[Resolvido!] Análise de log

[FelipeTW 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:35, on 29/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\csrcs.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\net.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

 

--

End of file - 9518 bytes

[Sam Spade 2]

Olá FelipeTW! Baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui.

 

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

 

• Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  
• Se houver atualizações a serem feitas, serão baixadas e instaladas.
  
• Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  
• Começará então o exame. Aguarde, pois pode demorar.
  
• Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  
• Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  
• Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  
• O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  
• Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
  

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

[FelipeTW 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:32:01, on 29/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

 

--

End of file - 9636 bytes

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2873

Windows 5.1.2600 Service Pack 3

 

29/9/2009 22:28:28

mbam-log-2009-09-29 (22-28-28).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 90262

Tempo decorrido: 2 minute(s), 30 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[Sam Spade 2]

Ok, baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  
• Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[FelipeTW 0]

ComboFix 09-10-04.01 - Administrador 04/10/2009 16:02.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1489 [GMT -3:00]

Executando de: c:\downloads\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091004-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\burnlib.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\dsp_sps.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_aacplus.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_flac.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_flake.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_lame.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_vorbis.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_wav.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\enc_wma.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_crasher.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_ff.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_hotkeys.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_jumpex.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_ml.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_timerestore.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\gen_tray.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_cdda.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_dshow.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_flac.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_flv.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_linein.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_midi.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_mod.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_mp3.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_mp4.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_nsv.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_swf.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_vorbis.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_wav.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_wave.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_wm.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\in_wv.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_autotag.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_bookmarks.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_dash.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_disc.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_history.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_impex.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_local.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_nowplaying.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_online.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_orb.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_playlists.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_plg.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_pmp.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_rg.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_transcode.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\ml_wire.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\out_disk.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\out_ds.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\out_wave.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\playlist.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\pmp_activesync.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\pmp_ipod.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\pmp_njb.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\pmp_p4s.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\pmp_usb.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\tagz.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\vis_avs.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\vis_milk2.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\vis_nsfs.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\winamp.lng

c:\docume~1\ADMINI~1\CONFIG~1\Temp\WLZBDC5.tmp\winampa.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\burnlib.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\dsp_sps.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_aacplus.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_flac.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_flake.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_lame.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_vorbis.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_wav.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\enc_wma.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_crasher.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_ff.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_hotkeys.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_jumpex.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_ml.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_timerestore.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\gen_tray.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_cdda.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_dshow.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_flac.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_flv.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_linein.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_midi.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_mod.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_mp3.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_mp4.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_nsv.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_swf.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_vorbis.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_wav.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_wave.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_wm.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\in_wv.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_autotag.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_bookmarks.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_dash.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_disc.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_history.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_impex.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_local.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_nowplaying.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_online.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_orb.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_playlists.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_plg.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_pmp.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_rg.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_transcode.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\ml_wire.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\out_disk.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\out_ds.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\out_wave.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\playlist.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\pmp_activesync.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\pmp_ipod.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\pmp_njb.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\pmp_p4s.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\pmp_usb.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\tagz.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\vis_avs.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\vis_milk2.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\vis_nsfs.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\winamp.lng

c:\documents and settings\Administrador\Configurações locais\Temp\WLZBDC5.tmp\winampa.lng

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\eBayShortcuts.exe

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\system32\AutoRun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_POWERMANAGER

-------\Service_PowerManager

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-04 to 2009-10-04 ))))))))))))))))))))))))))))

.

 

2009-10-04 18:44 . 2009-10-04 18:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2009-10-04 18:44 . 2009-10-04 18:44 -------- d-----w- c:\arquivos de programas\Real

2009-10-04 18:43 . 2009-10-04 18:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2009-10-04 17:51 . 2008-03-21 16:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2009-10-04 17:51 . 2009-10-04 17:51 -------- d-----w- c:\windows\LastGood.Tmp

2009-10-04 15:34 . 2009-10-04 15:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Dragon Altar Games

2009-10-04 15:33 . 2009-10-04 16:15 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-04 15:32 . 2009-10-04 15:33 -------- d-----w- c:\arquivos de programas\Veronica Rivers - Portals to the Unknown

2009-10-04 15:28 . 2009-10-04 15:28 -------- d-----w- c:\arquivos de programas\bfgclient

2009-10-04 15:28 . 2009-10-04 16:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BigFishGamesCache

2009-10-02 16:01 . 2009-10-02 16:01 -------- d-----w- c:\windows\ASUSInstAll

2009-10-02 16:00 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

2009-10-02 15:55 . 2004-08-12 18:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys

2009-10-02 15:54 . 2006-10-11 03:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

2009-10-01 22:55 . 2009-10-01 22:55 -------- d-----w- c:\windows\nview

2009-10-01 21:21 . 2009-10-01 21:21 -------- d-----w- C:\MyWorks

2009-10-01 21:06 . 2009-10-01 21:06 -------- d-----w- c:\arquivos de programas\VS Revo Group

2009-10-01 21:01 . 2009-10-01 21:01 -------- d-----w- c:\arquivos de programas\CCleaner

2009-10-01 20:52 . 2001-03-08 21:30 24064 ------w- c:\windows\system32\msxml3a.dll

2009-10-01 20:50 . 2009-10-01 21:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink

2009-10-01 20:50 . 2009-10-01 20:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-10-01 18:36 . 2009-10-01 18:36 -------- d-----w- c:\arquivos de programas\Motorola

2009-10-01 18:36 . 2009-01-29 07:15 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys

2009-10-01 18:36 . 2008-03-27 07:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2009-10-01 18:14 . 2009-10-01 18:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2009-10-01 16:56 . 2009-10-01 18:36 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-01 16:56 . 2009-10-01 16:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2009-10-01 16:55 . 2009-10-01 16:55 9232 ----a-w- c:\documents and settings\Administrador\mqdmmdfl.sys

2009-10-01 16:55 . 2009-10-01 16:55 92064 ----a-w- c:\documents and settings\Administrador\mqdmmdm.sys

2009-10-01 16:55 . 2009-10-01 16:55 79328 ----a-w- c:\documents and settings\Administrador\mqdmserd.sys

2009-10-01 16:55 . 2009-10-01 16:55 66656 ----a-w- c:\documents and settings\Administrador\mqdmbus.sys

2009-10-01 16:55 . 2009-10-01 16:55 6208 ----a-w- c:\documents and settings\Administrador\mqdmcmnt.sys

2009-09-30 04:13 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-09-30 04:12 . 2009-09-30 04:12 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-09-30 01:48 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-30 01:48 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-30 01:48 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-09-30 01:48 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-09-30 01:48 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-09-30 01:48 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-30 01:48 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-30 01:48 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-30 01:48 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-30 01:20 . 2009-09-30 01:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-09-30 01:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-30 01:20 . 2009-09-30 01:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-30 01:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-30 01:20 . 2009-09-30 01:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-29 22:00 . 2009-02-09 11:25 2193280 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-09-29 22:00 . 2009-02-09 11:25 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-09-29 22:00 . 2009-02-09 11:25 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-09-29 21:40 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-09-29 21:40 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-09-29 21:16 . 2008-02-20 18:03 401720 ----a-w- C:\HiJackThis.exe

2009-09-29 21:05 . 2009-09-29 21:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-29 20:29 . 2009-09-29 20:29 -------- d-----w- c:\arquivos de programas\Xilisoft

2009-09-29 20:08 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll

2009-09-29 20:08 . 2009-09-29 20:08 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-09-29 19:38 . 2009-09-29 19:38 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2009-09-29 19:37 . 2009-09-29 19:37 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2009-09-29 19:27 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-09-29 18:50 . 2009-09-30 17:37 -------- d-----w- c:\windows\ie8updates

2009-09-29 18:49 . 2009-09-29 18:49 -------- dc-h--w- c:\windows\ie8

2009-09-29 18:46 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-09-29 18:46 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-09-29 18:46 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-09-29 18:46 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-09-29 18:46 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-09-29 18:46 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-09-29 18:41 . 2009-10-04 18:43 -------- d-----w- c:\arquivos de programas\Google

2009-09-29 18:41 . 2009-09-30 17:37 -------- d--h--w- c:\windows\$hf_mig$

2009-09-29 18:38 . 2009-10-04 18:59 -------- d-----w- C:\downloads

2009-09-29 18:38 . 2009-09-29 18:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GrabPro

2009-09-29 18:38 . 2009-10-04 19:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-09-29 18:38 . 2009-09-29 18:42 -------- d-----w- c:\arquivos de programas\Orbitdownloader

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-04 17:51 . 2009-10-04 17:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf

2009-10-04 17:51 . 2009-10-04 17:51 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-10-01 21:22 . 2002-01-01 03:05 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-01 21:21 . 2002-01-01 03:05 -------- d-----w- c:\arquivos de programas\CyberLink

2009-10-01 21:10 . 2002-01-01 02:55 -------- d-----w- c:\arquivos de programas\DsNET Corp

2009-10-01 20:55 . 2002-01-01 02:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-01 18:37 . 2009-09-30 14:59 -------- d-----w- c:\arquivos de programas\Motorola Phone Tools

2009-10-01 16:55 . 2009-10-01 16:55 5936 ----a-w- c:\documents and settings\Administrador\mqdmwhnt.sys

2009-10-01 16:55 . 2009-10-01 16:55 4048 ----a-w- c:\documents and settings\Administrador\mqdmcr.sys

2009-10-01 16:55 . 2009-09-30 14:59 25600 ----a-w- c:\documents and settings\Administrador\usbsermptxp.sys

2009-10-01 16:55 . 2009-09-30 14:59 22768 ----a-w- c:\documents and settings\Administrador\usbsermpt.sys

2009-09-30 16:07 . 2009-09-30 15:01 -------- d-----w- c:\arquivos de programas\Avanquest update

2009-09-30 15:52 . 2009-09-30 15:52 -------- d-----w- c:\arquivos de programas\Gpotato

2009-09-30 15:01 . 2009-09-30 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2009-09-30 14:42 . 2009-09-29 20:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-09-30 14:26 . 2008-04-14 12:00 48846 ----a-w- c:\windows\system32\perfc016.dat

2009-09-30 14:26 . 2008-04-14 12:00 344734 ----a-w- c:\windows\system32\perfh016.dat

2009-09-30 01:45 . 2002-01-01 02:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-09-29 20:10 . 2009-09-29 20:10 -------- d-----w- c:\arquivos de programas\Winamp

2009-09-29 20:10 . 2009-09-29 20:10 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-29 11:36 . 2002-01-01 02:53 -------- d-----w- c:\arquivos de programas\Java

2009-08-06 22:24 . 2002-01-01 02:22 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 22:24 . 2002-01-01 02:22 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 22:24 . 2008-10-16 17:09 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 22:24 . 2002-01-01 02:22 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 22:24 . 2002-01-01 02:22 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 22:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 22:23 . 2002-01-01 02:22 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 22:23 . 2002-01-01 02:22 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-26 18:44 . 2009-07-26 18:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-25 08:23 . 2002-01-01 02:53 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-29 39408]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-29 122368]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-04 198160]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-08 1626112]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-20 16384512]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-9-29 1719568]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29/9/2009 22:48 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/9/2009 22:48 20560]

S2 gupdate1ca452281c08384;Google Update Service (gupdate1ca452281c08384);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [4/10/2009 15:43 133104]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-04 18:43]

 

2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-04 18:43]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\c3193lk3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=pt-BR&q=

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\c3193lk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-04 16:06

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-776561741-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,cf,0e,41,c9,05,ac,44,a1,48,d5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,cf,0e,41,c9,05,ac,44,a1,48,d5,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(4040)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Orbitdownloader\orbitnet.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-10-04 16:08 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-10-04 19:08

 

Pré-execução: 8 pasta(s) 236.947.537.920 bytes disponíveis

Pós execução: 12 pasta(s) 237.015.363.584 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

403 --- E O F --- 2009-09-30 17:38

[Sam Spade 2]

Ok, o log está limpo. Para finalizar, vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /u

 

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix, deletar os arquivos e pastas relacionados e apagará pontos da Restauração do sistema que possam estar infectados, criando um ponto limpo.

 

Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

 

Baixe > JavaRa

 

Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search.

 

Se estiver atualizado, receberá um aviso de que tem a última versão. Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas.

 

Leia estes artigos sobre segurança:

 

Proteja seu PC

Cuidados ao navegar na net.

 

Abraço.

[FelipeTW 0]

Muito obrigadu

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.