Ir para conteúdo

Tópicos Resolvidos (Seguranca & Malwares)

POWERED BY:

Entrar
Entrar

Lembrar dados Não recomendado para computadores públicos

Entrar anonimamente

Esqueceu sua senha?
Cadastre-se

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jepeople

[Resolvido!] Firefox e IE abrindo páginas sozinho

Por jepeople, Novembro 21, 2009 em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

jepeople 0

jepeople

Denunciar post

Postado Novembro 21, 2009

Bem pessoal, quando estou navegando em qualquer página em qualquer navegador, de repente abre outra página, geralmente com conteúdo erotico, segue abaixo o log pra quem puder ajudar.

Grato.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:24:50, on 21/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp2std.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\firefox.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\Users\FAMLIA~1\AppData\Local\Temp\Rar$EX00.200\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comopiniao.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe,

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9191 bytes

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 22, 2009

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Ao finalizar, se alguma atualização existir,o download será automático. Aguarde...

*Terminada a atualização, o programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta e novo log do hijack

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 22, 2009

Ok colega, segue os logs solicitados:

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2775

Windows 6.1.7600

22/11/2009 18:05:53

mbam-log-2009-11-22 (18-05-53).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 214263

Tempo decorrido: 28 minute(s), 9 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:27, on 22/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp2std.exe

C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\Users\FAMLIA~1\AppData\Local\Temp\Rar$EX00.106\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comopiniao.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe,

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9135 bytes

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 22, 2009

*Baixe o Dr.WebCureit e salve-o no desktop

*Duplo clique em launch.exe

*Clique em [Opções] e altere o idioma para "Português"

*Selecione a opção [Verificação completa] e clique na seta para iniciar o scan

*Ao término, clique em [Ficheiro] e selecione a opção [Guardar lista de relatórios] e salve-o no desktop

*Cole o relatório criado

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 24, 2009

Doctor Web

Putz, não sei que virus é esse, mais que é chato é afff

-----------------------------------------------------------------------------

Estatísticas

-----------------------------------------------------------------------------

Objectos verificados: 323403

Infectado: 1

Objectos com modificações encontrados: 0

Objectos suspeitos encontrados: 2

Programas Adware encontrados: 0

Programas Dialer encontrados: 0

Programas Joke encontrados: 0

Programas Riskware encontrados: 0

Programas Hacktool encontrados: 2

Objectos desinfectados: 0

Objectos eliminados: 0

Objectos renomeados: 0

Objectos movidos: 1

Objectos ignorados: 0

Velocidade de verificação: 81 Kb/s

Tempo de verificação: 05:04:32

-----------------------------------------------------------------------------

C:\Windows\system32\drivers\etc\hosts - impossível mover

C:\32788R22FWJFW\FIND3M.bat - eliminado

C:\32788R22FWJFW\List-C.bat - eliminado

C:\Documents and Settings\Família\DoctorWeb\Quarantine\winudpmgr.exe.vir infectado com BackDoor.IRC.Sdbot.4988 - incurável - movido

C:\Documents and Settings\Família\Downloads\usb_multiboot_10\USB_MultiBoot_10\MULTI_CONTENT\wintools\othertools\ProduKey.exe - eliminado

=============================================================================

Estatísticas totais da sessão

=============================================================================

Objectos verificados: 323419

Infectado: 1

Objectos com modificações encontrados: 0

Objectos suspeitos encontrados: 2

Programas Adware encontrados: 0

Programas Dialer encontrados: 0

Programas Joke encontrados: 0

Programas Riskware encontrados: 0

Programas Hacktool encontrados: 2

Objectos desinfectados: 0

Objectos eliminados: 3

Objectos renomeados: 0

Objectos movidos: 1

Objectos ignorados: 0

Velocidade de verificação: 81 Kb/s

Tempo de verificação: 05:04:33

=============================================================================

(o avast identificou winudpmgr.exe.vir como virus e o exluiu, mas o problema permaneceu)

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 24, 2009

*Baixe o OTL e salve-o no desktop

*Duplo clique em OTL.exe

*Marque as opções: "Scan All Users" e "Minimal Output"

*Em "File Age" selecione "30 days"

*Marque as opções "LOP check" e "Purity check"

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 25, 2009

OTL logfile created on: 25/11/2009 18:08:20 - Run 1

OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\Família\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,38% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 88,50 Gb Total Space | 44,18 Gb Free Space | 49,92% Space Free | Partition Type: NTFS

Drive D: | 60,55 Gb Total Space | 23,69 Gb Free Space | 39,13% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: FAMÍLIA-PC

Current User Name: Família

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Família\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe ()

PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Arquivos de Programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\Windows\vsnp2std.exe (Sonix)

PRC - C:\Windows\vsnp2std.exe (Sonix)

PRC - C:\Windows\FixCamera.exe ()

PRC - C:\Windows\tsnp2std.exe ()

PRC - C:\Windows\tsnp2std.exe ()

PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Família\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\wininet.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msxml3.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\fontext.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\fms.dll (Windows ® Codename Longhorn DDK provider)

MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)

SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)

SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)

SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)

SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)

SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)

SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)

SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)

SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)

SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)

SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)

SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)

SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)

SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (ScsiAccess) -- C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe ()

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (VSS) -- C:\Windows\Vss [2009/07/14 00:20:14 | 00,000,000 | ---D | M]

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 00:20:14 | 00,000,000 | ---D | M]

SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)

SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)

SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)

DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)

DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)

DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)

DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)

DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)

DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)

DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)

DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)

DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)

DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)

DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)

DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)

DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)

DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)

DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)

DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)

DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)

DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)

DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)

DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)

DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\SysNative\drivers\snp2sxp.sys ()

DRV - (CSC) -- C:\Windows\CSC [2009/09/13 13:46:49 | 00,000,000 | ---D | M]

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (hid8101) -- C:\Windows\SysWOW64\drivers\hid8101.sys (Compuware Corporation)

DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\SysWOW64\drivers\snp2sxp.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 53 D4 BE DD 65 CA 01 [binary data]

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\S-1-5-21-3434335194-1044827732-1658164855-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\S-1-5-21-3434335194-1044827732-1658164855-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5050

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\FF [2009/11/19 11:14:47 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/24 21:39:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/24 21:39:01 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\components [2009/11/24 21:39:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\plugins [2009/11/24 21:39:02 | 00,000,000 | ---D | M]

[2009/11/20 10:53:58 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\mozilla\Extensions

[2009/11/20 10:53:58 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/11/20 10:53:58 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\mozilla\Firefox\Profiles\3ka2noqm.default\extensions

[2009/11/20 10:41:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2009/09/13 18:04:33 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/09/14 08:14:41 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll

[2009/09/14 08:14:25 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL

[2008/09/10 16:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2009/11/24 21:39:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2009/11/24 21:39:01 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2009/11/24 21:39:01 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2009/11/24 21:39:01 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2009/11/24 21:39:01 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2009/11/24 21:39:01 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2009/11/24 21:39:01 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2008/09/10 16:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

O1 HOSTS File: (356723 bytes) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 123haustiereundmehr.com

O1 - Hosts: 12233 more lines...

O2:64bit: - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll ()

O2 - BHO: (TCP) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll ()

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\..\Toolbar\WebBrowser: (no name) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Arquivos de Programas\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-21-3434335194-1044827732-1658164855-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O8:64bit: - Extra context menu item: Baixar com o FDM - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O8:64bit: - Extra context menu item: Baixar tudo com o FDM - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8:64bit: - Extra context menu item: Download selecionado pelo FDM - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Baixar com o FDM - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Baixar tudo com o FDM - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Download selecionado pelo FDM - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas (x86)\Microsoft Office\Office12\EXCEL.EXE File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 21:38:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2009/11/24 21:38:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2009/11/24 19:26:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache

[2009/11/22 20:47:17 | 23,416,872 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\Família\Desktop\launch.exe

[2009/11/21 20:44:16 | 00,000,000 | ---D | C] -- C:\Windows\Sun

[2009/11/20 14:01:02 | 02,379,638 | -H-- | C] () -- C:\Users\Família\AppData\Local\IconCache.db

[2009/11/20 13:35:57 | 00,000,000 | ---D | C] -- C:\Users\Família\DoctorWeb

[2009/11/20 13:13:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2009/11/20 13:12:52 | 00,000,000 | ---D | C] -- C:\ProgramData\is-M2UIL

[2009/11/20 13:07:20 | 00,000,000 | ---D | C] -- C:\ProgramData\is-HF9HF

[2009/11/20 12:53:28 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/11/20 10:53:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3

[2009/11/19 23:06:48 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2009/11/19 23:03:40 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Roaming\Malwarebytes

[2009/11/19 23:03:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys

[2009/11/19 23:03:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2009/11/19 23:03:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2009/11/19 23:03:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/11/19 21:13:03 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2009/11/19 20:46:03 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2009/11/19 20:45:52 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Roaming\SUPERAntiSpyware.com

[2009/11/19 20:45:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware

[2009/11/19 19:37:47 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Roaming\IObit

[2009/11/19 19:37:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2009/11/19 16:27:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2009/11/19 16:27:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2009/11/19 15:45:22 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll

[2009/11/19 15:45:22 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll

[2009/11/19 15:41:33 | 28,155,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRT.exe

[2009/11/19 15:41:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2009/11/19 15:34:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2009/11/19 14:32:07 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2009/11/19 14:32:05 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2009/11/19 14:32:04 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2009/11/19 14:32:04 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll

[2009/11/19 14:32:04 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll

[2009/11/19 14:32:04 | 00,982,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys

[2009/11/19 14:32:04 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2009/11/19 14:32:04 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2009/11/19 14:32:03 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/11/19 14:32:03 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2009/11/19 14:32:03 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2009/11/19 14:32:03 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2009/11/19 14:32:03 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2009/11/19 14:32:02 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2009/11/19 14:32:02 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2009/11/19 14:21:25 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2009/11/19 14:21:25 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2009/11/19 14:20:31 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll

[2009/11/19 14:20:31 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll

[2009/11/19 14:20:23 | 09,272,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll

[2009/11/19 14:20:22 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll

[2009/11/19 13:46:03 | 00,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

[2009/11/19 11:17:07 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Local\Textual Content Provider

[2009/11/19 11:16:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Textual Content Provider

[2009/11/19 11:16:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Content Management Wizard

[2009/11/19 11:15:35 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Local\Internet Today

[2009/11/19 11:15:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Today

[2009/11/19 11:15:09 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Local\Customized Platform Advancer

[2009/11/19 11:15:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Customized Platform Advancer

[2009/11/19 11:14:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Automated Content Enhancer

[2009/11/19 11:14:25 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Local\Web Search Operator

[2009/11/19 11:14:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Web Search Operator

[2009/11/19 11:13:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HottieStar Toolbar

[2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[2009/11/08 20:10:45 | 00,000,000 | ---D | C] -- C:\Users\Família\Documents\GRUCobranca.asp_arquivos

[2009/11/07 17:16:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\A bootable USB

[2009/11/07 16:29:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes

[2009/11/06 22:15:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apostila Petrobrás - Técnico Adm. 1.0

[2009/11/03 10:19:34 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Local\Apple Computer

[2009/11/01 19:29:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center

[2009/10/29 08:37:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2009/10/29 08:37:32 | 00,000,000 | ---D | C] -- C:\Users\Família\AppData\Local\Apple

[2009/10/29 08:37:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2009/10/29 08:37:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple

[2009/10/28 10:18:55 | 00,000,000 | ---D | C] -- C:\Users\Família\Desktop\docs

[2009/09/19 13:00:58 | 00,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/25 18:10:04 | 06,291,456 | -HS- | M] () -- C:\Users\Família\ntuser.dat

[2009/11/25 17:32:04 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/11/25 17:32:04 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/11/25 17:31:10 | 01,491,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2009/11/25 17:31:10 | 00,654,272 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2009/11/25 17:31:10 | 00,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2009/11/25 17:31:10 | 00,124,724 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2009/11/25 17:31:10 | 00,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2009/11/25 17:26:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/11/25 17:26:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/11/25 17:26:20 | 24,153,70240 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/25 12:06:10 | 02,379,638 | -H-- | M] () -- C:\Users\Família\AppData\Local\IconCache.db

[2009/11/23 18:46:03 | 00,010,692 | ---- | M] () -- C:\Users\Família\Documents\NÃO NÃO HÁ.docx

[2009/11/22 21:47:21 | 00,027,648 | ---- | M] () -- C:\Users\Família\Documents\A pobreza e a distribuição de renda no Brasil - csmc.doc

[2009/11/22 20:46:11 | 23,416,872 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\Família\Desktop\launch.exe

[2009/11/21 18:17:35 | 00,012,886 | ---- | M] () -- C:\Users\Família\Documents\SEMANA-3 ATIVIDADE 3.docx

[2009/11/21 16:10:38 | 00,027,648 | ---- | M] () -- C:\Users\Família\Documents\Como somos diferentes!.doc

[2009/11/21 15:33:07 | 00,012,366 | ---- | M] () -- C:\Users\Família\Documents\UNIVERSIDADE FEDERAL DE ALAGOA1.docx

[2009/11/21 14:30:03 | 38,656,4251 | ---- | M] () -- C:\Users\Família\Documents\Rodriguinho.nrg

[2009/11/21 09:32:01 | 00,093,704 | ---- | M] () -- C:\Users\Família\Documents\UNIVERSIDADE FEDERAL DE ALAGOAS.docx

[2009/11/20 13:41:40 | 00,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/11/20 13:17:05 | 00,000,053 | ---- | M] () -- C:\Windows\wininit.ini

[2009/11/20 10:53:37 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2009/11/19 23:03:38 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/19 19:26:33 | 00,356,723 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2009/11/19 15:58:17 | 00,421,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2009/11/14 18:58:33 | 00,000,600 | ---- | M] () -- C:\Users\Família\PUTTY.RND

[2009/11/12 08:07:30 | 00,010,582 | ---- | M] () -- C:\Users\Família\Documents\Número MS.docx

[2009/11/11 09:27:22 | 00,027,648 | ---- | M] () -- C:\Users\Família\Documents\Samya - mapa d alguma coisa.doc

[2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[2009/11/10 17:57:43 | 00,038,400 | ---- | M] () -- C:\Users\Família\Documents\Requerimento.doc

[2009/11/10 12:13:43 | 00,000,677 | ---- | M] () -- C:\Windows\win.ini

[2009/11/08 20:10:46 | 00,066,302 | ---- | M] () -- C:\Users\Família\Documents\GRUCobranca.asp.htm

[2009/11/05 10:06:00 | 28,155,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT.exe

[2009/11/02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/23 18:46:02 | 00,010,692 | ---- | C] () -- C:\Users\Família\Documents\NÃO NÃO HÁ.docx

[2009/11/22 21:45:14 | 00,027,648 | ---- | C] () -- C:\Users\Família\Documents\A pobreza e a distribuição de renda no Brasil - csmc.doc

[2009/11/21 18:17:33 | 00,012,886 | ---- | C] () -- C:\Users\Família\Documents\SEMANA-3 ATIVIDADE 3.docx

[2009/11/21 16:10:38 | 00,027,648 | ---- | C] () -- C:\Users\Família\Documents\Como somos diferentes!.doc

[2009/11/21 14:16:25 | 38,656,4251 | ---- | C] () -- C:\Users\Família\Documents\Rodriguinho.nrg

[2009/11/21 09:40:12 | 00,012,366 | ---- | C] () -- C:\Users\Família\Documents\UNIVERSIDADE FEDERAL DE ALAGOA1.docx

[2009/11/21 09:31:50 | 00,093,704 | ---- | C] () -- C:\Users\Família\Documents\UNIVERSIDADE FEDERAL DE ALAGOAS.docx

[2009/11/20 14:01:02 | 02,379,638 | -H-- | C] () -- C:\Users\Família\AppData\Local\IconCache.db

[2009/11/20 13:41:40 | 00,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/11/20 10:53:37 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/11/19 23:03:38 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/19 19:58:13 | 00,000,053 | ---- | C] () -- C:\Windows\wininit.ini

[2009/11/12 08:07:29 | 00,010,582 | ---- | C] () -- C:\Users\Família\Documents\Número MS.docx

[2009/11/11 09:27:22 | 00,027,648 | ---- | C] () -- C:\Users\Família\Documents\Samya - mapa d alguma coisa.doc

[2009/11/10 17:57:43 | 00,038,400 | ---- | C] () -- C:\Users\Família\Documents\Requerimento.doc

[2009/11/08 20:10:44 | 00,066,302 | ---- | C] () -- C:\Users\Família\Documents\GRUCobranca.asp.htm

[2009/10/31 17:27:24 | 00,000,600 | ---- | C] () -- C:\Users\Família\PUTTY.RND

[2009/09/29 08:03:02 | 00,004,608 | ---- | C] () -- C:\Users\Família\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/19 13:01:01 | 00,015,497 | ---- | C] () -- C:\Windows\snp2std.ini

[2009/09/19 13:01:00 | 12,212,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys

[2009/09/19 13:01:00 | 00,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys

[2009/09/18 17:02:42 | 00,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll

[2009/09/18 17:02:42 | 00,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll

[2009/09/18 17:02:42 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll

[2009/09/18 17:02:42 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll

[2009/09/18 16:57:31 | 00,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll

[2009/09/18 16:57:31 | 00,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll

[2009/09/16 22:41:28 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll

[2009/09/13 23:05:44 | 00,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll

[2009/09/13 23:04:18 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/09/13 20:05:37 | 00,007,628 | ---- | C] () -- C:\Users\Família\AppData\Local\Resmon.ResmonCfg

[2009/09/13 18:45:32 | 00,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll

[2009/09/13 18:45:32 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll

[2009/09/13 18:45:32 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll

[2009/09/13 18:45:32 | 00,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

[2009/09/13 18:37:56 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2009/09/13 15:12:49 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/09/13 15:12:46 | 01,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009/09/13 15:12:46 | 00,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009/09/13 15:12:45 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009/09/13 15:12:44 | 00,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/09/13 15:12:44 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/13 13:59:20 | 00,110,472 | ---- | C] () -- C:\Users\Família\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/07/14 02:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2009/07/14 02:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 02:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 02:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 01:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini

[2009/07/13 23:35:42 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini

[2009/07/13 23:34:57 | 00,000,677 | ---- | C] () -- C:\Windows\win.ini

[2009/07/13 23:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2009/07/13 20:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2002/10/15 19:54:04 | 00,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2009/10/05 12:35:17 | 00,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Adobe

[2009/09/30 09:18:13 | 00,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Identities

[2009/10/05 12:35:19 | 00,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Macromedia

[2009/07/14 15:11:46 | 00,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Media Center Programs

[2009/09/30 11:30:29 | 00,000,000 | --SD | M] -- C:\Users\Convidado\AppData\Roaming\Microsoft

[2009/09/30 11:23:23 | 00,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Mozilla

[2009/09/30 09:18:37 | 00,000,000 | ---D | M] -- C:\Users\Convidado\AppData\Roaming\Nero

[2009/07/14 15:11:46 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs

[2009/07/14 00:20:08 | 00,000,000 | --SD | M] -- C:\Users\Default\AppData\Roaming\Microsoft

[2009/07/14 15:11:46 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs

[2009/07/14 00:20:08 | 00,000,000 | --SD | M] -- C:\Users\Default User\AppData\Roaming\Microsoft

[2009/09/13 14:35:00 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Adobe

[2009/10/18 18:38:02 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Audacity

[2009/11/24 22:56:30 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Free Download Manager

[2009/09/13 13:56:13 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Identities

[2009/09/13 18:48:15 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\InstallShield

[2009/11/19 19:44:10 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\IObit

[2009/09/13 19:45:30 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\LG Electronics

[2009/09/13 14:35:00 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Macromedia

[2009/11/19 23:03:40 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Malwarebytes

[2009/07/14 15:11:46 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Media Center Programs

[2009/09/13 15:35:05 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Media Player Classic

[2009/11/24 19:23:48 | 00,000,000 | --SD | M] -- C:\Users\Família\AppData\Roaming\Microsoft

[2009/11/20 10:53:58 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Mozilla

[2009/09/13 18:41:18 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Nero

[2009/10/02 13:30:01 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Netscape

[2009/10/02 14:54:51 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Photodex

[2009/09/27 21:12:27 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\Real

[2009/11/19 21:13:03 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\SUPERAntiSpyware.com

[2009/09/23 19:05:23 | 00,000,000 | ---D | M] -- C:\Users\Família\AppData\Roaming\WinRAR

[2009/07/14 15:11:46 | 00,000,000 | ---D | M] -- C:\Users\Usuário Padrão\AppData\Roaming\Media Center Programs

[2009/07/14 00:20:08 | 00,000,000 | --SD | M] -- C:\Users\Usuário Padrão\AppData\Roaming\Microsoft

[2009/11/25 17:26:34 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2009/11/19 07:54:07 | 00,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

O problema ainda persite afff q vírus da poxa

O q aconselha?? tentar outra coisa ou formatar logo de vez??

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 25, 2009

O arquivo hosts, você andou editando o mesmo?

você bloqueia acesso a determinados sites através do arquivo hosts?

Há também um adaware que é responsável pelas popups, que deveria ter sido removido pelo malwarebytes.

Caso você não use o arquivo hosts para impedir o acesso a determinados sites, use o HostsXpert. Em seguida, faça um novo scan com o Malwarebytes, mas antes de fazer este scan, feche o IE e o Firefox.

1.

*Baixe o HostsXpert, salve-o no desktop

*Extraia o seu conteúdo para o desktop e execute-o. Clique em > [Restore Microsoft's Hosts File]

2.

*Repita o scan do malwarebytes novamente com os navegadores fechados. Faça uma verificação completa, conforme descrevi antes.

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 25, 2009

não editei o arquivo Host e não bloqueio o acesso a determinados sites através do arquivo hosts.

Segue o log abaixo:

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2775

Windows 6.1.7600

25/11/2009 20:15:17

mbam-log-2009-11-25 (20-15-17).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 214588

Tempo decorrido: 27 minute(s), 49 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 3

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 25, 2009

OK...novo log do hijack.

O problema ainda persiste?

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 26, 2009

E o pior é que o problema ainda persiste...você tem alguma idéia do que seja??? Caso não tenha mais salvação, é só dizer q formato o PC.

Te agradeço de coração pela ajuda, vlw mesmo. Abração.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:44:47, on 25/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp2std.exe

C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\Users\FAMLIA~1\AppData\Local\Temp\Rar$EX00.855\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8616 bytes

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 26, 2009

Esqueça a questão de formatação.

1.

*Baixe o Avenger e extraia o conteúdo para o desktop

http://swandog46.geekstogo.com/avenger2/download.php

*Selecione e copie (Ctrl+C) todo o código abaixo:

Files to delete:
C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll

C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*Cole o relatório criado em C:\avenger.txt e novo log do hijack

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 26, 2009

Fiz tudo como você pediu, só que procurei em todos os locais e não encontrei o relatório criado pelo avenger, apenas encontrei um bloco de notas contendo isso:

Files to delete:

C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll

C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

Após isso utilizei o Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:03:46, on 26/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp2std.exe

C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\Users\FAMLIA~1\AppData\Local\Temp\Rar$EX00.700\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8616 bytes

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 26, 2009

Vamos usar outra metodologia.

1.

*Execute o hijack, clique em [Config] > [Misc Tools] > [Delete a File on Reboot] > copie e cole o arquivo abaixo:

C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll

*Clique em [Open] > [OK]

*Será solicitado se deseja reiniciar o PC. Clique em [NÃO]

*Repita o mesmo procedimento para os arquivos abaixo:

C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll
C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll

*Ao realizar o procedimento com o último arquivo, clique em [sIM] para reiniciar o PC.

2.

*Novo log do hijack

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 27, 2009

Fiz todo o procedimento, mas esse infeliz do vírus ou sei lá o que é ainda continua.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:31:19, on 26/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\vsnp2std.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp2std.exe

C:\Program Files (x86)\WinRAR\WinRAR.exe

C:\Users\FAMLIA~1\AppData\Local\Temp\Rar$EX00.978\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files (x86)\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files (x86)\Content Management Wizard\1.1.0.1820\CMWIE.dll (file missing)

O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files (x86)\Textual Content Provider\1.1.0.1380\TCPIE.dll (file missing)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Baixar com o FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8661 bytes

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 27, 2009

OK...vamos lá!

1.

*Delete o Avenger

2.

*Delete o OTL e seus relatórios: OTL.Txt e Extra.txt localizados no desktop

3.

*Delete o HostsXpert

4.

*Baixe o LopS&D e salve-o no desktop

*Instale o programa

*Um ícone será criado no desktop

*Desative temporariamente seu antivírus

*Duplo no ícone LopS&D.exe

*Selecione a linguagem (P para português) > Enter

*Tecle 1 > [Enter]

*Cole o relatório criado em C:\LopR.txt

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 27, 2009

Segue o relatório.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows 7 Ultimate ( v6.1.7600 )

x64-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )

BIOS : Default System BIOS

USER : Família ( Not Administrator ! )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:88 Go (Free:43 Go)

D:\ (Local Disk) - NTFS - Total:60 Go (Free:23 Go)

E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 27/11/2009| 9:25 )

[ UAC => 1 ]

--------------------\\ Lista de pastas em Local

[13/09/2009|18:40] C:\Users\FAMLIA~1\AppData\Local\Ahead

[29/10/2009|08:37] C:\Users\FAMLIA~1\AppData\Local\Apple

[03/11/2009|10:19] C:\Users\FAMLIA~1\AppData\Local\Apple Computer

[19/11/2009|11:15] C:\Users\FAMLIA~1\AppData\Local\Customized Platform Advancer

[13/09/2009|13:56] C:\Users\FAMLIA~1\AppData\Local\Dados de aplicativos

[29/09/2009|10:02] C:\Users\FAMLIA~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[28/10/2009|09:02] C:\Users\FAMLIA~1\AppData\Local\ElevatedDiagnostics

[18/09/2009|17:21] C:\Users\FAMLIA~1\AppData\Local\GDIPFONTCACHEV1.DAT

[13/09/2009|13:56] C:\Users\FAMLIA~1\AppData\Local\Hist¢rico

[19/11/2009|11:15] C:\Users\FAMLIA~1\AppData\Local\Internet Today

[19/11/2009|19:47] C:\Users\FAMLIA~1\AppData\Local\Microsoft

[01/10/2009|15:59] C:\Users\FAMLIA~1\AppData\Local\Microsoft Games

[13/09/2009|15:15] C:\Users\FAMLIA~1\AppData\Local\Microsoft Help

[13/09/2009|14:27] C:\Users\FAMLIA~1\AppData\Local\Mozilla

[19/09/2009|21:29] C:\Users\FAMLIA~1\AppData\Local\Real

[13/09/2009|20:10] C:\Users\FAMLIA~1\AppData\Local\Resmon.ResmonCfg

[21/09/2009|21:51] C:\Users\FAMLIA~1\AppData\Local\SPSS 15.0 para Windows

[27/11/2009|09:23] C:\Users\FAMLIA~1\AppData\Local\Temp

[13/09/2009|13:56] C:\Users\FAMLIA~1\AppData\Local\Temporary Internet Files

[19/11/2009|11:17] C:\Users\FAMLIA~1\AppData\Local\Textual Content Provider

[13/09/2009|13:56] C:\Users\FAMLIA~1\AppData\Local\VirtualStore

[19/11/2009|11:14] C:\Users\FAMLIA~1\AppData\Local\Web Search Operator

[26/09/2009|19:59] C:\Users\FAMLIA~1\AppData\Local\WinAVI

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

[27/11/2009 09:20][--ah-----] C:\Windows\tasks\SA.DAT

[19/11/2009 07:54][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Lista de pastas em C:\ProgramData

[29/10/2009|08:37] C:\ProgramData\Apple

[24/11/2009|21:38] C:\ProgramData\Apple Computer

[14/07/2009|02:08] C:\ProgramData\Application Data

[13/09/2009|13:55] C:\ProgramData\Dados de aplicativos

[14/07/2009|02:08] C:\ProgramData\Desktop

[13/09/2009|13:55] C:\ProgramData\Documentos

[14/07/2009|02:08] C:\ProgramData\Documents

[14/07/2009|02:08] C:\ProgramData\Favorites

[13/09/2009|13:55] C:\ProgramData\Favoritos

[13/09/2009|14:19] C:\ProgramData\FreeDownloadManager.ORG

[13/09/2009|18:48] C:\ProgramData\InstallShield

[20/11/2009|13:07] C:\ProgramData\is-HF9HF

[20/11/2009|13:12] C:\ProgramData\is-M2UIL

[23/09/2009|17:21] C:\ProgramData\KONAMI

[19/11/2009|23:03] C:\ProgramData\Malwarebytes

[13/09/2009|13:55] C:\ProgramData\Menu Iniciar

[04/10/2009|15:25] C:\ProgramData\Microsoft

[25/11/2009|20:15] C:\ProgramData\Microsoft Help

[13/09/2009|13:55] C:\ProgramData\Modelos

[13/09/2009|18:35] C:\ProgramData\Nero

[27/11/2009|09:20] C:\ProgramData\NVIDIA

[19/09/2009|21:29] C:\ProgramData\Real

[19/11/2009|19:46] C:\ProgramData\Spybot - Search & Destroy

[14/07/2009|02:08] C:\ProgramData\Start Menu

[19/11/2009|20:46] C:\ProgramData\SUPERAntiSpyware.com

[14/07/2009|02:08] C:\ProgramData\Templates

[16/09/2009|11:50] C:\ProgramData\Win7codecs

--------------------\\ Lista de pastas em C:\Program Files

[13/09/2009|14:24] C:\Program Files\Alwil Software

[13/09/2009|13:55] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[13/09/2009|13:55] C:\Program Files\Common Files

[14/07/2009|15:11] C:\Program Files\DVD Maker

[19/11/2009|15:57] C:\Program Files\Internet Explorer

[14/07/2009|15:11] C:\Program Files\Microsoft Games

[13/09/2009|15:15] C:\Program Files\Microsoft Office

[14/07/2009|02:32] C:\Program Files\MSBuild

[18/09/2009|16:47] C:\Program Files\Realtek

[14/07/2009|02:32] C:\Program Files\Reference Assemblies

[14/07/2009|02:09] C:\Program Files\Uninstall Information

[14/07/2009|14:55] C:\Program Files\Windows Defender

[14/07/2009|15:11] C:\Program Files\Windows Journal

[14/07/2009|14:55] C:\Program Files\Windows Mail

[19/11/2009|15:57] C:\Program Files\Windows Media Player

[13/09/2009|13:55] C:\Program Files\Windows NT

[14/07/2009|14:55] C:\Program Files\Windows Photo Viewer

[14/07/2009|02:32] C:\Program Files\Windows Portable Devices

[14/07/2009|14:55] C:\Program Files\Windows Sidebar

--------------------\\ Lista de pastas em C:\Program Files\Common Files

[19/11/2009|15:34] C:\Program Files\Common Files\Microsoft Shared

[14/07/2009|00:20] C:\Program Files\Common Files\Services

[13/09/2009|13:55] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[14/07/2009|00:20] C:\Program Files\Common Files\SpeechEngines

[14/07/2009|14:55] C:\Program Files\Common Files\System

--------------------\\ Process

( 14 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-27 09:25:49

Windows 6.1.7600 WOW64 NTFS

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\Users\FAMLIA~1\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_Nero8Crack.exe_86c13ad6a62fdb2ff

bbcb38d74275d20491821cc_cab_0f0ec8fa

C:\Users\FAMLIA~1\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_Nero8Crack.exe_86c13ad6a62fdb2ff

bbcb38d74275d20491821cc_cab_0f0ec8fa\Report.wer

C:\Users\FAMLIA~1\Downloads\usb_multiboot_10\USB_MultiBoot_10\MULTI_CONTENT\wintools\passwordcracking

C:\Users\FAMLIA~1\Downloads\usb_multiboot_10\USB_MultiBoot_10\MULTI_CONTENT\wintools\passwordcracking\keyfinder

[F:1535][D:39]-> C:\Users\FAMLIA~1\AppData\Local\Temp

[F:77][D:1]-> C:\Users\FAMLIA~1\AppData\Roaming\MICROS~1\Windows\Cookies

[F:848][D:5]-> C:\Users\FAMLIA~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:3][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 27/11/2009| 9:22 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 27/11/2009| 9:25 - Option : [1]

--------------------\\ Verificação completa em 9:25:58

[ UAC => 1 ]

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 27, 2009

Bom...vamos lá!!

Até agora não achei o responsável por estas páginas.

1.

*Vá na pasta do programa (C:\Lop S&D) e execute o arquivo uninstall.exe para a sua desinstalação.

*Ao término delete a pasta C:\Lop S&D

*Delete o arquivo C:\LopR.txt se ainda existir

2.

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Feche o Internet Explorer e o Windows Explorer

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

Compartilhar este post

Link para o post

Compartilhar em outros sites

jepeople 0

jepeople

Denunciar post

Postado Novembro 27, 2009

Ok amigo, fiz tudo q mandou, mas ao executar o combofix, apareceu a seguinte mensagem: "sistema operacional imcompativel. combofix apenas funciona em windows 2000 e XP"

Meu sistema operacional é o Seven 64 bits.

Não sei se vai ajudar, mas segue abaixo os sites que ficam abrindo toda hora.

hxxp://wixawin.funclub-brasil.com/pages/Default.aspx?lan=BR&tid=23&clickid=001SVR0000003qvgeN7HjYfcK8000000&subid=21043&ce_cid=001SVR0000003qvgeN7HjYfcK8000000

hxxp://www.adultfriendfinder.com/search/g1177217-pmo.subbr&ip=auto&no_click=1

hxxp://wixawin.funclub-brasil.com/br/ads/macair.aspx?clickid=002xtN0000003qvgeN7HjYfcMT000000&subid=21043&ce_cid=002xtN0000003qvgeN7HjYfcMT000000

hxxp://adserving.cpxinteractive.com/st?ad_type=iframe&ad_size=728x90&section=671539

hxxp://wixawin.funclub-brasil.com/br/iq/iq.aspx?clickid=002dpd0000003qvgeN7HjYfcQ2000000&subid=21043&ce_cid=002dpd0000003qvgeN7HjYfcQ2000000

hxxp://pub.iminent.com/pt/?ref=pub.neverblue.pt-BR.emoticons006.Y09M01&silent=true

hxxp://getiton.com/search/g920215.subsearchbr

hxxp://www.dicasdedieta.com.br/ws/acp?sp=550018&t=68006&uc=749b5a_5fce8_30_4b0ff1bd_bb291d1d_0_1_0

Abraços

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

wings

Denunciar post

Postado Novembro 27, 2009

OK...

Vamos continuar...

1.

*Delete o Combofix.

2.

*Siga o tutorial abaixo.

http://dicasetutoriaisparapc.blogspot.com/2009/05/tutorial-do-squared-web-malware-scanner.html

*Pode ser que o programa DAP necessite ser reinstalado

*Informe como está o PC após os procedimentos.

Compartilhar este post

Link para o post

Compartilhar em outros sites

Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)

- PHP+Codeigniter - Implementar o Input CÓDIGO ou ID do Produto
  
  Por violin101, 6 horas em PHP
- recuperando parametros simplexml_load_file
  
  Por daemon, Novembro 30 em PHP
- PHP+Codeigniter - Adicionar Registro Plano de Contas
  
  Por violin101, Novembro 20 em PHP

×

Fóruns
Tempo Real

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

Aceito