! <@> Terminando,clique em: "Scan PC" <@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar". <@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena". <@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 29, 2009 Segue o log do A-Square, com algumas observaçoes antes que talves possam ajudar: Obs1:Não foi possivel Desisntalar o AVG pelo seguinte erro: Máquina local: preparado para a instalação Instalação: Erro: Não é possível desinstalar. O produto não está instalado. Obs2:O gerenciador de tarefas quando aberto , se auto-finaliza. Obs3:O Explorer.exe voltou a dar erros ao iniciar o computador. Obs4:O progama Autorun Eater detectou alguns virus provenientes dos pen-drives utilizados neste computador, porem ele nao foi capaz de remove-los. Obs5:O progama a-Square nao foi capaz de remover alguns virus detectados. Obs6:Musicas(audio em geral), Videos(Jogos, etc) e o mouse vem dando "travadinhas" durante a utilização. Segue apartir daqui o log do A-Square: a-squared Free - Versão 4.5 Última atualização 28/6/2009 13:27:03 Configurações da análise: Scan type: deep Objetos: Memória, Rastros, Cookies, C:\, D:\ Análise de arquivos: Ligado Heurística: Desligado Análise de ADS: Ligado Início da análise: 28/6/2009 13:54:36 [296] C:\WINDOWS\dllmgr.exe detectado: Virus.Win32.CeeInject!IK c:\arquivos de programas\bittorrent detectado: Trace.Directory.Bittorrent 5.0!A2 c:\documents and settings\all users\menu iniciar\programas\bittorrent detectado: Trace.Directory.Bittorrent 5.0!A2 Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order detectado: Trace.Registry.Bittorrent 5.0!A2 Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser --> ITBarLayout detectado: Trace.Registry.SweetIM Toolbar for Internet Explorer 3.3!A2 c:\arquivos de programas\bittorrent\bittorrent.exe detectado: Trace.File.Bittorrent 5.0!A2 c:\documents and settings\all users\menu iniciar\programas\bittorrent\bittorrent.lnk detectado: Trace.File.Bittorrent 5.0!A2 c:\documents and settings\administrador\desktop\bittorrent.lnk detectado: Trace.File.Bittorrent 5.0!A2 Key: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\software\kazaa detectado: Trace.Registry.KaZaA!A2 C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2 C:\5_5\5\OG.exe detectado: Trojan.Win32.Buzus!IK C:\Arquivos de programas\DreaMule\incoming\Crack.FLATOUT2.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Arquivos de programas\Electronic Arts\SPORE\Sporebin\SporeApp.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Arquivos de programas\Outlook Express\wab.exe detectado: Trojan-Spy.Zbot!IK C:\Arquivos de programas\Razor\Update.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Backup\World of Warcraft\AptUpdate.exe detectado: Generic.PWS.WoW!IK C:\Backup\World of Warcraft\howow.exe detectado: Generic.PWS.WoW!IK C:\C\Settings\cl.exe detectado: Trojan.Win32.Buzus!IK C:\DATA\FILES\BEAST.exe detectado: Riskware.Win32.VBInject!IK C:\Documents and Settings\Administrador\Configurações locais\Temp\CLK.exe detectado: Trojan.Win32.Buzus!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil18780D24.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil1F163BE4.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil387769F1.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil4B434729.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil66720590.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil87070564.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil8E7BB590.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA032040.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA6A1099.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC040C464.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC4863969.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC55C4B79.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filCCE731D1.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEA6E9B44.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEFB63829.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filF20406C9.dat/unnamed detectado: Trojan.Zlob!IK C:\Documents and Settings\Administrador\Desktop\Desktop Files\Total Video Converter 3.11(serial+programa) PSP_downloads.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Desktop\Downloads\uninstall.exe detectado: Trojan.Swizzor!IK C:\Documents and Settings\Administrador\Meus documentos\Dmailer\Dmailer_for_Lexar_v7_0_334.exe detectado: Trojan.Agent!IK C:\Documents and Settings\Administrador\Meus documentos\Escola\Espanhol.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\MAV\Logomarcas Igreja\Arquivos digitais.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Musicas\Eric Cross 2008 - The Art Of Composition (Hip Hop).rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Musicas\Pregador_Luo-m_sica_de_guerra_-_1__miss_o_2008.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\My Received Files\ENBSeries ben-hur.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\NDS\0696 - Jump Ultimate Stars (U) - PATCH.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Sony Vegas Pro 8.0c Full\Keygen.exe detectado: Riskware.MultiKeygenPatch!IK C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\builds12.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\patch11.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun107.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun113.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun127.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun131.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun149.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun50.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun53.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun56.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun59.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun62.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun64.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun67.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun71.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun75.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun78.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun82.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun86.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun91.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun95.inf detectado: Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun98.inf detectado: Trojan.AutorunINF!IK C:\FILES\REMOVED\BEST.exe detectado: Virus.Trojan.Win32.Buzus!IK C:\MEMORY\S-v-6-2009\PeAcE.exe detectado: Trojan.Win32.Buzus!IK C:\Nsum\F\Tud.exe detectado: Virus.Trojan.Win32.Agent!IK C:\RECYCLER\S-1-5-21-1757981266-1035525444-725345543-500\Dc4.exe detectado: Virus.Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004276.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004293.exe detectado: Trojan-Dropper.Agent!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004295.exe detectado: Virus.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004296.exe detectado: Virus.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004531.exe detectado: Trojan-Spy.Win32.Zbot!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004532.exe detectado: Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004544.exe detectado: Trojan.Win32.Inject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004552.exe detectado: Trojan-Dropper.Agent!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004635.exe detectado: Trojan.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004765.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004767.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004768.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004804.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004805.exe detectado: Trojan.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004821.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004963.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004982.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004998.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005002.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005026.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005041.exe detectado: Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005044.exe detectado: Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005046.exe detectado: Trojan.Win32.Zapchast!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005053.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005066.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005091.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005102.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005103.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005121.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005122.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005146.exe detectado: Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005147.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005165.exe detectado: Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005167.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005168.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005379.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005380.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005384.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005385.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005387.exe detectado: Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005390.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005391.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005392.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005417.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005505.exe detectado: Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005507.exe detectado: Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005524.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005526.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005629.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005631.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005632.exe detectado: Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP40\A0005640.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005677.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005679.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005680.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP42\A0005681.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005684.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005712.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005713.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005716.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005717.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005721.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005745.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005747.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005748.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005749.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005772.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005775.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005920.exe detectado: Trojan.Win32.Ransom!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005924.exe detectado: Trojan-Dropper.Agent!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005925.exe detectado: Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005926.exe detectado: Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005927.exe detectado: Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005928.exe detectado: Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005948.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005992.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006508.exe detectado: Virus.Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006549.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006551.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006554.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006556.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006557.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006558.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006559.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006561.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006566.exe detectado: Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006568.exe detectado: Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006569.exe detectado: Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006571.exe detectado: Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006592.exe detectado: Trojan.Win32.Buzus!IK C:\WINDOWS\dllmgr.exe detectado: Virus.Win32.CeeInject!IK C:\WINDOWS\images003-jpg.zip/Fixdirs32.exe detectado: Riskware.Win32.Injector!IK C:\WINDOWS\system32\ddd\Beclickz.dll detectado: IRC.Flood!IK C:\WINDOWS\system32\ddd\imds.hlp detectado: Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\ionfgs.hlp detectado: Backdoor.IRC.Cloner!IK C:\WINDOWS\system32\ddd\irsss.hlp detectado: Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\ODCB.INI detectado: Trojan.Ircflood!IK C:\WINDOWS\system32\ddd\Refix.ocx detectado: Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\winregs.ocx detectado: Backdoor.IRC.Zapchast!IK D:\BACKUP\AGE OF EMPIRES\Age Of Empires II\mythxpak.exe detectado: Virus.Win32.Sality!IK D:\BACKUP\Ben\WLM_9.0_Beta.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Crysis Warhead\#readme#\paul.original.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Emuladores\Mega\Tiny Toon Adventures - Acme All Stars (E)_emulabr.com.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Emuladores\N64\Roms\marioparty3.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Fotos\Backup Maquina\Backup Maquina.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\PES2009\brasileirao\PES2009_EDIT01.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\Client 300000000000000000000.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\EasyUO.exe detectado: Trojan-Downloader.Win32.VB!IK D:\Ultima Online Utilitarios\Kit Dimension.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\kit_dgshard.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\Macros.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK Analisado Arquivos: 192477 Objetos: 619200 Cookies: 147 Processos: 50 Encontrado Arquivos: 173 Objetos: 8 Cookies: 1 Processos: 1 Chaves do registro: 0 Fim da análise: 28/6/2009 15:46:05 Duração da análise: 1:51:29 D:\Ultima Online Utilitarios\EasyUO.exe Em quarentena Trojan-Downloader.Win32.VB!IK D:\BACKUP\AGE OF EMPIRES\Age Of Empires II\mythxpak.exe Em quarentena Virus.Win32.Sality!IK C:\WINDOWS\system32\ddd\ODCB.INI Em quarentena Trojan.Ircflood!IK C:\WINDOWS\system32\ddd\ionfgs.hlp Em quarentena Backdoor.IRC.Cloner!IK C:\WINDOWS\system32\ddd\imds.hlp Em quarentena Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\irsss.hlp Em quarentena Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\Refix.ocx Em quarentena Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\winregs.ocx Em quarentena Backdoor.IRC.Zapchast!IK C:\WINDOWS\system32\ddd\Beclickz.dll Em quarentena IRC.Flood!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005920.exe Em quarentena Trojan.Win32.Ransom!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP40\A0005640.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005679.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP42\A0005681.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005684.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005712.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005716.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005747.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005749.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005775.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006556.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006571.exe Em quarentena Riskware.Win32.DelfInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005046.exe Em quarentena Trojan.Win32.Zapchast!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005044.exe Em quarentena Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005507.exe Em quarentena Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005927.exe Em quarentena Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005928.exe Em quarentena Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006569.exe Em quarentena Riskware.Win32.Injector!IK C:\WINDOWS\images003-jpg.zip/Fixdirs32.exe Em quarentena Riskware.Win32.Injector!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004635.exe Em quarentena Trojan.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004805.exe Em quarentena Trojan.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004544.exe Em quarentena Trojan.Win32.Inject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004531.exe Em quarentena Trojan-Spy.Win32.Zbot!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004295.exe Em quarentena Virus.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004296.exe Em quarentena Virus.Win32.VB!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004293.exe Em quarentena Trojan-Dropper.Agent!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004552.exe Em quarentena Trojan-Dropper.Agent!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005924.exe Em quarentena Trojan-Dropper.Agent!IK C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK C:\FILES\REMOVED\BEST.exe Em quarentena Virus.Trojan.Win32.Buzus!IK C:\RECYCLER\S-1-5-21-1757981266-1035525444-725345543-500\Dc4.exe Em quarentena Virus.Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006508.exe Em quarentena Virus.Trojan.Win32.Buzus!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun107.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun113.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun127.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun131.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun149.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun50.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun53.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun56.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun59.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun62.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun64.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun67.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun71.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun75.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun78.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun82.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun86.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun91.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun95.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun98.inf Em quarentena Trojan.AutorunINF!IK C:\Documents and Settings\Administrador\Meus documentos\Sony Vegas Pro 8.0c Full\Keygen.exe Em quarentena Riskware.MultiKeygenPatch!IK C:\Documents and Settings\Administrador\Meus documentos\Dmailer\Dmailer_for_Lexar_v7_0_334.exe Em quarentena Trojan.Agent!IK C:\Documents and Settings\Administrador\Desktop\Downloads\uninstall.exe Em quarentena Trojan.Swizzor!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil18780D24.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil1F163BE4.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil387769F1.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil4B434729.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil66720590.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil87070564.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil8E7BB590.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA032040.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA6A1099.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC040C464.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC4863969.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC55C4B79.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filCCE731D1.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEA6E9B44.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEFB63829.dat/unnamed Em quarentena Trojan.Zlob!IK C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filF20406C9.dat/unnamed Em quarentena Trojan.Zlob!IK C:\DATA\FILES\BEAST.exe Em quarentena Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004532.exe Em quarentena Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005146.exe Em quarentena Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005165.exe Em quarentena Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005387.exe Em quarentena Riskware.Win32.VBInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005632.exe Em quarentena Riskware.Win32.VBInject!IK C:\Backup\World of Warcraft\AptUpdate.exe Em quarentena Generic.PWS.WoW!IK C:\Backup\World of Warcraft\howow.exe Em quarentena Generic.PWS.WoW!IK C:\Arquivos de programas\Outlook Express\wab.exe Em quarentena Trojan-Spy.Zbot!IK C:\Arquivos de programas\DreaMule\incoming\Crack.FLATOUT2.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Arquivos de programas\Electronic Arts\SPORE\Sporebin\SporeApp.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Arquivos de programas\Razor\Update.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Desktop\Desktop Files\Total Video Converter 3.11(serial+programa) PSP_downloads.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Escola\Espanhol.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\MAV\Logomarcas Igreja\Arquivos digitais.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Musicas\Eric Cross 2008 - The Art Of Composition (Hip Hop).rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\Musicas\Pregador_Luo-m_sica_de_guerra_-_1__miss_o_2008.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\My Received Files\ENBSeries ben-hur.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\NDS\0696 - Jump Ultimate Stars (U) - PATCH.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\builds12.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\patch11.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005041.exe Em quarentena Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005505.exe Em quarentena Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005925.exe Em quarentena Backdoor.Win32.Gaertob!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005926.exe Em quarentena Backdoor.Win32.Gaertob!IK D:\BACKUP\Ben\WLM_9.0_Beta.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Crysis Warhead\#readme#\paul.original.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Emuladores\Mega\Tiny Toon Adventures - Acme All Stars (E)_emulabr.com.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Emuladores\N64\Roms\marioparty3.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Fotos\Backup Maquina\Backup Maquina.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\PES2009\brasileirao\PES2009_EDIT01.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\Client 300000000000000000000.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\Kit Dimension.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\kit_dgshard.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK D:\Ultima Online Utilitarios\Macros.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK C:\5_5\5\OG.exe Em quarentena Trojan.Win32.Buzus!IK C:\C\Settings\cl.exe Em quarentena Trojan.Win32.Buzus!IK C:\Documents and Settings\Administrador\Configurações locais\Temp\CLK.exe Em quarentena Trojan.Win32.Buzus!IK C:\MEMORY\S-v-6-2009\PeAcE.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004276.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004765.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004767.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004768.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004804.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004821.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004963.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004982.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004998.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005002.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005026.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005053.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005066.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005091.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005102.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005103.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005121.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005122.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005147.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005167.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005168.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005384.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005385.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005417.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005524.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005526.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005629.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005631.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005677.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005680.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005713.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005717.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005745.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005748.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005772.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005948.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005992.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006549.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006554.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006557.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006561.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006566.exe Em quarentena Trojan.Win32.Buzus!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006592.exe Em quarentena Trojan.Win32.Buzus!IK C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt Em quarentena Trace.TrackingCookie.atdmt!A2 Key: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\software\kazaa Em quarentena Trace.Registry.KaZaA!A2 c:\arquivos de programas\bittorrent\bittorrent.exe Em quarentena Trace.File.Bittorrent 5.0!A2 c:\documents and settings\all users\menu iniciar\programas\bittorrent\bittorrent.lnk Em quarentena Trace.File.Bittorrent 5.0!A2 c:\documents and settings\administrador\desktop\bittorrent.lnk Em quarentena Trace.File.Bittorrent 5.0!A2 Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser --> ITBarLayout Em quarentena Trace.Registry.SweetIM Toolbar for Internet Explorer 3.3!A2 Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order Em quarentena Trace.Registry.Bittorrent 5.0!A2 c:\arquivos de programas\bittorrent Em quarentena Trace.Directory.Bittorrent 5.0!A2 c:\documents and settings\all users\menu iniciar\programas\bittorrent Em quarentena Trace.Directory.Bittorrent 5.0!A2 [296] C:\WINDOWS\dllmgr.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005379.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005380.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005390.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005391.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005392.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005721.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006551.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006558.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006559.exe Em quarentena Virus.Win32.CeeInject!IK C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006568.exe Em quarentena Virus.Win32.CeeInject!IK C:\WINDOWS\dllmgr.exe Em quarentena Virus.Win32.CeeInject!IK C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK Em quarentena Arquivos: 176 Objetos: 8 Cookies: 1 C:\Nsum\F\Tud.exe Excluído Virus.Trojan.Win32.Agent!IK C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt Excluído Trace.TrackingCookie.atdmt!A2 C:\Nsum\F\Tud.exe Excluído Virus.Trojan.Win32.Agent!IK C:\Nsum\F\Tud.exe Excluído Virus.Trojan.Win32.Agent!IK Excluído Arquivos: 3 Objetos: 0 Cookies: 1 Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 29, 2009 Boa Tarde! Ben-Hur <@> A desinstalação do AVG8,sempre foi problemática! <@> Baixe: < avgremover > <@> Execute,portanto,essa ferramenta para a desinstalação. <><><><><><><><><><> <@> Baixe: < AVPTool > ( by Kaspersky Labs ) <@> Salve-o em Arquivos de Programas,e instale-o aí mesmo! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Dê início ao exame,clicando em "Scan". <@> A verificação é muito demorada. <-- Aguarde! <@> Caso seja encontrada infecções,clique em "disinfect". <@> Terminando,clique na aba Events. <@> Desmarque a caixa de seleção "Show all events". <@> Clique em "Save to file". <@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem! <><><><><><><><><><> <@> Baixe: < DDS > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall. <@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr. <@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <-- <@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim. <@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <-- <@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan. <@> Outra janela,finalmente,abrir-se-à! --> Clique em OK. <@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Ben-Hur 0 Denunciar post Postado Junho 30, 2009 Obs1: após a remoçao do AVG e a instalaçao do Avast, o Avast encontou varios virus. Obs2: após a remoçao dos virus pelo avast o ploblema com o Explorer.exe nao persistiu. Obs3:Com relação as "travadinhas" que eu havia dito, li que poderia ser o HD que pudesse estar danificado. Existe algum meio de comprovar isso? Segue os Logs Kaspersky, DDS e Attach: Scan ---- Scanned: 1386 Detected: 3 Untreated: 0 Start time: 30/6/2009 13:48:44 Duration: 00:02:32 Finish time: 30/6/2009 13:51:16 Detected -------- Status Object ------ ------ deleted: Trojan program Trojan.Win32.Agent.cnbc File: c:\thun\f\thund.exe deleted: Trojan program Trojan.Win32.Buzus.bhok File: c:\5_5\5\og.exe deleted: Trojan program Trojan.Win32.Buzus.bizq File: c:\c\settings\cl.exe Events ------ Time Name Status Reason ---- ---- ------ ------ 30/6/2009 13:49:49 File: c:\thun\f\thund.exe detected Trojan program 'Trojan.Win32.Agent.cnbc' 30/6/2009 13:49:50 File: c:\thun\f\thund.exe not disinfected postponed 30/6/2009 13:49:50 File: c:\5_5\5\og.exe detected Tro 563 j 563 an program 'Trojan.Win32.Buzus.bhok' 30/6/2009 13:49:50 File: c:\5_5\5\og.exe not disinfected postponed 30/6/2009 13:49:50 File: c:\c\settings\cl.exe detected Trojan program 'Trojan.Win32.Buzus.bizq' 30/6/2009 13:49:50 File: c:\c\settings\cl.exe not disinfected postponed 30/6/2009 13:50:37 File: c:\thun\f\thund.exe detected Trojan program 'Trojan.Win32.Agent.cnbc' 30/6/2009 13:51:12 Startup object: HKLM\Software\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX5-314CCA314112}\{67KLN5J0-4OPM-01WE-AAX5-314CCA314112} deleted 30/6/2009 13:51:13 File: c:\thun\f\thund.exe deleted 30/6/2009 13:51:13 File: c:\5_5\5\og.exe detected Trojan program 'Trojan.Win32.Buzus.bhok' 30/6/2009 13:51:14 Startup object: HKLM\Software\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX5-314CCA324372}\{67KLN5J0-4OPM-01WE-AAX5-314CCA324372} deleted 30/6/2009 13:51:15 File: c:\5_5\5\og.exe deleted 30/6/2009 13:51:15 File: c:\c\settings\cl.exe detected Trojan program 'Trojan.Win32.Buzus.bizq' 30/6/2009 13:51:16 Startup object: HKLM\Software\Microsoft\Active Setup\Installed Components\{67XOR2B0-3G 2b1b MC-89V 564 V-JIJ1-32KL2R3233771}\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771} deleted 30/6/2009 13:51:16 File: c:\c\settings\cl.exe deleted Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 1386 3 3 0 0 2 128 0 0 System memory 701 0 0 0 0 1 0 0 0 Startup objects 682 3 3 0 0 1 128 0 0 Disk boot sectors 3 0 0 0 0 0 0 0 0 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- ------------------------------------------------------------ DDS (Ver_09-06-26.01) - NTFSx86 Run by Administrador at 14:25:58,95 on ter 30/06/ 563 2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1534 [GMT -3:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe C:\Arquivos de programas\Canon\MultiPASS\mpservic.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Glass2k\Glass2k.exe C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\syst 563 em32\RUNDLL32.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\DNA\btdna.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe C:\Documents and Settings\Administrador\Desktop\Downloads\thoosje-sidebar-3.0-installer.exe C:\Arquivos de programas\Thoosje Vista Sidebar\Thoosje Sidebar.exe C:\Documents and Settings\Administrador\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/ BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\a 564 rquivos de programas\windows live\family safety\fssbho.dll BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\arquivos de programas\windows live\messenger\wlchtc.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\arquivos de programas\styler\tb\StylerTB.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows 563 live\toolbar\wltcore.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [VisualTaskTips] "c:\arquivos de programas\visualtasktips\VisualTaskTips.exe" noTrayIcon uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe" uRun: [sUPERAntiSpyware] c:\arquivos de programas\superantispyware\SUPERAntiSpyware.exe uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun uRun: [uIWatcher] c:\arquivos de programas\ashampoo\ashampoo uninstaller 4\UIWatcher.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Glass2k] c:\arquivos de programas\glass2k\Glass2k.exe mRun: [DrvIcon] c:\arquivos de programas\vistadriveicon\DrvIcon.exe mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbar 564 Init mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe" mRun: [PWRISOVM.EXE] c:\arquivos de programas\poweriso\PWRISOVM.EXE mRun: [Windows Dll Management Service] dllmgr.exe mRun: [Windows Driver] UDSERV.EXE mRun: [Autorun Eater] c:\arquivos de programas\autorun eater\oldmcdonald.exe mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\blaero~1.lnk - c:\arquivos de programas\blaero start orb\Blaero Start Orb 2.0.exe StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\thoosj~1.lnk - c:\arquivos de programas\thoosje sidebar v2.3\Thoosje Vista Sidebar.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoD 563 evMgrUpdate = 0 (0x0) IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office11\REFIEBAR.DLL DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp:// 563 java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\arquivos de programas\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\2uxhzj0s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\documents and settings\all users\dados de aplicativos\nexonus\ngm\npNxGameUS.dll FF - HiddenExtens 564 ion: Java Console: No Registry Reference - c:& 564 #092;arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-8 130936] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-29 114768] R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\superantispyware\SASDIFSV.SYS [2009-2-17 9968] R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\superantispyware\SASKUTIL.SYS [2009-2-17 55024] R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared free\a2service.exe [2009-6-28 718880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-29 20560] R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2009-6-29 138680] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-9 55136] R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de program 563 as\windows live\family safety\fsssvc.exe 563 [2009-2-6 533360] R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] R3 SASENUM;SASENUM;c:\arquivos de programas\superantispyware\SASENUM.SYS [2009-2-17 7408] S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2009-6-29 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2009-6-29 352920] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admini~1\config~1\temp\cprf.tmp --> c:\docume~1\admini~1\config~1\temp\CPRF.tmp [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\spyware doctor\pctsAuxs.exe [2009-4-8 348752] S3 sdCoreService;PC Tools Security Service;c:\arquivos de programas\spyware doctor\pctsSvc.exe [2009-4-8 1095560] S3 XDva186;XDva186;\??\c:\windows\system32\xdva186.sys --> c:\windows\system32\XDva186.sys [?] S3 XDva223;XDva223;\??\c:\windows\system32\xdva223.sys --> c:\windows\system32\XDva223.sys [?] =============== Created 564 Last 30 ================ 2009-06-30 14:14 <DIR> --d- 564 ---- c:\arquivos de programas\Thoosje Vista Sidebar 2009-06-30 13:40 819,232 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-06-30 13:40 11,720 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-06-30 12:38 42,633,504 a------- c:\arquivos de programas\setup_7.0.0.290_30.06.2009_17-01.exe 2009-06-29 16:31 1,060,864 a------- c:\windows\system32\MFC71.dll 2009-06-28 13:46 71,168 a------- c:\documents and settings\administrador\update.exe 2009-06-28 13:46 47,149 a------- c:\documents and settings\administrador\VDysx5.exe 2009-06-28 12:25 <DIR> --d----- c:\arquivos de programas\a-squared Free 2009-06-28 12:13 <DIR> --d----- C:\Hijack 2009-06-28 11:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Autorun Eater 2009-06-28 11:53 <DIR> --d----- c:\arquivos de programas\Autorun Eater 2009-06-28 11:52 53,540,608 a------- c:\arquivos de programas\a2FreeSetup.exe 2009-06-28 11:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ashampoo 2009-06-28 11:47 39,776 a------- c:\windows\system32\DfSdkBt64.exe 2009-06-28 11:47 33,632 a------- c:\windows\system32\DfSdkBt.exe 200 563 9-06-28 11:47 <DIR> --d----- c:\arquivos de programas& 563 #092;Ashampoo 2009-06-27 09:51 17,597 a------- c:\windows\MPTBox.INI 2009-06-25 21:45 33,951 a------- c:\windows\system32\log.dll 2009-06-25 21:45 <DIR> --d----- c:\windows\system32\kazaabackupfiles 2009-06-25 21:37 <DIR> --d----- c:\windows\mpass XP patch 2009-06-25 21:28 <DIR> --d----- c:\windows\NTBJRSTR 2009-06-25 21:27 <DIR> --d----- c:\arquivos de programas\Canon 2009-06-25 20:55 <DIR> --d----- c:\temp\C530 2009-06-25 20:55 <DIR> --d----- C:\Temp 2009-06-25 13:20 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-06-25 13:20 <DIR> --dshr-- C:\C 2009-06-25 12:38 8,976 a----r-- c:\windows\system32\MPRSTR.DRV 2009-06-25 12:38 60 a----r-- c:\windows\system32\CANONBJ.HLP 2009-06-23 16:29 <DIR> --dshr-- C:\Nsum 2009-06-23 13:12 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Malwarebytes 2009-06-23 13:10 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-23 13:10 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-23 13:10 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ma 563 lwarebytes 2009-06-23 13:10 <DIR> --d----- c:\arquivos de progr 563 amas\Malwarebytes' Anti-Malware 2009-06-22 18:28 <DIR> --d----- c:\windows\system32\ddd 2009-06-21 13:24 <DIR> --d----- c:\arquivos de programas\ESET 2009-06-21 08:18 <DIR> --dshr-- C:\Thun 2009-06-21 08:17 <DIR> --dshr-- C:\5_5 2009-06-20 17:41 <DIR> --dshr-- C:\FILES 2009-06-20 17:00 401,920 a------- c:\windows\system32\CF9623.exe 2009-06-20 16:59 401,920 a------- c:\windows\system32\cmd.execf 2009-06-20 16:16 <DIR> --dshr-- C:\DATA 2009-06-20 14:40 <DIR> --dshr-- C:\MEMORY 2009-06-20 13:42 577,536 a------- c:\windows\system32\dllcache\user32.dll 2009-06-20 13:41 <DIR> --d----- c:\windows\ERUNT 2009-06-20 13:41 <DIR> --d----- C:\Backups 2009-06-19 22:30 161,792 a------- c:\windows\SWREG.exe 2009-06-19 22:30 155,136 a------- c:\windows\PEV.exe 2009-06-19 22:30 98,816 a------- c:\windows\sed.exe ==================== Find3M ==================== 2009-05-18 20:27 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-05-15 20:55 34 a------- c:\documents and settings\administrador\jagex_runescape_preferences.dat 2009-04-23 13:26 410,98 564 4 a------- c:\windows\system32\deploytk.dll 2009-04-05 12:38 449 564 ,496 a------- c:\windows\system32\perfh016.dat 2009-04-05 12:38 77,658 a------- c:\windows\system32\perfc016.dat ============= FINISH: 14:26:22,92 =============== --------------------------------------------------------------------------------------------------- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 30/7/2008 09:14:08 System Uptime: 30/6/2009 13:57:23 (1 hours ago) Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 146 GiB total, 46,17 GiB free. D: is FIXED (NTFS) - 86 GiB total, 24,202 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Descript 563 ion: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC Device ID: PCI& 563 #092;VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&3A0400F3&0&00E1 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&3A0400F3&0&00E1 Service: RTLE8023xp Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi ==== System Restore Points =================== RP27: 18/6/2009 15:04:35 - Spyware Doctor: Cleaning Threats RP28: 18/6/2009 15:19:55 - Spyware Doctor: Cleaning Threats RP29: 19/6/2009 22:28:03 - Ponto de verificação do sistema RP30: 21/6/2009 14:12:46 - Ponto de verificação do sistema RP31: 21/6/2009 14:34:37 - Removed Ultima Online: Mondain's Legacy RP32: 21/6/2009 14:36:27 - Installed Ultima Online: Mondain's Legacy RP33: 22/6/2009 15:41:51 - Ponto de verificação do sistema RP34: 23/6/2009 17:45:50 - Ponto de verificação do sistema RP35: 25/6/2009 10:58:11 - Ponto de verificação do sistema RP36: 25/6/2009 12:38:00 - Driver de impressora não assinado Canon MultiPASS C5 instalado. RP37: 25/6/2009 12:40:44 - Driver 564 de impressora não assinado Canon MultiPASS C5 instalado. RP38: 25/6/2009 12:5 564 5:36 - Operação de restauração RP39: 25/6/2009 13:20:11 - Operação de restauração RP40: 25/6/2009 21:28:50 - Driver de impressão Canon MultiPASS C530 Fax instalado RP41: 25/6/2009 21:28:56 - Driver de impressão Canon MultiPASS C530 Printer instalado RP42: 25/6/2009 21:35:35 - Driver de impressora não assinado Canon MultiPASS C5 instalado. RP43: 25/6/2009 21:37:23 - Driver de impressora não assinado Canon MultiPASS C5 instalado. RP44: 27/6/2009 09:53:54 - Removed FlatOut2 RP45: 28/6/2009 12:53:39 - Ponto de verificação do sistema RP46: 29/6/2009 16:17:29 - Removed AVG Free 8.5 RP47: 29/6/2009 16:18:30 - Removed AVG Free 8.5 RP48: 29/6/2009 16:34:21 - Installed AVG Free 8.0 ==== Installed Programs ====================== a-squared Free 4.5 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Arquivo do WinRAR Ashampoo UnInstaller 4.00 Assassin's Creed Assistente de Conexão do Windows Live Atualização para Windows XP (KB898461) Autorun Eater v2.4 avast! Antivirus BitTorrent CCleaner (remove only) Choice Guard Counter-Strike Crysis WARHEAD® Defraggler (remove only) DNA DVD2one V2.3.0 ESET Online Scanner v3 Ferramenta de Carregamento do Windows Live foobar2000 v0.9.5.4 Foxit Reader Free WMA to MP3 Converter 1.16 Garena Gears of War GTA San Andreas Guitar Hero III Ham 563 achi 1.0.3.0 High Definition Audio Driver Package - KB888111 Hotfix for Window 563 s XP (KB926239) ImageMixer 3 Java 6 Update 13 Junk Mail filter update K-Lite Codec Pack 3.8.5 Full LimeWire 5.0.11 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Games for Windows - LIVE Redistributable Microsoft Office Live Add-in 1.3 Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.11) MSVCRT Need for Speed Underground 2 Nero Suite NotePad++ 3.6 NVIDIA Drivers NVIDIA PhysX v8.09.04 Orbit Downloader Photo Viewer 2.3 Picture Package Music Transfer PowerISO Ragnarok Online RealPlayer REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Segoe UI Skype™ 3.8 Sony Media Manager 2.2 Sony Picture Utility Sony Vegas 7.0 SopCast 3.0.3 SPORE™ Spyware Doctor 6.0 Steam SUPERAntiSpyware Free Edition System Requirements Lab Thoosje Vista Sidebar Ultima Onlin 4e2 e: Mondain's Legacy VDownloader 0.82 VistaMizer 2.5.2.0 Visual Task Tips 3.3 Warcraft III: 47e All Products WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live Mail Windows Live Messenger Windows Live Proteção para a Família Windows Live Sync Windows Live Toolbar Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows Movie Maker 2.0 World of Warcraft Xbox 360 Controller for Windows ==== Event Viewer Messages From Past Week ======== 28/6/2009 17:32:37, Informações: Windows File Protection [64005] - O sistema de arquivos protegido wab.exe não pôde ser restaurado para sua versão válida original porque o processo de restauração 'Proteção de arquivos do Windows' foi cancelado pela interação do usuário; o nome de usuário é Administrador. A versão do arquivo incorreto é desconhecido. 25/6/2009 21:30:01, Informações: Windows File Protection [64005] - O sistema de arquivos protegido comcat.dll não pôde ser restaurado para sua versão válida original porque o processo de restauração 'Proteção de ar 621 61c quivos do Windows' foi cancelado pela interação do usuário; o nome de usuário é Administrador. A versão do arquivo incorreto é 4.71.1441.1. ==== End Of File =========================== Abraço! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 1, 2009 Bom Dia! Ben-Hur Obs3:Com relação as "travadinhas" que eu havia dito, li que poderia ser o HD que pudesse estar danificado. Existe algum meio de comprovar isso? <!> Somente retirando o HD,e levando-o a um Técnico. <!> Ps: Avarias em um dos pentes de memória,também causam esses sintomas. <><><><><><><><><><><> <@> Baixe,novamente,o ComboFix.exe. <@> Salve-o no desktop! <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt Folder::c:\windows\system32\ddd C:\C\settings C:\thun\f C:\5_5\5 C:\C C:\Nsum C:\Thun C:\5_5 C:\FILES C:\DATA C:\MEMORY File:: C:\docume~1\admini~1\config~1\temp\CPRF.tmp C:\DOCUME~1\ADMINI~1\red.exe C:\windows\dllmgr.exe DDS:: TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe" mRun: [Windows Dll Management Service] dllmgr.exe mRun: [Windows Driver] UDSERV.EXE Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UDSERV.EXE] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Dll Management Service"=- "Windows Driver"=- Driver:: "GarenaPEngine" <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
