Camila_PR 0 Denunciar post Postado Outubro 4, 2009 Alguns problemas: - não instala o service pack 3 - mensagem ao iniciar "não é possível abrir o volume direto" - não entra em modo de segurança (a tela fica preta assim que seleciono a opção windows xp - após selecionar modo seguro) - alguns programas tem se comportado de maneira diferente da usual (por exemplo: MSN) - utilizo o panda, o malware, o adware como ferramentas (quase que diariamente) para ficar longe de vírus, por muito tempo funcionou, mas ultimamente... =/ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:45:06, on 4/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ 2.4\program\soffice.exe C:\Arquivos de programas\ 2.4\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\apvxdwin.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\psimreal.exe C:\Documents and Settings\user\Desktop\HIJACKTHIS - NOVA TENTATIVA\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll (disabled by BHODemon) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: 2.4.lnk = C:\Arquivos de programas\ 2.4\program\quickstart.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=& O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- End of file - 9223 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 5, 2009 Boa Noite! Camila_PR <@> Baixe: < > ( sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível: <@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download. <!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Para finalizar remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 5, 2009 Boa dia Digram... segue os relatórios ComboFix 09-10-04.01 - user 05/10/2009 6:18.8.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1320 [GMT -3:00] Executando de: c:\documents and settings\user\Desktop\ComboFix.exe AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A} FW: Panda Personal Firewall 2009 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\1230ad.msp c:\windows\Installer\343ff.msp c:\windows\Installer\34405.msp c:\windows\system32\msvcsv60.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))) . 2009-10-04 07:53 . 2009-10-04 12:12 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\AVI ReComp 2009-10-04 07:53 . 2009-10-04 07:53 -------- d-----w- c:\arquivos de programas\Gabest 2009-10-04 07:53 . 2009-10-04 07:53 -------- d-----w- c:\arquivos de programas\Xvid 2009-10-04 07:52 . 2009-10-04 07:53 -------- d-----w- c:\arquivos de programas\AviSynth 2.5 2009-10-04 07:52 . 2009-10-04 07:53 -------- d-----w- c:\arquivos de programas\AVI ReComp 2009-10-04 03:41 . 2009-10-04 03:42 -------- d-----w- C:\LinhaDefensiva 2009-10-01 15:42 . 2009-10-01 18:54 -------- d-----w- c:\documents and settings\user\DoctorWeb 2009-09-18 19:09 . 2009-09-18 19:09 -------- d-----w- c:\arquivos de programas\DIFX 2009-09-18 19:09 . 2008-03-20 18:39 21672 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-09-18 19:09 . 2008-03-20 18:39 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-09-18 19:09 . 2006-11-02 13:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2009-09-09 06:53 . 2009-09-09 06:53 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Scan2PDF 2009-09-08 20:54 . 2009-09-27 00:37 -------- d-----w- c:\arquivos de programas\SimpleOCR 2009-09-07 11:55 . 2009-09-07 11:55 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-07 11:55 . 2009-09-07 11:55 -------- d-----w- c:\arquivos de programas\MSBuild 2009-09-07 11:55 . 2009-09-07 11:55 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-09-07 11:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-09-07 11:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-09-07 11:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-09-07 11:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-09-07 11:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-09-07 11:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-09-07 11:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-09-07 11:22 . 2009-02-09 11:25 2193280 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-09-07 11:22 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-09-07 11:22 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-09-07 11:22 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-09-07 11:22 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-09-07 11:22 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-09-07 11:22 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-09-07 11:22 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-09-07 11:19 . 2008-09-04 17:16 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-09-07 11:19 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-05 09:02 . 2008-11-21 19:06 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\BrOffice.org2 2009-10-05 09:02 . 2009-08-18 17:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck 2009-10-05 09:02 . 2009-08-18 17:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG 2009-10-04 11:12 . 2009-08-18 17:54 279548 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck 2009-10-04 11:12 . 2009-08-18 17:54 279548 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2009-10-04 09:47 . 2009-04-27 20:30 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Winamp 2009-10-02 12:37 . 2009-09-03 14:03 16 ----a-w- c:\windows\msocreg32.dat 2009-10-01 21:17 . 2008-08-31 17:42 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-09-30 06:45 . 2009-07-14 22:31 -------- d-----w- c:\arquivos de programas\Microsoft 2009-09-28 19:08 . 2008-01-08 00:30 -------- d-----w- c:\arquivos de programas\URUSoft 2009-09-28 19:05 . 2009-03-05 02:34 -------- d-----w- c:\arquivos de programas\Creative 2009-09-28 18:59 . 2007-12-01 20:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-09-24 04:45 . 2008-01-29 00:06 -------- d-----w- c:\arquivos de programas\Samplitude_V8_professional 2009-09-24 04:09 . 2009-05-15 17:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-09-21 18:08 . 2009-05-15 18:05 15688 -c--a-w- c:\windows\system32\lsdelete.exe 2009-09-18 19:12 . 2009-09-18 19:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2009-09-18 19:12 . 2009-09-18 19:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-09-14 15:34 . 2007-12-01 18:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-09-10 17:54 . 2009-05-15 17:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 17:53 . 2009-05-15 17:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-07 20:39 . 2001-10-28 12:07 84280 -c--a-w- c:\windows\system32\perfc016.dat 2009-09-07 20:39 . 2001-10-28 12:07 480842 -c--a-w- c:\windows\system32\perfh016.dat 2009-09-07 09:35 . 2009-05-15 17:51 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-09-04 16:53 . 2009-09-03 16:47 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Publish Providers 2009-09-03 17:07 . 2007-11-30 13:36 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-09-03 17:07 . 2009-09-03 17:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DigiDesign 2009-09-03 17:07 . 2009-09-03 17:07 -------- d-----w- c:\arquivos de programas\Steinberg 2009-09-03 17:07 . 2009-09-03 17:07 -------- d-----w- c:\arquivos de programas\IK Multimedia 2009-09-03 16:40 . 2009-09-03 16:40 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Sony 2009-09-03 16:39 . 2009-09-03 16:38 -------- d-----w- c:\arquivos de programas\Sony 2009-09-03 16:39 . 2009-09-03 16:39 -------- d-----w- c:\arquivos de programas\Vstplugins 2009-09-03 16:22 . 2009-09-03 16:22 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Sony Setup 2009-09-03 16:22 . 2009-09-03 16:22 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-09-03 14:02 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2009-09-03 14:02 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Apple Software Update 2009-09-03 14:02 . 2009-09-03 14:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-09-03 03:53 . 2008-09-02 04:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ZoomBrowser 2009-09-03 03:53 . 2007-12-06 08:26 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\ZoomBrowser EX 2009-08-27 03:59 . 2009-08-27 03:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR 2009-08-19 17:20 . 2009-08-18 17:33 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2009-08-19 05:32 . 2008-01-28 01:05 -------- d-----w- c:\arquivos de programas\Google 2009-08-18 17:32 . 2009-08-18 17:32 265 ----a-w- c:\windows\system32\PavCPL.dat 2009-08-18 17:32 . 2009-08-18 17:32 -------- d-----w- c:\documents and settings\user\Dados de aplicativos\Panda Security 2009-08-18 17:32 . 2009-08-18 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Panda Security 2009-08-18 17:32 . 2007-11-30 18:17 -------- d-----w- c:\arquivos de programas\Panda Security 2009-08-18 17:30 . 2009-08-18 17:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Panda Security 2009-08-05 09:00 . 2004-08-04 00:45 205312 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-29 04:36 . 2004-08-04 00:45 119808 -c--a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:36 . 2001-10-28 12:06 81920 -c--a-w- c:\windows\system32\fontsub.dll 2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-23 12:36 . 2009-07-23 12:36 1204 -c--a-w- c:\windows\mozver.dat 2009-07-23 12:24 . 2009-07-23 12:24 0 -c--a-w- c:\windows\nsreg.dat 2009-07-17 19:03 . 2004-08-04 00:45 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 02:43 . 2004-08-04 00:45 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-04-22 05:01 . 2009-04-22 05:03 3690165 -c--a-w- c:\arquivos de programas\vSsetup.exe 2009-04-22 05:01 . 2009-04-22 05:03 659480 -c--a-w- c:\arquivos de programas\vPsetup.exe 2009-02-26 16:24 . 2009-02-26 16:24 5383400 -c--a-w- c:\arquivos de programas\setup_amr.exe 2008-01-28 01:04 . 2008-01-28 01:04 13413048 -c--a-w- c:\arquivos de programas\Google_Earth_BZXD.exe 2008-01-19 23:21 . 2008-01-19 23:21 2733928 -c--a-w- c:\arquivos de programas\ccsetup204.exe 2008-01-08 00:29 . 2008-01-08 00:29 1087682 -c--a-w- c:\arquivos de programas\ 2008-01-08 00:13 . 2008-01-08 00:13 7045601 -c--a-w- c:\arquivos de programas\XPCodecPack-2.3.4.exe 2008-01-07 21:21 . 2008-01-07 21:21 5968817 -c--a-w- c:\arquivos de programas\realalt175.exe 2007-12-21 18:07 . 2007-12-21 18:07 2555859 -c--a-w- c:\arquivos de programas\x-ogg-mp3-converter.exe 2007-12-21 18:03 . 2007-12-21 18:03 6222894 -c--a-w- c:\arquivos de programas\ogg-to-mp3.exe 2007-12-21 17:37 . 2007-12-21 17:37 2399716 -c--a-w- c:\arquivos de programas\agsetup183se.exe 2004-10-01 18:00 . 2008-08-21 17:08 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208] "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2009-04-10 37888] "Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "APVXDWIN"="c:\arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2009-07-15 881920] "SCANINICIO"="c:\arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432] "AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\user\Menu Iniciar\Programas\Inicializar\ 2.4.lnk - c:\arquivos de programas\ 2.4\program\quickstart.exe [2008-1-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 19:58 58672 ----a-w- c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Download 2009\\utorrent.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/5/2009 14:55 64160] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/8/2009 14:31 28544] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [18/8/2009 14:54 73728] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [18/8/2009 14:54 52992] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [18/8/2009 14:54 22072] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [18/8/2009 14:54 193792] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [18/8/2009 14:54 158848] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [18/8/2009 14:30 41144] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [18/8/2009 14:54 46720] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [9/3/2009 16:06 1028432] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [18/8/2009 14:30 179640] R2 PskSvcRetail;Panda PSK service;c:\arquivos de programas\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [18/8/2009 14:32 28928] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [18/8/2009 14:32 197888] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/8/2009 02:32 133104] S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [20/12/2005 10:57 27008] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [21/12/2007 15:03 16512] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [18/8/2009 14:33 13880] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [5/3/2009 12:44 96256] S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [19/1/2009 11:23 23152] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/9/2009 16:09 13352] S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [26/2/2009 13:47 16952] S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\DRIVERS\w600bus.sys --> c:\windows\system32\DRIVERS\w600bus.sys [?] S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w600mdfl.sys --> c:\windows\system32\DRIVERS\w600mdfl.sys [?] S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\w600mdm.sys --> c:\windows\system32\DRIVERS\w600mdm.sys [?] S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\w600mgmt.sys --> c:\windows\system32\DRIVERS\w600mgmt.sys [?] S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w600obex.sys --> c:\windows\system32\DRIVERS\w600obex.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc panda REG_MULTI_SZ Gwmsrv . Conteúdo da pasta 'Tarefas Agendadas' 2009-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:59] 2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-08-19 05:32] 2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-08-19 05:32] 2009-10-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2009-10-05 c:\windows\Tasks\User_Feed_Synchronization-{6BE65682-8AFA-4FEC-AB13-BB287BB09C0A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 20:36] . . ------- Scan Suplementar ------- . uStart Page = hxxp:// uInternet Settings,ProxyOverride = *.local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone:\internetbanking . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, Rootkit scan 2009-10-05 06:23 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\avldr.dll . Tempo para conclusão: 2009-10-05 6:24 ComboFix-quarantined-files.txt 2009-10-05 09:24 Pré-execução: 8.747.638.784 bytes disponíveis Pós execução: 9.101.516.800 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 273 --- E O F --- 2009-10-04 03:40 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:30:39, on 5/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\ 2.4\program\soffice.exe C:\Arquivos de programas\ 2.4\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\psimreal.exe C:\Documents and Settings\user\Desktop\HIJACKTHIS - NOVA TENTATIVA\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll (disabled by BHODemon) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: 2.4.lnk = C:\Arquivos de programas\ 2.4\program\quickstart.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=& O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- End of file - 9131 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 5, 2009 Bom Dia! Camila_PR <@> Baixe: < SafeBootKeyRepair > <@> Salve-a,diretamente,no Disco-local ©. <@> Execute-a!E,ao terminar,gerará um relatório: C:\SafeBoot_Repair.txt <-- Não poste! <@> Verifique se já pode entrar,em Modo de Segurança! <><><><><><><><><><> <@> Baixe: < AVPTool > <@> Salve-o em Arquivos de Programas,e instale-o aí mesmo! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Dê início ao exame,clicando em "Scan". <@> A verificação é muito demorada. <-- Aguarde! <@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada. <@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip. <@> Evite,para esses casos,a opção "Delete". <@> Terminando,clique na aba Events. <@> Desmarque a caixa de seleção "Show all events". <@> Clique em "Save to file". <@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem! <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 5, 2009 Oi Digram... Não consegu ientrar em modo seguro. A tela com a opção modo seguro aparece... porém quando escolho a opção modo seguro.. depois windows xp.. a tela fica preta com o cursor piscando =/ Camila Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 5, 2009 Em 05/10/2009 at 11:39, Camila_PR disse: Oi Digram... Não consegu ientrar em modo seguro. A tela com a opção modo seguro aparece... porém quando escolho a opção modo seguro.. depois windows xp.. a tela fica preta com o cursor piscando =/ Camila <><><><><><><><><><> Opa! Camila_PR <!> ( 1° ) - Esse "Opa!",para esclarecimento geral,está homenageando José Garcia. <!> ( 2° ) - Voçê utilizou a ferramenta "SafeBootKeyRepair"? <><><><><><><><><><> <@> Baixe: < BootSafe > <@> Para baixar,clique em: < Download Link 1 > <-- Mirror! <@> Salve-o no desktop! <@> Execute o utilitário e marque: Safe Mode - Directory Services Repair <@> Clique em Reboot. --> Aguarde! <@> Siga as orientações,que estão na tela preta,para estar em Modo de Segurança. <><><><><><><><><><> <!> Ps: Caso não tenha êxito,execute o AVPTool em Modo Normal. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 6, 2009 Olá DigRam... Quando pediu que eu fizesse o procedimento SafeBootKeyRepair e não obtive êxito parti para as orientações do Modo de Segurança (link) na sua primeira resposta para meu Log... aí usei o modo MS CONFIG e ele entrou. Ao entrar o PC começou a vereficação dos arquivos em c: (algo que ele não fazia em modo normal - dava aquela tela de erro), ele fez todas as 5 etapas e demorou bastante... porém entrou em modo de segurança. Em seguida passei o AVPToll a primeira vez rodou rapidinho e estranhei já que comentou que iria demorar... salvei como scan 1 Na segunda vez selecionei as opções que não estavam selecionadas na primeira... aí demorou... quase 17 horas... scan 2 Posto agora os dois relatórios... porém o scan 2 está enorme... aí vou me ater ao que foi detectado (1 vírus só) caso queria ele completo me diga na sua próxima resposta que posto SCAN 1 Scan ---- Scanned: 2128 Detected: 0 Untreated: 0 Start time: 5/10/2009 12:18:37 Duration: 00:07:49 Finish time: 5/10/2009 12:26:26 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 2128 0 0 0 0 6 185 0 0 System memory 1121 0 0 0 0 1 0 0 0 Startup objects 1002 0 0 0 0 5 185 0 0 Disk boot sectors 5 0 0 0 0 0 0 0 0 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- SCAN 2 Scan ---- Scanned: 1393622 Detected: 1 Untreated: 0 Start time: 5/10/2009 12:27:48 Duration: 16:29:12 Finish time: 6/10/2009 04:57:00 Detected -------- Status Object ------ ------ deleted: Trojan program Trojan.Win32.Genome.pfu File: E:\AFTER EFFECTS\Trapcode_Plugins_for_After_Effects_(Complete_Set).rar/Trapcode Plugins for After Effects (Complete Set)\AE7TC-plugins\Trapcode.Multikeygen.v1.3.exe >> ESSE ARQUIVO É BEM RECENTE, BAIXEI BEEEM DEPOIS DOS PROBLEMAS COMEÇAREM Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 1393622 1 1 0 0 16118 4755 4390 2 Meus documentos 0 0 0 0 0 0 0 0 0 Mail databases 0 0 0 0 0 0 0 0 0 Meu computador 697873 1 1 0 0 8062 2470 2195 1 Disquete de 3.5 (A:) 0 0 0 0 0 0 0 0 0 Sistema (C:) 506614 0 0 0 0 5222 2081 822 1 Unidade de CD (D:) 0 0 0 0 0 0 0 0 0 HD POWER (E:) 171332 0 0 0 0 496 186 176 0 Arquivo (F:) 17803 0 0 0 0 2338 18 1197 0 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:24:57, on 6/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\ 2.4\program\soffice.exe C:\Arquivos de programas\ 2.4\program\soffice.BIN C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe C:\Documents and Settings\user\Desktop\HIJACKTHIS - NOVA TENTATIVA\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll (disabled by BHODemon) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: 2.4.lnk = C:\Arquivos de programas\ 2.4\program\quickstart.exe O4 - Startup: is-AS77N.lnk = C:\Arquivos de programas\Virus Removal Tool\is-AS77N\startup.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=& O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- End of file - 9140 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 6, 2009 Bom Dia! Camila_PR <!> Se foram detectadas infecções,execute o AVPTool para a cura ou remoção. <!> Para escaneamentos direcionados,marque somente os diretórios aonde foram encontradas infecções. <><><><><><><><><><> <@> Vá até a pasta "Virus Removal Tool". <-- Localize-a! <@> Clique no ícone "Kaspersky",cujo nome é Start. <@> Feche a pasta Virus Removal Tool. <@> Localize e clique em "Statistics". <@> Com a caixa "Show neutralized objetcs" estando selecionada/marcada,clique no botão "Neutralize all". <@> Ps: Ignore seus efeitos e clique na caixa "Aplly to all". <@> À seguir,clique em "Disinfect",caso esteja habilitada. <@> Ps: Caso a janela de alerta abra novamente,repita o procedimento. <@> Ps: Se a opção "Disinfect" estiver desabilitada,procure desinstalar a ferramenta indo ao arquivo "unins000.exe",que encontra-se na pasta Virus RemovalTool. <@> Baixe-a novamente,e repita o scan,seguindo instruções anteriores. <@> Ps: O computador poderá ser reiniciado,para completar sua desinstalação ou remoção de algum malware. <@> Habilitada a desinfecção,aguarde a finalização do processo. <@> Clique no botão "Reports" --> Clique em "Save to file". <@> Nomeie esse relatório,e poste-o na sua resposta. <@> Saia da ferramenta,clicando no "X" da janela. --> Clique em "Yes",nas solicitações! <@> Ps: Ignore o pedido da senha,caso surja,clicando em "Skip". Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 6, 2009 Bom dia DigRam... A opção Neutralize all não fica disponível (assim que clico em "Statistics"). =/ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 6, 2009 Em 06/10/2009 at 15:20, Camila_PR disse: Bom dia DigRam... A opção Neutralize all não fica disponível (assim que clico em "Statistics"). =/ <><><><><><><><><> Opa! Camila_PR <!> Siga por estas orientações,aonde serão maiores as chances de sucesso. <><><><><><><><><> <@> Na janela "Kaspersky Virus Removal Tool",marque apenas: Disco local (C) + Documents and Settings. <@> Clique em "Scan" --> Aguarde! <@> Após iniciar a varredura,clique em "Stop" --> Clique em "Settings" --> "Change settings". <@> Abrir-se-á a janela: "Settings;Kaspersky Virus Removal Tool" <@> Em "Action",marque: "Do not prompt for action" <@> Desmarque a caixa: "Delete if disinfection fails" <@> Marque a caixa: "Compatibility with other self-protecting software" <@> Clique em "Apply" --> OK. <@> Dê prosseguimento ao scan,clicando em "Start". <@> Concluindo,poste seu relatório. <-- Compacte-o e Hospede-o,indicando-nos o endereço! <@> Ps: Em Parameter,podemos observar que "Action" está configurado para desinfectar. <@> Ps: Deixe,em "Events",marcada a caixa "Show all events". <@> Ps: Clicando em "Statistics",será observado em tempo real,as ações da ferramenta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 7, 2009 Boa tarde DigRam... mandei uma mensagem pra você... =D °°°°°°°°°°°°°°°°°°°°°°° Scan ---- Scanned: 511245 Detected: 0 Untreated: 0 Start time: 6/10/2009 14:55:10 Duration: 01:34:14 Finish time: 6/10/2009 16:29:24 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\03-09-09 FEJACAN MIRIAM.wav ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\4.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\bibliografia1408.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\cc_20080128_0025.reg ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\cc_20090225_100707.reg ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\configuração.doc archive Embedded 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\configuração.doc//1Table ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\configuração.doc ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\desktop.ini ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\exercciosdegramtica1408.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\Minhas Pastas de Compartilhamento.lnk ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\MK.mdb ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\Paraguay.doc archive Embedded 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\Paraguay.doc//1Table ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\Paraguay.doc ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\PDVD_MediaDisc.PlayList ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\planejamento1408.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\redaodiscursiva1408.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\REQUERIMENTO 01.doc archive Embedded 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\REQUERIMENTO 01.doc//1Table ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\REQUERIMENTO 01.doc ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\REQUERIMENTO 02.doc archive Embedded 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\REQUERIMENTO 02.doc//1Table ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\REQUERIMENTO 02.doc ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\spider.sav ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\TJPR_tecnicojud.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\VEJA PÁGINAS 7 E 8.pdf ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe archive Inno 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//script ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file001 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file002 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file003 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file004 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file005 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file006 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file007 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file008 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file009 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file010 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file011 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file012 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file013 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file014 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file015 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file016 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file017 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file018 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file019 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file020 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file021 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file022 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file023 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file024 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file025 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file026 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file027 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file028 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file029 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file030 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file031 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file032 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file033 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file034 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file035 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file036 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file037 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file038 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file039 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file040 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file041 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file042 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file043 ok scanned 6/10/2009 14:55:16 File: C:\Documents and Settings\user\Meus documentos\vPsetup.exe//file044 ok scanned ----------------------- ----------------------- °°°°°°°°°°°°°°°°°°°°°°° Quanto ao arquivo que apareceu com vírus... do after effects.. deletei a pasta toda... lembrando que o aplicativo nem tinha sido instalado ainda... Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 7, 2009 Boa Tarde! Camila_PR Citar Boa tarde DigRam... mandei uma mensagem pra você... <!> Sim! enviar-me o relatório,estabeleceu para mim,uma conta no GMail. Obrigado! <><><><><><><><><> <!> Como está o computador? Pois o relatório do AVPTool está limpo. <><><><><><><><><> <@> Baixe: < > ( OldTimer Tools ) <@> Salve-o no desktop e,execute-o aí mesmo! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :Processes explorer.exe :Services Bonjour Service :Files C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Bonjour :Reg :Commands [purity] [emptytemp] [start explorer] [Reboot] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta. <@> Ps: Área abaixo de "Paste Instructions for Items to be Moved". <@> Clique em MoveIt. <@> Na solicitação de reboot,confirme! --> Aguarde! <@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles <@> Copie e poste,seu relatório mais recente: C:\_OTM\MovedFiles\xxxx2009_xxxxxx.log <-- <@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução. <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 7, 2009 Olá DigRam... então.. Coisas boas: - Ele voltou a entrar em modo seguro... \0/ (muito obrigada, foram meses atrás desse erro) - Os programas estão ótimos, não travam, funcionam direitinho (tirando aquela mensagem de "está cópia ***** não é original" que insiste em aparecer) Coisas não tão boas: - Depois que sntrei pelo MSCONFIG (para entrar em modo seguro, qdo n entrava)começou a aparecer (bem rapidinho) um tela preta... toda vez que inicio o PC... na tela aparece as opções windows xp e o console de recuperação... se não me engano tá?! Pq é muito rápido mesmo... em seguida entra normal. (mas essa tela não aparecia antes) - Não consigo agendar para corrigir os erros do diretório C, até consigo agendar, mas quando reinicio a máquina dá erro "não é possível abrir o volume para acesso direto".. só funciona se eu entrar em modo de segurança (pelo msconfig... e demora duas horas aproximadamente pra rodar)... - Não consigo fazer a atualização Service Pack 3 All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== SERVICES/DRIVERS ========== Service\Driver Bonjour Service deleted successfully. ========== FILES ========== C:\Arquivos de programas\Bonjour\mDNSResponder.exe moved successfully. C:\Arquivos de programas\Bonjour moved successfully. ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrador ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 85683 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32969 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: user ->Temp folder emptied: 79135090 bytes File delete failed. C:\Documents and Settings\user\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 82938945 bytes ->FireFox cache emptied: 3574864 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134162 bytes %systemroot%\System32 .tmp files removed: 2969 bytes File delete failed. C:\WINDOWS\temp\8dcad92d870837e6cd47bd88c2e66a77PSK_PLUGINS_0 scheduled to be deleted on reboot. Windows Temp folder emptied: 10643377 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 170,31 mb OTM by OldTimer - Version log created on 10072009_161745 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:26:56, on 7/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Winamp\winampa.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\ 2.4\program\soffice.exe C:\Arquivos de programas\ 2.4\program\soffice.BIN C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\user\Desktop\HIJACKTHIS - NOVA TENTATIVA\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll (disabled by BHODemon) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: 2.4.lnk = C:\Arquivos de programas\ 2.4\program\quickstart.exe O4 - Startup: is-AS77N.lnk = C:\Arquivos de programas\Virus Removal Tool\is-AS77N\startup.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=& O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- End of file - 9693 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 7, 2009 Boa Noite! Camila_PR Citar Olá DigRam... então..Acho que o pc tá de brincadeira viu... ele ainda não entra em modo seguro... só pelo msconfig. E depois que entrei pelo msconfig começou a aparecer (bem rapidinho) um tela preta... toda vez que inicio o PC... na tela aparece as opções windows xp e o console de recuperação... se não me engano tá?! Pq é muito rápido mesmo... em seguida entra normal. (mas essa tela não aparecia antes) <!> Vá até a pasta: c:\windows\tasks <-- <!> Abra-a e remova qualquer agendamento,relacionado ao safeboot. Citar Os programas estão ótimos, tudo rodando bonitinho... mas ainda não consigo agendar para corrigir os erros, até consigo agendar, mas quando reinicio a máquina dá erro "não é possível abrir o volume para acesso direto".. só funciona se eu entrar em modo de segurança (pelo msconfig... e demora duas horas aproximadamente pra rodar)... <!> Não executa scandisk ao volume? Citar A atualização Service Pack 3.. também não consigo fazer... =/Será que preciso formatar a máquina?? <!> Devido a gama de problemas,e se houver disponibilidade,a formatação é uma boa opção. <!> Já tentou a instalação do pacote,SP3,estando o antivírus desabilitado? <><><><><><><><><><><> <@> Abra a pasta Virus Removal Tool,que encontra-se no desktop. <@> Duplo-clique sobre o arquivo: unins000.exe <-- <@> Clique em OK duas vezes. <@> O computador será reiniciado. <><><><><><><><><><><> <@> Baixe: < > <@> Descompacte-o para o desktop! <@> Duplo clique em SafeBootRestore.reg. <@> Confirme a inserção ao registro --> Reinicie! <><><><><><><><><><><> <@> Baixe: < Dial-a-fix > <@> Tire-o do zip! <@> Marque as caixinhas: < > "Fix Windows Update" ou "Fix Windows Installer" --> Clique em "GO". <@> Aguarde a barra de status exibir: "READY" <@> Clique: "Flush SoftwareDistribution" --> Não. <@> As atualizações Microsoft,deverão ser novamente instaladas...iniciando-se pelo SP3. <@> Baixe e instale: < SP3 > <><><><><><><><><><><> <@> Caso os procedimentos não resolvam seus problemas,pode formatar o computador. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 7, 2009 Acho que o modo de segurança foi um "alarme falso" pq realmente consegui entrar, primeiro entrei em modo de segurança em rede, ok.. aí voltei e tentei em modo de segurança normal... aí entrou... fiquei feliz e escrevi o post acima... aí aproveitei para tentar corrigir erros do diretório c: e quando reiniciei a máquina, nada de corrigir os erros... voltei e tentei entrar em modo seguro... aí não consegui mais... só o modo de segurança em rede... =/ Boa noite.. Dig... Quando fiz o seguinte procedimento Baixe: < > Obtive o seguinte erro: Editor do Registro Não é possível importar c:documents and settings user desktop safebootrestore.reg: o arquivo específicado não é um script do registro Qto a formatar, nunca formatei um PC.. tenho medo acho! Quando fiz o ultimo procedimento com o dial fix Depois de >>> Clique: "Flush SoftwareDistribution" --> Não. Uma aba azul ficou rodando no canto inferior direito nos dizeres "stopping CRYTSVC" aí tive que fechar o programa manualmente... Antes de instalar as atualizações.. elas são realmente necessárias? Pq comecei fiquei um tempão sem elas, e me parece (só parece) que depois que resolvi instalar as benditas, alguns problemas começaram a surgir... Qual sua opinão sobre as atualizações?? <><><><><><><><><><> RESPONDENDO: <!> Como seu SO não é original,voçê pode ficar apenas com as atualizações fundamentais. Feito! =D Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 7, 2009 Em 07/10/2009 at 21:42, Camila_PR disse: Feito! =D <><><><><><><><><><> Boa Noite! Camila_PR <!> Abra o OTM --> Clique em < > Aguarde! --> Yes. <><><><><><><><><><> <@> Execute,novamente,a ferramenta SafeBootKeyRepair. <@> Informe a situação em que encontra-se a máquina. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 7, 2009 Na pasta Tasks aparecem os seguintes itens: ad-aware update apple software update google update taskmachine core google update taskmachine usa user_feed_synchronization.... Qual desses devo deletar? Pq o pc continua dando a mensagem "não é possível abrir o volume para acesso direto" Abaixo segue Log do SafetyBootKeyRepair Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sdauxservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sdcoreservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" ======================== HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Lavasoft Ad-Aware Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PskSvcRetail HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:47:37, on 7/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe C:\ARQUIVOS DE PROGRAMAS\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\ 2.4\program\soffice.exe C:\Arquivos de programas\ 2.4\program\soffice.BIN C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe C:\Documents and Settings\user\Desktop\HIJACKTHIS - NOVA TENTATIVA\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll (disabled by BHODemon) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: 2.4.lnk = C:\Arquivos de programas\ 2.4\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=& O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- End of file - 9624 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 8, 2009 Bom Dia! Camila_PR Citar Na pasta Tasks aparecem os seguintes itens:ad-aware update apple software update google update taskmachine core google update taskmachine usa user_feed_synchronization.... Qual desses devo deletar? <!> Não vejo agendamentos problemáticos,no seu caso. Citar Pq o pc continua dando a mensagem "não é possível abrir o volume para acesso direto" <!> Esse é um problema complexo e não associado à vírus. <!> Em pesquisas,os relatos apontam para programas de proteção como os causadores do bug. <!> Tente,como solução,desinstalar completamente a suite Panda Antivirus Pro 2009 + Firewall. <!> Limpe o computador com o CCleaner,incluindo a correção de erros. <!> Instale o SP3 e teste a funcionalidade do scandisk,digitando no prompt: chkdsk /f ou chkdsk /r. <!> Aperte Enter,para que tenhas,no próximo boot,a operação scandisk. <!> Caso tenha êxito,descarte a suite Panda e instale o Avira. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Camila_PR 0 Denunciar post Postado Outubro 9, 2009 Boa noite DigRam... Fiz os procedimentos citados no post acima... Parece que o Panda foi o vilão da história mesmo... fiquei triste com isso... pq comprei o antivirus e tals... foi frustrante... Qto a atualização não tive coragem de fazer.. ignorei sabe?! Vou acompanhar o desempenho da máquina e espero não ter novidades tão cedo... Obrigada por tudo... sério mesmo!! Camila Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 9, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites