[Arquivado] spy banker

[zildo 0]

Postei meu primeiro topico no lugar errado!

Moderadores , por favor deletar o errado, peço desculpas

 

Toda hora fica aparecendo que o antivurs achou um cavalo de troia chamado spy.banker

aki esta o log do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 22:25:34, on 27/02/2010

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Windows\explorer.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio.sony-latin.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio.sony-latin.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [steam] C:\Program Files\Steam\Steam.exe -silent

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Microsoft Security Essential] "C:\Users\Zildo Maia\AppData\Local\Temp\msseces.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://www.websoftphone.com.br/maniabrinquedos/VaxSIPUserAgentCAB.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll,wbsys.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll

O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll (file missing)

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[wings 22]

Boa noite...

 

 

1.

*Você possui 2 antivírus. Escolha um e desinstale o outro.

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta.

[zildo 0]

Olá wings, agradeço sua atenção

Bem, fiz tudo que você pediu, anti-malware achou um trojan e removeu, porem os antivirus vivem detectando um trojan chamado spy.banKer na pasta Temp

Abaixo o relatorio:

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3811

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

02/03/2010 12:32:38

mbam-log-2010-03-02 (12-32-38).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 377120

Tempo decorrido: 3 hour(s), 38 minute(s), 0 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Users\Zildo Maia\backup\Programas SRF\IRPF2007\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

[wings 22]

1.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione o resultado abaixo e clique em [Restaurar]

 

C:\Users\Zildo Maia\backup\Programas SRF\IRPF2007\DARF32CBX.DLL (Trojan.Agent)

Trata-se de um falso positivo do Malwarebytes.

 

2.

*Faça o download e instale o CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

3.

*Desative seu antivírus temporariamente

 

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio > clique na opção "AntiVir Guard enable".

*Faça um scan online com o Kaspersky seguindo os passos abaixo e cole o resultado aqui no fórum.

 

[zildo 0]

Ok, irei fazer isso amanha, desculpe a demora, estava viajando. Amanha postarei os resultados

Por favor nao tranque o topico

abraços

[zildo 0]

Olá wings.

O CClean veio com todas as opcoes do windows marcadas , entao quando você diz : "Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos" é pra selecionar ou melhor desmarcar?

Ou você quer que o CClean verifique somente os dados prefech antigos?

abs, desculpe minha ignorancia

[wings 22]

Olá wings.

O CClean veio com todas as opcoes do windows marcadas , entao quando você diz : "Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos" é pra selecionar ou melhor desmarcar?

Ou você quer que o CClean verifique somente os dados prefech antigos?

abs, desculpe minha ignorancia

 

Não tem que se desculpar...:)

 

Fica a seu critério. Se desejar executar o CCleaner com as opções já marcadas, não há nenhum problema.

[zildo 0]

Segue abaixo o resultado do scan:

 

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, March 12, 2010

Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, March 11, 2010 22:43:58

Records in database: 3770284

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Objects scanned: 256251

Threats found: 3

Infected objects found: 6

Suspicious objects found: 0

Scan duration: 04:13:55

 

 

File name / Threat / Threats count

C:\Users\Zildo Maia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4a64c093-55464bbc Infected: Trojan-Downloader.Java.Agent.au 1

C:\Users\Zildo Maia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\58bf333d-7ffd1c85 Infected: Trojan-Downloader.Java.Agent.au 1

C:\Users\Zildo Maia\backup\Meus documentos\crossloopsetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

C:\Users\Zildo Maia\backup\Meus documentos\crossloopsetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1

C:\Users\Zildo Maia\backup\Meus documentos\crossloopsetup.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

C:\Users\Zildo Maia\backup\Meus documentos\crossloopsetup.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1

 

Selected area has been scanned.

[wings 22]

1.

* Clique em [iniciar] > [Painel de controle]

* Duplo clique no ícone Java

* Será mostrado o Java Control Panel (Painel de controle Java)

 

 

* Clique em [settings] (Configurações)

* A janela Temporary Files Settings (Configurações de arquivos temporários) será mostrada.

 

 

* Clique em Delete Files (Excluir arquivos)

* Selecione todas as opções e clique em em [OK]

 

 

2.

* Clique em [iniciar] > [Configurações] > [Painel de controle]

* Duplo clique no ícone Java Plug-in

* Clique na aba [Cache]

* Clique em Clear (Limpar)

* Clique em Yes (Sim)

* Clique em Apply (Aplicar)

 

 

O PC está limpo.

 

Um abraço.

[zildo 0]

2.

* Clique em [iniciar] > [Configurações] > [Painel de controle]

* Duplo clique no ícone Java Plug-in

* Clique na aba [Cache]

* Clique em Clear (Limpar)

* Clique em Yes (Sim)

* Clique em Apply (Aplicar)

 

Esse segundo passo não consigui fazer nao, pode explicar melhor? eu fui no painel de controle, achei o icone java mas qnd do um click aparece a janela do primeiro passo.

Meu windows é vista.

abs

[wings 22]

Não tem problema se não conseguiu .

 

 

Informe como está a máquina...e se o antivírus parou com os alertas.

[zildo 0]

Boa noite wings, desculpe a demora

Vamos la

Bem, O antivirus nao parou nao. ainda ocntinua informando o virus.

 

 

 

Abs.

[wings 22]

Possivelmente outro tipo de contaminação. Não há nada com a que você abriu o tópico.

 

 

Cole todo o caminho do arquivo referido pelo antivírus.

[zildo 0]

Pronto:

[wings 22]

*Baixe o OTL e salve-o no desktop

*Duplo clique em OTL.exe

*Selecione as opções abaixo:

 

[x] Scan All Users

[x[ Minimal Output

[x] Use Company Name WhiteList

[x] Skip Microsoft Files

[x] LOP Check

[x] Purity Check

*Clique em [Run Scan] e aguarde o término do processo

*Cole o relatório OTL.txt criado no desktop

[zildo 0]

Pronto:

 

 

OTL Extras logfile created on: 22/03/2010 22:11:38 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Zildo Maia\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141,17 Gb Total Space | 23,80 Gb Free Space | 16,86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ZILDOMAIA-PC

Current User Name: Zildo Maia

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3302735091-1507460180-92462062-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09FE1914-7BFF-47DA-92F1-0295FC30C58B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{2E227676-7933-4449-873B-AF6E62ABC18D}" = rport=138 | protocol=17 | dir=out | app=system |

"{50DF5AE9-839C-4BA2-8EB8-E3A202080D89}" = rport=139 | protocol=6 | dir=out | app=system |

"{704F6069-998E-4F9D-AC1E-73CE7D33F739}" = rport=137 | protocol=17 | dir=out | app=system |

"{7E11E1B2-506E-40EA-9E74-1F34A714E13C}" = rport=445 | protocol=6 | dir=out | app=system |

"{81AB679B-7156-4797-A7AF-D373F1A8CBBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8F3F2D98-8FFF-4B9D-AA29-2A2ADDACA8A5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9B57975A-B825-4C22-A281-EB4FDC256E87}" = lport=139 | protocol=6 | dir=in | app=system |

"{A296DBE4-E039-4A0D-BE01-FACCD811B662}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{D4566862-726B-42E6-92E3-5AF7B14C3E21}" = lport=138 | protocol=17 | dir=in | app=system |

"{E572E589-CF1A-47A8-A86A-05FF396C1538}" = lport=137 | protocol=17 | dir=in | app=system |

"{F3F32435-3AF6-4048-B002-173F06DD4FE9}" = lport=445 | protocol=6 | dir=in | app=system |

"{F4F3B053-1484-42EE-BAA4-BA523D108D38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08748DD5-5B4B-456E-A59C-F264A74E91E8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{0AEC6EF2-629F-463C-BEF1-E91CA445BD7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{0BCC6C3C-75C3-4884-B4C3-DBE98FAEF40A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{10D9A23D-E810-4A1E-BF66-01F73BD80982}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

"{177696A3-687E-424B-A425-6A5B70F3659C}" = protocol=6 | dir=in | app=c:\program files\megacubo\megacubo.exe |

"{179EA2F1-2426-4F24-B775-86A6E257D466}" = protocol=17 | dir=in | app=c:\users\zildo maia\appdata\local\temp\itouch-server-win.exe |

"{1F6E06DF-DA78-4797-877D-4E603FA429DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{2D537935-9058-42D8-BFAB-D09A67900B91}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3ED41491-FEF5-4ED1-827E-265802344F2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4E9FEA76-274B-4815-AF1B-10BF1423D711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{50BAE414-B2FE-47C6-B9C9-CC1DF1D24819}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{56F948DD-3F60-460B-A58A-57416294120B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{5F5396CF-1990-4F12-97D5-1A3A8DBB612A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{6AE6ADF2-3256-49DF-8136-AB766035A097}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{6F46D3FF-1ACF-492C-9CE0-A539B9172FF6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{776CA818-6B54-4791-A57D-5E97D1ABD66B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{8395B357-9F13-466C-B090-05B7E8F2AE83}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8CE952AE-96F7-4C11-B83A-62751BEDA25E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{916B0A95-A09C-460E-BF42-1C2FFE66006A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{948235CF-4DF7-4821-8380-1383A8653D08}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A3E1ACB7-FAC9-4D42-8354-96D4789D2FEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A5B835B1-F9E4-4444-A68B-46DA19E9796C}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

"{B7350BBB-EFE2-483C-96FD-87105E4ED4C4}" = protocol=17 | dir=in | app=c:\program files\megacubo\megacubo.exe |

"{C85E8870-ABCF-42D6-ADF2-45FC2983BFF1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{D1DC51AF-F222-4F38-A403-B4E006A46C66}" = protocol=6 | dir=in | app=c:\users\zildo maia\appdata\local\temp\itouch-server-win.exe |

"{DF86283E-3E69-4ED8-B8E3-BA7954B353F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E1D2FA88-D006-49C0-80DB-4AA446C3C5C1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{E422DCCD-434A-4BE4-9BAB-6DD89DF0BF0D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{FD656D6C-E6D5-48B0-B955-9A721AD031DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"TCP Query User{3916E3D7-9786-4D41-B563-0778EC364F3C}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{6EEE5DE5-00E0-4C80-ACB9-3FE4825566DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{82C88A84-BB57-45A7-BB78-A8106A0A9D12}C:\users\zildo maia\appdata\local\temp\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\users\zildo maia\appdata\local\temp\itouch-server-win.exe |

"TCP Query User{962EF497-045E-4F97-8FDF-D04B6292C83D}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"TCP Query User{A446C6A1-EF15-4F88-80B1-6BA58BFC06CB}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |

"TCP Query User{E8CD68E1-3902-4871-BE0A-54263BD4B1A1}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |

"TCP Query User{FE470961-3D9E-4575-990B-37DEF5EB7290}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

"UDP Query User{5030AB04-D4CB-49B6-8433-B36BB11E4D7F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{73FB34F5-08F5-498A-A0EA-18D01F256131}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |

"UDP Query User{87937C62-B2BC-451E-AAB1-39B5D857335E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

"UDP Query User{D39C5C40-67F0-49B7-9DB5-BC01451F448E}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"UDP Query User{D3B871A3-C966-43C6-9253-F89579756A72}C:\users\zildo maia\appdata\local\temp\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\users\zildo maia\appdata\local\temp\itouch-server-win.exe |

"UDP Query User{E6F56755-DEB6-4F43-BA23-BACB0938B5BE}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |

"UDP Query User{E86D7036-FAC0-402E-9573-6A6BF1702F6F}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{24F3CA05-14C6-4D1D-BED8-6E4F61EF1B0E}" = Windows Live Movie Maker

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13

"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =

"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar

"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer

"{963B65F9-89C7-48BB-8E40-E7583DEC7C8D}" = SonicStage Mastering Studio

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins

"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{A0C0F6A4-6278-42CD-AA12-E75007240539}_is1" = PathFull 3.0

"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1046-7B44-A91000000001}" = Adobe Reader 9.1 - Português

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AF2F1CD9-9842-4F03-B06B-7396561468FF}" = VAIO Help and Support

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}" = Conquer 2.0

"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo

"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc

"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story

"{D2CE03FF-F1EB-4C78-907E-5F034DAC4F1E}" = VAIO OOBE and Welcome Center

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus

"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari

"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager

"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset

"{EE5B6291-45EF-4705-A20E-89A3C5D2F87E}" = Microsoft Works

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =

"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates

"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AMCap" = AMCap

"AVG8Uninstall" = AVG Free 8.5

"AviSynth" = AviSynth 2.5

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Fraps" = Fraps

"Free AVI to 3GP Converter_is1" = Free AVI to 3GP Converter 3.0

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00

"InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo

"IRPF2008 - Declaração de Ajuste Anual" = IRPF2008 - Declaração de Ajuste Anual

"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)

"PokerStars.net" = PokerStars.net

"PremElem40" = Adobe Premiere Elements 4.0

"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates

"RealPlayer 6.0" = RealPlayer

"Receitanet" = Receitanet 2010

"Receitanet Java 2010.02" = Receitanet Java 2010.02

"Revo Uninstaller" = Revo Uninstaller 1.80

"SopCast" = SopCast 3.0.3

"Steam" = Steam

"VideoPad" = VideoPad Video Editor

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WinXMedia AVI/WMV 3GP Converter" = WinXMedia AVI/WMV 3GP Converter 3.15

"XP Codec Pack" = XP Codec Pack

"Yahoo! Companion" = Barra de Ferramentas do Yahoo!

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3302735091-1507460180-92462062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05/03/2010 16:58:59 | Computer Name = ZildoMaia-PC | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.6001.18385, carimbo

de data/hora 0x4b2b560f, módulo com falha unknown, versão 0.0.0.0, carimbo de data/hora

0x00000000, código de exceção 0xc0000005, deslocamento com falha 0x033c0e50, identificação

do processo 0x1488, hora de início do aplicativo 0x01cabca5e8cac9a2.

 

Error - 06/03/2010 06:04:25 | Computer Name = ZildoMaia-PC | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

 

Error - 06/03/2010 06:05:20 | Computer Name = ZildoMaia-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 06/03/2010 06:27:05 | Computer Name = ZildoMaia-PC | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 7.0.6001.18385, carimbo

de data/hora 0x4b2b560f, módulo com falha unknown, versão 0.0.0.0, carimbo de data/hora

0x00000000, código de exceção 0xc0000005, deslocamento com falha 0x03b80e50, identificação

do processo 0x1360, hora de início do aplicativo 0x01cabd1705efe7ca.

 

Error - 06/03/2010 17:00:42 | Computer Name = ZildoMaia-PC | Source = Application Hang | ID = 1002

Description = O programa iexplore.exe versão 7.0.6001.18385 parou de interagir com

o Windows e foi fechado. Para saber se há mais informações disponíveis sobre o

problema, verifique o histórico do problema no painel de controle Relatórios de

Problemas e Soluções. ID do Processo: 1048 Hora de Início: 01cabd6fff2fb2c0 Hora de

Término: 7

 

Error - 06/03/2010 22:22:25 | Computer Name = ZildoMaia-PC | Source = WindowsLiveMessenger | ID = 15728647

Description =

 

Error - 06/03/2010 23:03:11 | Computer Name = ZildoMaia-PC | Source = Application Hang | ID = 1002

Description = O programa firefox.exe versão 1.9.1.3685 parou de interagir com o

Windows e foi fechado. Para saber se há mais informações disponíveis sobre o problema,

verifique o histórico do problema no painel de controle Relatórios de Problemas

e Soluções. ID do Processo: 7c4 Hora de Início: 01cabda09f913880 Hora de Término:

15

 

Error - 07/03/2010 12:50:43 | Computer Name = ZildoMaia-PC | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

 

Error - 07/03/2010 12:51:42 | Computer Name = ZildoMaia-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 07/03/2010 23:37:20 | Computer Name = ZildoMaia-PC | Source = Application Hang | ID = 1002

Description = O programa firefox.exe versão 1.9.1.3685 parou de interagir com o

Windows e foi fechado. Para saber se há mais informações disponíveis sobre o problema,

verifique o histórico do problema no painel de controle Relatórios de Problemas

e Soluções. ID do Processo: 420 Hora de Início: 01cabe4f1de0c0f8 Hora de Término:

16

 

[ OSession Events ]

Error - 22/04/2009 08:52:07 | Computer Name = ZildoMaia-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 268

seconds with 60 seconds of active time. This session ended with a crash.

 

Error - 29/08/2009 20:10:42 | Computer Name = ZildoMaia-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 381

seconds with 120 seconds of active time. This session ended with a crash.

 

Error - 03/12/2009 11:50:18 | Computer Name = ZildoMaia-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86

seconds with 60 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 17/03/2010 19:59:04 | Computer Name = ZildoMaia-PC | Source = Dhcp | ID = 1002

Description = A concessão 192.168.1.12 do endereço IP para a Placa de Rede com endereço

de rede 001F3AF4B6E0 foi negada pelo servidor DHCP 0.0.0.0 (O servidor DHCP enviou

uma mensagem DHCPNACK).

 

Error - 17/03/2010 19:59:36 | Computer Name = ZildoMaia-PC | Source = DCOM | ID = 10010

Description =

 

Error - 18/03/2010 09:58:15 | Computer Name = ZildoMaia-PC | Source = HTTP | ID = 15016

Description =

 

Error - 18/03/2010 09:59:45 | Computer Name = ZildoMaia-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 20/03/2010 11:40:14 | Computer Name = ZildoMaia-PC | Source = Server | ID = 2505

Description = O servidor não pôde ligar-se com o transporte \Device\NetbiosSmb porque

outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

 

Error - 20/03/2010 14:19:27 | Computer Name = ZildoMaia-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 21/03/2010 12:09:55 | Computer Name = ZildoMaia-PC | Source = HTTP | ID = 15016

Description =

 

Error - 21/03/2010 12:11:21 | Computer Name = ZildoMaia-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 22/03/2010 08:00:24 | Computer Name = ZildoMaia-PC | Source = HTTP | ID = 15016

Description =

 

Error - 22/03/2010 08:01:51 | Computer Name = ZildoMaia-PC | Source = Service Control Manager | ID = 7000

Description =

 

 

< End of report >

[wings 22]

1.

*Delete o OTL e seus relatórios.

 

Não vejo nada de anormal.

 

*******************************

 

Quando aparece esse alerta?

 

Só quando faz scan com o AVG?

 

Você possui o Avira instalado....ele acusa algo também?

 

Qual a versão do seu Windows?

[zildo 0]

Cara, aparece todo dia do nada.

Não tenho mais avira instalado, deletei. Estou apenas com o AVG, o avira tambem detectava esse virus :S

abs

[wings 22]

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.