danmex 0 Denunciar post Postado Novembro 9, 2009 Boa tarde! meu pc está muito lento.. tanto a internet como o computador em geral eh agora ele está reiniciando sozinho, nao sei o motivo :( obs: notei que ele ficou lento quando coloquei um acelerador de video e download DAP. espero que vo6 possam me ajudar igual da ultima vez (agradeço ao Sr.DigRam, que resolvou meu problema) [OFF] por favor algum moderador, pode apagar este topico aqui ( http://forum.imasters.com.br/index.php?/topic/368301-nao-consigo-instalar-antivirus/page__s__7cc14adbfb0538f20d5e20b3492eb039 ) dei meu login pro meu primo pra ele mas ele nem se interessou ) podem excluir aqui vai o log do HijackThis do meu PC Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:17:14, on 9/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Arquivos de programas\NitroPC\NitroPC.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154 O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe -- End of file - 10414 bytes Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 13, 2009 Boa Noite! danmex <!> Desinstale os softwares,que causaram seus problemas. <><><><><><><><><><><> <@> Baixe: < > ( ...by sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <!> Link-4 --> < como usar o combofix > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível:<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 13, 2009 Boa noite DigRAm aqui vai os relatorios que você pediu! ComboFix 09-11-13.06 - and 13/11/2009 21:38.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.664 [GMT -2:00] Executando de: c:\documents and settings\and\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\and\CONFIG~1\Temp\E_N4 c:\docume~1\and\CONFIG~1\Temp\E_N4\cnvpe.fne c:\docume~1\and\CONFIG~1\Temp\E_N4\dp1.fne c:\docume~1\and\CONFIG~1\Temp\E_N4\eAPI.fne c:\docume~1\and\CONFIG~1\Temp\E_N4\HtmlView.fne c:\docume~1\and\CONFIG~1\Temp\E_N4\krnln.fnr c:\docume~1\and\CONFIG~1\Temp\E_N4\spec.fne . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))) . 2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\teamspeak2 2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2 2009-11-12 04:54 . 2009-11-12 04:54 -------- d-----w- c:\arquivos de programas\Microsoft 2009-11-12 04:54 . 2009-11-12 04:54 -------- d-----w- c:\arquivos de programas\Windows Live 2009-11-12 04:46 . 2009-11-12 04:46 15240 ----a-w- c:\documents and settings\and\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll 2009-11-11 16:45 . 2009-11-11 16:45 -------- d-----w- c:\arquivos de programas\Robster Productions 2009-11-10 15:48 . 2009-11-10 15:48 -------- d-----w- c:\windows\system32\msmq 2009-11-10 15:48 . 2009-11-10 15:48 -------- d-----w- C:\Inetpub 2009-11-09 18:15 . 2009-11-09 18:15 401720 ----a-w- C:\HiJackThis.exe 2009-11-06 04:33 . 2009-11-10 15:53 -------- d-----w- c:\arquivos de programas\DreaMule 2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\documents and settings\and\Configuraes locais 2009-11-03 17:13 . 2009-11-03 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems 2009-11-03 16:59 . 2009-11-03 16:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared 2009-10-26 16:06 . 2009-10-26 16:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-10-26 16:06 . 2009-10-26 16:06 -------- d-----w- c:\arquivos de programas\TP-LINK 2009-10-26 16:05 . 2008-10-21 13:16 465152 ----a-w- c:\windows\system32\drivers\rt73.sys 2009-10-26 16:05 . 2009-10-26 16:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver 2009-10-26 16:05 . 2008-10-21 13:16 465152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\rt73.sys 2009-10-26 16:05 . 2008-07-10 21:34 528384 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\RaInst.exe 2009-10-26 16:05 . 2007-05-17 13:17 192512 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\CoInstaller.dll 2009-10-26 16:05 . 2006-11-02 09:21 319456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\difxapi.dll 2009-10-26 16:05 . 2006-11-02 02:33 77312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\devcon.exe 2009-10-21 06:03 . 2009-10-21 06:03 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Octoshape 2009-10-16 06:19 . 2009-10-16 06:19 -------- d-----w- c:\windows\PaltalkScene . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-13 23:46 . 2009-09-18 21:30 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Skype 2009-11-13 23:28 . 2009-09-18 21:32 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\skypePM 2009-11-13 23:26 . 2009-10-08 22:35 -------- d-----w- c:\arquivos de programas\DAP 2009-11-13 23:26 . 2009-10-08 22:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2009-11-13 23:26 . 2009-10-08 22:35 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-13 23:25 . 2009-09-15 03:06 -------- d-----w- c:\arquivos de programas\Steam 2009-11-13 01:58 . 2009-09-29 04:58 -------- d-----w- c:\arquivos de programas\sXe Injected 2009-11-13 01:53 . 2009-09-15 02:59 -------- d-----w- c:\arquivos de programas\Valve 2009-11-10 15:50 . 2009-09-18 21:29 -------- d-----w- c:\arquivos de programas\Google 2009-11-03 17:02 . 2009-10-05 10:00 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-10-26 16:07 . 2008-04-14 07:00 48628 ----a-w- c:\windows\system32\perfc016.dat 2009-10-26 16:07 . 2008-04-14 07:00 344380 ----a-w- c:\windows\system32\perfh016.dat 2009-10-26 16:05 . 2009-09-15 02:24 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-10-16 21:18 . 2009-10-13 22:12 -------- d-----w- c:\arquivos de programas\NitroPC 2009-10-09 05:44 . 2009-10-09 05:44 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Broad Intelligence 2009-10-09 05:42 . 2009-10-09 05:42 -------- d-----w- c:\arquivos de programas\MediaCoder 2009-10-08 15:57 . 2009-10-08 15:57 -------- d-----w- c:\arquivos de programas\MSECache 2009-10-01 09:42 . 2009-10-01 09:41 -------- d-----w- c:\arquivos de programas\Java 2009-10-01 09:41 . 2009-10-01 09:41 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-01 09:40 . 2009-10-01 09:40 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll 2009-09-25 02:06 . 2009-09-21 01:33 2218400 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-25 02:06 . 2009-09-21 01:33 189122592 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-24 22:50 . 2009-09-24 22:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-09-24 22:50 . 2009-09-24 22:50 -------- d-----w- c:\arquivos de programas\Avira 2009-09-20 20:48 . 2009-09-15 03:50 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2009-09-20 16:44 . 2009-09-20 16:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-09-20 15:37 . 2009-07-14 18:10 1519616 ----a-w- c:\windows\system32\nwiz.exe 2009-09-20 15:37 . 2009-09-15 02:24 46592 ----a-w- c:\windows\SOUNDMAN.EXE 2009-09-18 22:06 . 2009-09-18 22:06 0 ----a-w- c:\windows\nsreg.dat 2009-09-18 21:32 . 2009-09-18 21:32 32 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat 2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\arquivos de programas\Skype 2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2009-09-18 15:41 . 2009-09-18 15:41 28242 ----a-w- c:\windows\system32\regsvc.dll.zip 2009-09-17 20:16 . 2009-09-17 20:16 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Malwarebytes 2009-09-17 20:16 . 2009-09-17 20:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-09-17 01:07 . 2009-09-15 04:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2009-09-15 23:38 . 2009-09-15 23:38 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Media Player Classic 2009-09-15 17:59 . 2009-09-15 17:59 -------- d-----w- c:\arquivos de programas\PluginLetras 2009-09-15 06:45 . 2009-09-15 06:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg7 2009-09-15 03:25 . 2009-09-15 03:25 -------- d-----w- c:\arquivos de programas\Topro 2009-09-15 03:02 . 2009-09-15 03:02 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll 2009-09-15 02:27 . 2009-09-15 02:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles 2009-09-15 02:24 . 2009-09-15 02:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield 2009-09-15 01:45 . 2009-09-15 01:45 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2009-09-15 01:43 . 2009-09-15 01:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live 2009-09-15 01:42 . 2009-09-15 01:42 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2009-09-15 01:41 . 2009-09-15 01:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESTsoft 2009-09-15 01:38 . 2009-09-24 05:18 71680 ----a-w- c:\documents and settings\Administrador\GLB799.tmp 2009-09-15 01:38 . 2009-09-15 01:51 71680 ----a-w- c:\documents and settings\and\GLB799.tmp 2009-09-15 01:38 . 2009-09-15 01:47 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB799.tmp 2009-09-15 01:38 . 2009-09-15 01:38 71680 ----a-w- c:\documents and settings\Default User\GLB799.tmp 2009-09-15 01:35 . 2009-09-15 01:35 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2 2009-09-15 01:33 . 2009-09-15 01:33 -------- d-----w- c:\arquivos de programas\Serviços on-line 2009-09-15 01:33 . 2009-09-15 01:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços 2009-09-15 01:32 . 2009-09-15 01:32 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-11 14:15 . 2008-04-14 07:00 136704 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2008-04-14 07:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:29 . 2008-04-14 07:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:29 . 2009-09-15 01:35 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:29 . 2008-04-14 07:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:03 . 2009-03-21 14:20 247326 ----a-w- c:\windows\system32\strmdll.dll . ------- Sigcheck ------- [-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\regsvc.dll ... está faltando !! . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 21898024] "NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2009-09-20 172032] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-09-20 46592] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-09-20 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-08-29 124928] c:\documents and settings\and\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Valve\\hl.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\hishi601\\counter-strike\\hl.exe"= "c:\\Arquivos de programas\\Steam\\Steam.exe"= "c:\\Arquivos de programas\\Steam\\steamapps\\hishi601\\counter-strike source\\hl2.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\WINDOWS\\SOUNDMAN.EXE"= "d:\\anderson arquivos\\HD 2\\Programas\\DVD Anderson\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\jqsnotify.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "d:\\anderson arquivos\\HD 2\\Programas\\Meus documentos\\roteadores\\SpeedTouch_upgrade_wizard_R4421\\SpeedTouch 510 v6\\SetupWizard\\stInstall.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [17/4/2009 18:51 16896] R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [17/4/2009 18:51 52736] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/9/2009 20:50 108289] R2 RalinkRegistryWriter;Ralink Registry Writer;c:\arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [26/10/2009 14:06 69632] R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.SYS [15/9/2009 01:25 196548] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - MBR *Deregistered* - mbr . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-13 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.speedbit.com/ IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: {0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7} = 200.165.132.154 TCP: {300EDF33-DB30-43FA-AC3E-CF080FC6BB5F} = 200.165.132.154 FF - ProfilePath - c:\documents and settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-WindowsLivePhone - c:\arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe HKLM-Run-tppoll - c:\program files\Topro\tppoll.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-13 21:45 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(3928) c:\windows\system32\WININET.dll c:\arquivos de programas\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\RUNDLL32.EXE c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Tempo para conclusão: 2009-11-13 21:48 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-11-13 23:48 Pré-execução: 4.900.159.488 bytes disponíveis Pós execução: 5.334.990.848 bytes disponíveis - - End Of File - - 8D468A3772817ACD6F10C184418B27DD ------------x------------x---------------x------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:54:22, on 13/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\NitroPC\NitroPC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154 O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- End of file - 7428 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 14, 2009 Bom Dia! danmex <@> Descompacte esse ficheiro: c:\windows\system32\regsvc.dll.zip <@> Deixe-o aí mesmo...nesse diretório! ( system32 ) <@> Vá em Iniciar --> Executar. <@> Digite ou cole: regsvr32 regsvc.dll --> Clique OK. <><><><><><><><><><><> <@> Baixe: < AVPTool > <@> Salve-o em Arquivos de Programas,e instale-o aí mesmo! <@> Reinicie o computador,em Modo de Segurança! <-- Importante! <@> Na janela de configuração,marque: Meu computador ou todas as caixinhas <@> Dê início ao exame,clicando em "Scan". <@> A verificação é muito demorada. <-- Aguarde! <@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada. <@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip. <@> Evite,para esses casos,a opção "Delete". <@> Terminando,clique na aba Events. <@> Desmarque a caixa de seleção "Show all events". <@> Clique em "Save to file". <@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem! <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 14, 2009 Boa noite DIgram bom deu isso aqui quando descompactei o arquivo que você pediu "regsvc.dll foi carregado, mas o ponto de entrada DIRegister Server não foi localizado esta arquivo não pode ser resgistrado" eh não consigo entrar em mode de segurançao, meu pc reinicia sozinho :( Abraçoss Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 14, 2009 Boa noite DIgram bom deu isso aqui quando descompactei o arquivo que você pediu "regsvc.dll foi carregado, mas o ponto de entrada DIRegister Server não foi localizado esta arquivo não pode ser resgistrado" eh não consigo entrar em mode de segurançao, meu pc reinicia sozinho :( Abraçoss <><><><><><><><><> Opa! danmex <!> Execute AVPTool em Modo Normal,e poste seu relatório. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 15, 2009 Boa Tarde DigRam bom aqui vai os logs que você pediu obs: quando rodava o scan do AVPTool o avira detectava alguns virus, isso e normal? Log AVPTools Scan ---- Scanned: 872271 Detected: 0 Untreated: 0 Start time: 14/11/2009 22:01:04 Duration: 03:52:54 Finish time: 15/11/2009 01:53:58 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bck1.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt11.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt12.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt13.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt21.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt22.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt23.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt31.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt32.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt33.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt41.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt42.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt43.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt51.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt52.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt53.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt61.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt62.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/main.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/preview.bmp password protected 14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bck1.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt11.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt12.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt13.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt21.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt22.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt23.bmp password protected 15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt31.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt32.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt33.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt41.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt42.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt43.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt51.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt52.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt53.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt61.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt62.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/main.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/preview.bmp password protected 15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp password protected Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ---- log Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:26:25, on 15/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\NitroPC\NitroPC.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: is-2SL0L.lnk = C:\Arquivos de programas\Virus Removal Tool\is-2SL0L\startup.exe O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154 O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- End of file - 7753 bytes Abraçoss Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 16, 2009 Bom Dia! danmex obs: quando rodava o scan do AVPTool o avira detectava alguns virus, isso e normal? <!> Seu antivírus deveria estar desabilitado,mas como ocorreram detecções,o procedimento seria enviá-las à quarentena. <><><><><><><><><><><> <@> Faça um escaneamento de desinfecção,em: < BitDefender > <@> Ps: Utilize o navegador Internet Explorer! <@> Abrirá a página: BitDefender OnLine Scanner ( Free and effective malware cleanup directly from your browser ) <@> Clique em Start Scanner --> <@> Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan. <@> Terminando,poste o relatório: C:\Windows\BDOSCAN8\bdoscan.log <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 16, 2009 Boa Tarde DigRam gostaria de tirar uma duvida! toda vez que eu for rodar um scan que você pedir eu tenhu q desabilitar meu antivirus? ou so quando você pedir pra desabilitar? nesse caso do scan do Bitdefender eu parei meu antivirus! :) aqui vai os log que você pediu BDOSCAN.log [General] App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8" Date = 16:11:2009 Time = 15:36:58 Scan Path = C:\;D:\;E:\; [Engines Info] Virus Definitions = 4552716 Engine build = "AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)" Scan plugins = 17 Archive plugins = 44 Unpack plugins = 8 E-mail plugins = 6 System plugins = 4 [scan Statistics] Folders = 5356 Files = 291519 Archives = 10979 Packed files = 19479 Identified viruses = 5 Infected files = 5 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 5 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 30 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000015 = "C:\Documents and Settings\and\Desktop\Patch_Sitecs_protocolo_47_48.exe=>(Instyler o)=>(Instyler Module 9) Infected with: Trojan.Generic.IS.581108" Line00000014 = "C:\Documents and Settings\and\Desktop\Patch_Sitecs_protocolo_47_48.exe=>(Instyler o)=>(Instyler Module 9) Deleted" Line00000013 = "C:\Documents and Settings\and\Desktop\Patch_Sitecs_protocolo_47_48.exe=>(Instyler o) Update failed" Line00000012 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/ACLUI.DLL Infected with: Trojan.Generic.1618691" Line00000011 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/ACLUI.DLL Deleted" Line00000010 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed" Line00000009 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Infected with: Gen:Trojan.Heur.amSfyeNTQWdi" Line00000008 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Disinfection failed" Line00000007 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Deleted" Line00000006 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed" Line00000005 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/NOTEPAD.EXE Infected with: Trojan.Generic.2562059" Line00000004 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/NOTEPAD.EXE Deleted" Line00000003 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed" Line00000002 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/WSOCK32.DLL Infected with: Trojan.Generic.2571627" Line00000001 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/WSOCK32.DLL Deleted" Line00000000 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed" ><><><><><<><><><><><><><><><>< log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:41:54, on 16/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\NitroPC\NitroPC.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: is-2SL0L.lnk = C:\Arquivos de programas\Virus Removal Tool\is-2SL0L\startup.exe O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154 O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- End of file - 7721 bytes abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 17, 2009 Boa Noite! danmex <@> Baixe: < SafeBootKeyRepair > <@> Salve-a,diretamente,no Disco-local ©. <@> Execute-a!E,ao terminar,gerará um relatório: C:\SafeBoot_Repair.txt <-- Não poste! <@> Reinicie e verifique se já pode entrar,em Modo de Segurança. <@> Baixe: < > (...par A.Rothstein & dj Quiou ) <@> Salve-o no desktop! <@> Feche programas que estejam abertos,e execute a ferramenta. <@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde! <@> Terminando,teremos relacionados os itens que serão removidos. <@> Clique no botão Supression para remover os itens encontrados. <@> Clique,à seguir,em Quitter. <@> Poste o relatório: ( C:\TCleaner.txt ) <-- <><><><><><><><><><> <@> Ps: Caso disponha do CD de instalação do Windows,execute estes procedimentos: <@> Vá em Iniciar --> Executar --> Digite ou cole: sfc /scannow --> Clique OK. < > <@> Será pedido a colocação do CD-ROM,do Windows XP,no drive. <@> Aguarde a conclusão do reparo! --> Reinicie! <@> Ps: Informe a situação do computador! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 17, 2009 Boa Tarde DigRam bom a situação e o seguinte executei safebootkey como você pediu, quando reiniciei ele nao entro no modo seguro,continua reiniciando e tem mais, quando ele reinicia, quando passa da tela do WINDOWS XP depois fica uma tela azul, ai o pc trava e reinicia ou desliga, ficou complicado :( aqui vai o LOG q você pediu Tcleaner.log [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\HijackThis.exe: trouvé ! C:\Combofix.txt: trouvé ! C:\hijackthis.log: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\and\Desktop\ComboFix.exe: trouvé ! C:\Qoobox\Quarantine\catchme.log: trouvé ! C:\WINDOWS\mbr.exe: trouvé ! --------------------------------- --> Suppression: C:\HijackThis.exe: supprimé ! C:\Documents and Settings\and\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Combofix.txt: supprimé ! C:\hijackthis.log: supprimé ! C:\Qoobox\Quarantine\catchme.log: supprimé ! C:\WINDOWS\mbr.exe: supprimé ! C:\Qoobox: supprimé ! <><><>><><><><><>< como não tenhu o cd de formatação do windows aqui nao fiz o outro processo ABraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 18, 2009 Boa Noite! danmex <@> Baixe: < DrWebCureIt > <@> Caso tenha dificuldades para o download,utilize outro computador ou proxy. <@> Vá em: < Proxify > <@> Digite,na caixa,a URL ao DrWebCureIt. <@> Clique em Proxify. <@> Salve a ferramenta no desktop! <@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit. <@> Na janela que abrir,clique em Iniciar --> OK. <@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda! <@> Terminando,marque a caixa de "Verificação Completa". <@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis". Neste modo são verificados os seguintes objectos: * Sectores de Arranque de Todos os Discos. <-- * Todas as Unidades Removíveis. <-- * Todos os Discos Locais. <-- <@> Clique em "Iniciar verificação" --> Aguarde! <@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim. <@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios". <@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto! <@> Poste: DrWeb.csv Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 18, 2009 Bom dia DigRAM aqui vai o logo que você pediu DrWeb.csv flashplayer10_install_plugin_051508.exe;C:\Documents and Settings\Administrador\7zS791.tmp;Trojan.MulDrop.39229;Incurável.Movido.; flashplayer10_install_plugin_051508.exe;C:\Documents and Settings\and\7zS791.tmp;Trojan.MulDrop.39229;Incurável.Movido.; flashplayer10_install_plugin_051508.exe;C:\Documents and Settings\Default User\7zS791.tmp;Trojan.MulDrop.39229;Incurável.Movido.; A0029956.exe;C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP52;Trojan.MulDrop.39229;Incurável.Movido.; A0029957.exe;C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP52;Trojan.MulDrop.39229;Incurável.Movido.; A0029958.exe;C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP52;Trojan.MulDrop.39229;Incurável.Movido.; Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 18, 2009 Bom Dia! danmex bom a situação e o seguinteexecutei safebootkey como você pediu, quando reiniciei ele nao entro no modo seguro,continua reiniciando e tem mais, quando ele reinicia, quando passa da tela do WINDOWS XP depois fica uma tela azul, ai o pc trava e reinicia ou desliga, ficou complicado <!> Ps: Essa sintomatologia,normalmente,não está relacionada à vírus. <><><><><><><><><><><><> <@> Baixe: < McAfee Avert Stinger > <@> Salve-o em Arquivos de programas! <@> Clique em Add,e adicione as demais unidades de disco que possua. ( Por exemplo, a unidade D:\ ) <@> Em seguida,clique em "Preferences",para configurar seu scan. <@> Marque,abaixo,as opções: Boot sectors Repair <-- Por default,encontra-se marcada! Scan self extracting executables Check files for MIME contente Check files for UUEncoded content Scan inside compressed files Scan subdirectories Report applications Scan all files <@> Ps: Muitas caixas estarão marcadas,bastando completar algumas. <@> Ps: Ajuste a sensibilidade para "Medium" --> OK. <@> Clique em "Scan now". <@> Aguarde o término do Scan. <@> Clique em File --> Save report to file --> OK. <@> Poste: c:\arquivos de programas\stinger 1001624.txt <-- Relatório! <><><><><><><><><><><><> <@> Baixe: < FindyKill > ( ...par Chiquitine29 ) <@> Salve-a em Arquivos de Programas! <@> Feche programas que estejam abertos. <@> Desabilite a proteção residente de antivírus e antispywares. <@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo! <@> Instale a ferramenta,e aceite todas as condições pedidas. <@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <@> No prompt,aperte o P. --> Enter. <-- Opção de linguas! <@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" ) <@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde! <@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter. <@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 18, 2009 Bom dia DigRAm aqui vai os logs que você pediu stinger.txt McAfee® Stinger Version 10.0.1.624 built on Jul 6 2009 Copyright © 2009 McAfee, Inc. All Rights Reserved. Virus data file v1000 created on Jul 6 2009. Ready to scan for 897 viruses, trojans and variants. Scan initiated on Wed Nov 18 11:32:04 2009 C:\SafeBootKeyRepair.exe Found the Artemis!A6837F19674B trojan !!! C:\SafeBootKeyRepair.exe has been deleted. D:\anderson arquivos\HD 2\Programas\DVD Anderson\Nitro+PC+2008.exe Found the Artemis!23A0F826E0FA trojan !!! D:\anderson arquivos\HD 2\Programas\DVD Anderson\Nitro+PC+2008.exe has been deleted. Number of clean files: 217797 Number of Trojans: 2 Number of files deleted: 2 FindyKill.txt ############################## | FindyKill V5.019 | # User : and (Administradores) # CASA # Update on 16/11/2009 by Chiquitine29 # Start at: 12:37:19 | 18/11/2009 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : FindyKill.Contact@gmail.com # Intel® Pentium® 4 CPU 3.00GHz # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 7.0.5730.13 # Windows Firewall Status : Disabled # C:\ # Disco fixo local # 14,65 Go (4,73 Go free) # NTFS # D:\ # Disco fixo local # 134,39 Go (69,79 Go free) [documentos] # NTFS # E:\ # Disco CD-ROM ############################## | Processos ativos | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## | C: | ################## | C:\WINDOWS | Supprimido ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\and\Dados de aplicativos | ################## | Supressão Outros ... | ################## | Temporary Internet Files | ################## | Registro / Chaves infeciosas | Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify" Supprimido ! [HKLM\software\microsoft\security center] "FirewallDisableNotify" Supprimido ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify" Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr" Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" ################## | Estado / Serviços / Informações | # Safe mode : OK # Affichagem dos arquivos ocultos : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | PEH ... | ################## | Cracks / Keygens / Serials | "D:\anderson arquivos\HD 2\Meus doc\Anti virus\Avast + serial\ATUALIZA€ÇO_AVAST_17_JUNHO_2008.exe" 27/06/2008 13:07 |Size 16210008 |Crc32 cf0ea1b3 |Md5 19b7b7987ac272cf576b5f64e042984f "D:\anderson arquivos\HD 2\Meus doc\Anti virus\Avast + serial\AVAST_JUNHO2008.exe" 04/07/2008 11:12 |Size 24059384 |Crc32 1a7ee37c |Md5 7e359abc7cafc9df0e373d9d3f3bf9fa "D:\anderson arquivos\HD 2\Meus doc\Anti virus\Avast + serial\AVAST_PROFISSIONAL\AVAST_PROFISSIONAL_17_JUNHO_2008.exe" 17/06/2008 12:21 |Size 24312056 |Crc32 1ea14750 |Md5 a285f7b9a81ff8a49d96e09b0935d9c6 "D:\anderson arquivos\HD 2\Programas\DVD Anderson\Pinnacle 9.3\KEYGEN\Pinnacle Studio Plus 9.3.2.48 Trial - Parisa\Unlock_Patch.exe" 11/02/2005 10:36 |Size 341836 |Crc32 d4e16a71 |Md5 f119eb4709d72bd50380485db7a7f726 "D:\anderson arquivos\HD 2\Programas\DVD Anderson\Pinnacle 9.3\KEYGEN\Pinnacle Studio Plus 9.3.2.48 Trial - Parisa\programs\Check2D.exe" 11/02/2005 08:37 |Size 425984 |Crc32 26acb0b0 |Md5 635ff53cbd951f2411ef5133fd042b54 ################## | ! Fim do relatório # FindyKill V5.019 ! | Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 18, 2009 Boa Tarde! danmex <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Segundo a imagem,mude a opção em "Output" para "Minimal Output". <@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". <@> Clique em: < > --> Aguarde! <@> Poste: <1> OTL.txt <-- <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 18, 2009 Boa Tarde DigRAM fiz oq você pediu mas so gerou um log aqui está OTL.txt OTL logfile created on: 18/11/2009 15:20:01 - Run 3 OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\and\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 1022,48 Mb Total Physical Memory | 275,94 Mb Available Physical Memory | 26,99% Memory free 2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,39% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 14,65 Gb Total Space | 4,82 Gb Free Space | 32,92% Space Free | Partition Type: NTFS Drive D: | 134,39 Gb Total Space | 69,79 Gb Free Space | 51,93% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CASA Current User Name: and Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\and\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Arquivos de programas\Steam\Steam.exe (Valve Corporation) PRC - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies) PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe () PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\and\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (RalinkRegistryWriter) -- C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe () SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ViPrt) -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.) DRV - (ViBus) -- C:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (is-2SL0Ldrv) -- C:\WINDOWS\system32\drivers\22393460.sys (Kaspersky Lab) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (DCamUSBIntel) -- C:\WINDOWS\system32\drivers\TP6800.SYS (Microsoft Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/10/01 07:41:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/11/17 03:07:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/11/17 03:07:56 | 00,000,000 | ---D | M] [2009/09/18 20:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Extensions [2009/09/18 20:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/10/16 17:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\extensions [2009/10/16 03:24:46 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\searchplugins\winamp-search.xml [2009/11/17 15:34:20 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions [2009/11/08 10:15:40 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/01 07:41:17 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/10/01 07:42:13 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/11/08 10:15:33 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll [2009/11/08 10:15:33 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll [2009/07/31 16:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll [2009/11/08 10:15:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL [2009/08/03 16:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll [2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll [2009/11/09 16:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll [2009/11/09 16:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll [2009/10/16 16:45:44 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml [2009/10/16 16:45:44 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\google.xml [2009/10/16 16:45:44 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2009/10/16 16:45:44 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2009/10/16 16:45:44 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001..\Run: [skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/09/14 23:34:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/09/24 13:44:33 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoPLaY\ComMaND - "" = F:\qsqh.exe -- File not found O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoRun\command - "" = F:\qsqh.exe -- File not found O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\eXplORE\COmmanD - "" = F:\qsqh.exe -- File not found O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\open\COmMAnd - "" = F:\qsqh.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/18 15:17:17 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\and\Desktop\OTL.exe [2009/11/18 12:35:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\and\Recent [2009/11/18 12:35:12 | 00,000,000 | ---D | C] -- C:\FindyKill [2009/11/18 11:29:04 | 04,129,799 | ---- | C] (McAfee Inc.) -- C:\Arquivos de programas\stinger.exe [2009/11/18 00:17:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/11/18 00:15:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner [2009/11/17 23:57:58 | 22,897,440 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\and\Desktop\drweb-cureit.exe [2009/11/17 13:29:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype [2009/11/17 13:29:25 | 00,000,000 | R--D | C] -- C:\Arquivos de programas\Skype [2009/11/17 03:07:53 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2009/11/17 03:07:53 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2009/11/17 03:07:53 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2009/11/17 03:07:53 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2009/11/17 03:07:50 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2009/11/17 03:07:49 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2009/11/17 03:07:49 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2009/11/17 03:07:48 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009/11/17 03:07:47 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2009/11/17 03:07:42 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack [2009/11/14 19:28:50 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\22393460.sys [2009/11/14 19:28:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Virus Removal Tool [2009/11/14 19:20:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\regsvc.dll~ [2009/11/14 19:19:03 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvc.dll [2009/11/12 03:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Dados de aplicativos\teamspeak2 [2009/11/12 03:48:27 | 00,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm [2009/11/12 03:48:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Teamspeak2_RC2 [2009/11/12 02:54:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft [2009/11/12 02:54:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live [2009/11/11 14:45:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Robster Productions [2009/11/10 13:48:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq [2009/11/10 13:48:13 | 00,000,000 | ---D | C] -- C:\Inetpub [2009/11/06 02:33:24 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DreaMule [2009/11/03 15:16:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Meus documentos\Updater [2009/11/03 15:16:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Configuraes locais [2009/11/03 15:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems [2009/11/03 15:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Adobe PDF [2009/11/03 14:59:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared [2009/11/02 05:12:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Meus documentos\Downloads [2009/10/26 14:06:04 | 00,021,361 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys [2009/10/26 14:06:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TP-LINK [2009/10/26 14:05:58 | 00,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys [2009/10/26 14:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TP-LINK Driver [2009/10/21 04:03:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Dados de aplicativos\Octoshape [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\Documents and Settings\and\*.tmp files -> C:\Documents and Settings\and\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/18 15:21:08 | 22,049,7952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/11/18 15:17:17 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\and\Desktop\OTL.exe [2009/11/18 14:51:21 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\and\NTUSER.DAT [2009/11/18 13:05:55 | 00,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk [2009/11/18 12:53:41 | 00,043,209 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/11/18 12:37:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/18 12:37:06 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/18 12:37:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/18 12:37:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/18 12:35:56 | 02,571,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/11/18 12:35:48 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\and\ntuser.ini [2009/11/18 12:34:10 | 01,065,740 | ---- | M] () -- C:\Arquivos de programas\FindyKill.exe [2009/11/18 12:33:23 | 00,000,022 | ---- | M] () -- C:\Arquivos de programas\stinger.opt [2009/11/18 11:29:20 | 04,129,799 | ---- | M] (McAfee Inc.) -- C:\Arquivos de programas\stinger.exe [2009/11/18 00:15:52 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\and\Desktop\CCleaner.lnk [2009/11/17 23:30:35 | 22,897,440 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\and\Desktop\drweb-cureit.exe [2009/11/17 14:06:37 | 00,455,680 | ---- | M] () -- C:\Documents and Settings\and\Desktop\ToolsCleaner2.exe [2009/11/17 13:30:03 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/11/16 23:46:25 | 00,099,883 | ---- | M] () -- C:\Documents and Settings\and\Desktop\feliz!!.jpg [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/13 21:45:19 | 00,000,241 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/13 21:45:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/13 21:34:32 | 03,559,628 | R--- | M] () -- C:\Documents and Settings\and\Desktop\ComboFix.exe [2009/11/12 23:50:54 | 00,011,736 | R--- | M] () -- C:\Documents and Settings\and\Desktop\tempdecal.wad [2009/11/12 23:48:03 | 00,104,499 | ---- | M] () -- C:\Documents and Settings\and\Desktop\PRIIII.jpg [2009/11/12 22:47:35 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\and\Desktop\sXe Injected.lnk [2009/11/12 03:48:27 | 00,034,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm [2009/11/12 02:44:27 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\and\Meus documentos\Minhas Pastas de Compartilhamento.lnk [2009/11/11 22:54:41 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6 Non-steam (v23).lnk [2009/11/11 22:54:32 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Counter-Strike.lnk [2009/11/11 13:18:30 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/09 16:00:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2009/11/09 16:00:00 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2009/11/09 16:00:00 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/11/09 16:00:00 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2009/11/09 16:00:00 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2009/11/09 16:00:00 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2009/11/05 15:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/11/03 15:23:41 | 00,017,384 | ---- | M] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2009/11/03 02:51:11 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/30 02:08:47 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Condition Zero.lnk [2009/10/29 00:33:38 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/10/26 14:07:04 | 00,752,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/26 14:07:04 | 00,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2009/10/26 14:07:04 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/26 14:07:04 | 00,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2009/10/26 14:07:04 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/26 14:06:08 | 00,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk [2009/10/26 14:06:04 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys [2009/10/21 02:07:53 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/10/21 02:07:53 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\Documents and Settings\and\*.tmp files -> C:\Documents and Settings\and\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/18 12:33:29 | 01,065,740 | ---- | C] () -- C:\Arquivos de programas\FindyKill.exe [2009/11/18 12:33:23 | 00,000,022 | ---- | C] () -- C:\Arquivos de programas\stinger.opt [2009/11/18 12:33:19 | 00,000,680 | ---- | C] () -- C:\Arquivos de programas\stinger.txt [2009/11/18 00:15:52 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\and\Desktop\CCleaner.lnk [2009/11/17 14:06:28 | 00,455,680 | ---- | C] () -- C:\Documents and Settings\and\Desktop\ToolsCleaner2.exe [2009/11/17 13:30:03 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/11/17 03:07:52 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/11/17 03:07:51 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/11/17 03:07:50 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2009/11/17 03:07:49 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/11/17 03:07:49 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/11/17 03:07:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/11/17 03:07:45 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/11/17 03:07:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/11/13 21:34:01 | 03,559,628 | R--- | C] () -- C:\Documents and Settings\and\Desktop\ComboFix.exe [2009/11/12 23:48:02 | 00,104,499 | ---- | C] () -- C:\Documents and Settings\and\Desktop\PRIIII.jpg [2009/11/12 22:35:45 | 00,099,883 | ---- | C] () -- C:\Documents and Settings\and\Desktop\feliz!!.jpg [2009/11/12 22:34:44 | 00,011,736 | R--- | C] () -- C:\Documents and Settings\and\Desktop\tempdecal.wad [2009/10/26 14:06:08 | 00,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk [2009/10/26 04:29:20 | 00,001,766 | ---- | C] () -- C:\Documents and Settings\and\Desktop\Condition Zero.lnk [2009/09/18 19:32:02 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat [2009/09/18 19:29:34 | 00,002,296 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini [2009/09/18 19:29:12 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2009/09/18 13:41:09 | 00,028,242 | ---- | C] () -- C:\WINDOWS\System32\regsvc.dll.zip [2009/09/15 04:45:15 | 07,440,192 | -H-- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\IconCache.db [2009/09/15 01:50:11 | 00,017,384 | ---- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2009/09/15 01:25:24 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\CamLib.Dll [2009/09/14 23:51:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\and\Dados de aplicativos\desktop.ini [2009/09/14 23:43:08 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/09/14 20:26:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini [2009/09/14 17:03:55 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/14 16:10:15 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/07/14 16:10:15 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/07/14 16:10:14 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009/07/14 16:10:14 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2009/07/14 16:10:13 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009/07/14 16:10:13 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2009/07/14 16:10:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2009/04/17 19:21:12 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 05:00:00 | 00,000,528 | ---- | C] () -- C:\WINDOWS\win.ini [2008/04/14 05:00:00 | 00,000,241 | ---- | C] () -- C:\WINDOWS\system.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5 < End of report > Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 18, 2009 Boa Noite! danmex <@> Cole no Bloco de Notas,estas informações sob o Quote. <@> Em "Salvar como tipo",escolha "Todos os arquivos". <@> Em "Nome do Arquivo",coloque: Temp.bat @ECHO OFFIF NOT %temp% == %tmp% GOTO both GOTO single :both DEL %temp%\*.* /F /S /Q DEL %tmp%\*.* /F /S /Q CLS ECHO Deleted all files in the TEMP folder: %temp% ECHO Deleted all files in the TMP folder: %tmp% GOTO end :single DEL %temp%\*.* /F /S /Q DEL %systemroot%\Temp\*.* /F /S /Q CLS ECHO Deleted all files in the TEMP folder: %temp% :end <@> Salve-o no desktop e execute-o com um duplo-clique. <@> Surgirá,por breve momento,uma tela preta. <><><><><><><><><><> <@> Baixe: < FixPolicies > ( ...by Bill Castner ) <@> Salve-o no Desktop! <@> Esteja logado como Administrador. <@> Execute o arquivo FixPolicies.exe,com um duplo-clique. <@> Clique em Install. <@> Abra a pasta FixPolicies,que foi criada. <@> Duplo-clique em Fix_policies.cmd. <@> Surgirá,por breve momento,uma caixa preta. <><><><><><><><><><> <@> Execute o OTL.exe. <@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes ) :Processesexplorer.exe :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoPLaY\ComMaND - "" = F:\qsqh.exe -- File not found O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoRun\command - "" = F:\qsqh.exe -- File not found O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\eXplORE\COmmanD - "" = F:\qsqh.exe -- File not found O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\open\COmMAnd - "" = F:\qsqh.exe -- File not found :Files @C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5 C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini :Reg [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000\Control] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Security] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Enum] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000\Control] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Security] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Enum] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system] :Commands [purity] [emptytemp] [start explorer] [Reboot] <@> Clique no botão Run Fix --> Aguarde a conclusão e reboot. <@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
danmex 0 Denunciar post Postado Novembro 19, 2009 Bom dia DigRam aqui vai o Log que você pediu! OTL/movedfiles.log All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== OTL ========== No active process named explorer.exe was found! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. File F:\qsqh.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. File F:\qsqh.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. File F:\qsqh.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found. File F:\qsqh.exe not found. ========== FILES ========== ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5 deleted successfully. C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000\Control\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Security\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Enum\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000\Control\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Security\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Enum\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrador ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes User: All Users User: and ->Temp folder emptied: 243712 bytes ->Temporary Internet Files folder emptied: 969593 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49413059 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LEY User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2617939 bytes %systemroot%\System32 .tmp files removed: 2969 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50,92 mb OTL by OldTimer - Version 3.1.6.0 log created on 11192009_014912 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Abraços =) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 19, 2009 Bom Dia! danmex <!> Desinstale: < CyE Registry Writer > <><><><><><><><><><><> <@> Baixe: < O18fix.zip > <@> Descompacte-o para o desktop. ( O18fix.reg ) <@> Execute o arquivo o18fix.reg,com um duplo clique. <@> Confirme a inserção ao registro --> Reinicie o computador! <><><><><><><><><><><> <@> Faça o download do UnHook. <@> Baixe-o para o Desktop! [Version]Signature="$Chicago$"Provider=Symantec[DefaultInstall]AddReg=UnhookRegKey[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0 <@> Copie estas informações sob o Code,para o Bloco de Notas. <@> Salve-as no desktop,com o nome: UnHookExec.inf <@> Em "Arquivos do Tipo"...coloque: "Todos os arquivos" <@> Insira o arquivo estabelecido,ao registro. ( UnHookExec.inf ) <@> Clique com o lado direito,do Mouse. --> Clique em Instalar <-- Clique esquerdo! <@> Reinicie o computador! <><><><><><><><><><><> <@> Baixe: < The_Comedian > ( ...by Rorschach112 ) <@> Salve-o no desktop,renomeado como: komedian.exe <@> Execute komedian.exe,com um duplo-clique. <@> Siga as várias etapas ( Steps 1,2,3,4.. ),sempre apertando Enter. Step 1 --> Turning off wordwrap.. Step 2 --> Fixing file associations Step 3 --> Creating an ERUNT registry backup.. <@> Permita a instalação de ERUNT,que estabelecerá backup ao registro. <@> Conclua a etapa 4 ( Step 4 ),que irá criar um novo Ponto de restauração do sistema. <@> Confirme a finalização dessa etapa,que terminará automaticamente. <@> Por default,o backup estará em: C:\WINDOWS\ERUNT\d-m-2009 <><><><><><><><><><><> <@> Execute o OTL Quick Scan,onde teremos um rápido escaneamento da ferramenta. <@> Duplo-clique em: < > <@> Clique em "Scan All Users" --> --> Aguarde! <@> Copie e poste o relatório. ( OTL log ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites