[Arquivado] &nbsp Possível infecção

[krika 0]

O meu computador está estranho e achei um aplicativo(rsuicide)que eu nunca havia visto antes, pode ser virus?

 

 

Segue log hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:42:34, on 18/4/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\devldr32.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\HIJACKTHIS\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [EPSON Stylus C67 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P33 "EPSON Stylus C67 Series (cópia 1)" /O6 "USB002" /M "Stylus C67"

O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB002" /M "Stylus C67"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A3B3AF-C608-467A-A10B-62D80C6AF660}: NameServer = 200.195.247.216,200.201.133.69

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 5728 bytes

[Sam Spade 2]

Olá krika! Baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Observe que isso significa que seus programas de proteção devem ser configurados para não inicializarem com o sistema.
  
• ATENÇÂO: Se o ComboFix detectar algum tipo de emulador de cd (Daemon Tools, Alcohol, etc), aparecerá um aviso de que o ComboFix precisa desabilitá-lo temporariamente. Dê o OK e o PC irá reiniciar.
  
  
• Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

[Mário Monteiro 179]

Reaberto a pedido do autor

 

Apos o novo log algum analista pode assumir o caso?

 

Abraços

[Sam Spade 2]

Ok, continuarei com ele.

[krika 0]

Olá, estou enviando um novo log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:53:29, on 5/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\devldr32.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HIJACKTHIS\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [EPSON Stylus C67 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P33 "EPSON Stylus C67 Series (cópia 1)" /O6 "USB002" /M "Stylus C67"

O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB002" /M "Stylus C67"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A3B3AF-C608-467A-A10B-62D80C6AF660}: NameServer = 200.195.247.216,200.201.133.69

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6241 bytes

[Sam Spade 2]

Ok, siga as instruções que passei sobre o uso do ComboFix.

[Sam Spade 2]

Olá, de acordo como lhe respondi na MP, era para ter seguido as instruções que dei acima, sobre como rodar o ComboFix. Estou repetindo aqui:

 

Baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções. Observe que isso significa que seus programas de proteção devem ser configurados para não inicializarem com o sistema.
  
• ATENÇÂO: Se o ComboFix detectar algum tipo de emulador de cd (Daemon Tools, Alcohol, etc), aparecerá um aviso de que o ComboFix precisa desabilitá-lo temporariamente. Dê o OK e o PC irá reiniciar.
  
  
• Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[krika 0]

Segue o log do COMBOFIX, sendo que embora você tenha dito que não podia mexer nem no mouse e nem no teclado, em todo o tempo tive que dar ok com o mouse numa mensagem que aparecia: O aplicativo ou a DLL C:\WINDOWS\system32\VDMDBG.DLL não é uma imagem válida para o Windows. Compare com o disco de instalação.

 

 

 

ComboFix 10-06-20.06 - Vinicius 21/06/2010 14:53:39.7.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.248 [GMT -3:00]

Executando de: c:\documents and settings\Vinicius\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Vinicius\Recent\Thumbs.db

c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_K10

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))

.

 

Nenhum ficheiro/arquivo criado durante este período

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-21 18:09 . 2008-08-24 19:26 -------- d-----w- c:\documents and settings\Vinicius\Dados de aplicativos\Orbit

2010-06-21 02:10 . 2005-09-26 20:57 -------- d-----w- c:\arquivos de programas\The Cleaner

2010-06-01 23:50 . 2010-04-07 23:37 439816 ----a-w- c:\documents and settings\Vinicius\Dados de aplicativos\Real\Update\setup3.10\setup.exe

2010-05-03 15:27 . 2005-11-07 00:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-04-30 00:37 . 2008-04-23 15:23 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-04-04 02:06 . 2005-09-26 22:35 1632 ----a-w- c:\windows\system32\d3d8caps.dat

2010-04-03 00:38 . 2010-04-03 00:38 54883699 ----a-w- C:\MSN85_com__patch+aMSN+YM.zip

2010-01-07 14:38 . 2010-01-07 14:38 60596304 ----a-w- c:\arquivos de programas\setup_9.0.0.722_07.01.2010_15-15.exe

2005-10-10 16:41 . 2005-10-17 17:40 65 -c--a-r- c:\arquivos de programas\amrun.ini

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-09-16 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2005-10-01 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-07 198160]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R0 36322172;36322172 Boot Guard Driver;c:\windows\system32\drivers\36322172.sys [7/1/2010 12:15 37392]

R0 44804132;44804132 Boot Guard Driver;c:\windows\system32\drivers\44804132.sys [8/1/2010 07:30 37392]

R0 63661392;63661392 Boot Guard Driver;c:\windows\system32\drivers\63661392.sys [7/1/2010 13:58 37392]

R0 93876632;93876632 Boot Guard Driver;c:\windows\system32\drivers\93876632.sys [7/1/2010 14:23 37392]

R0 95943152;95943152 Boot Guard Driver;c:\windows\system32\drivers\95943152.sys [8/1/2010 21:53 37392]

R1 36322171;36322171;c:\windows\system32\drivers\36322171.sys [7/1/2010 12:15 128016]

R1 44804131;44804131;c:\windows\system32\drivers\44804131.sys [8/1/2010 07:30 128016]

R1 63661391;63661391;c:\windows\system32\drivers\63661391.sys [7/1/2010 13:58 128016]

R1 93876631;93876631;c:\windows\system32\drivers\93876631.sys [7/1/2010 14:23 128016]

R1 95943151;95943151;c:\windows\system32\drivers\95943151.sys [8/1/2010 21:53 128016]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [4/11/2009 20:45 1858144]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [16/1/2010 22:33 108289]

S3 FUTUREX;FUTUREX;\??\f:\aida\aida32.sys --> f:\aida\aida32.sys [?]

S3 nnyckmw;nnyckmw;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]

S3 uteznjcy;AVZ Kernel Driver;c:\windows\system32\drivers\uteznjcy.sys [7/1/2010 16:08 7168]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-11-14 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-10-30 00:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ig.com.br/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: com.br\www.nppc-brasil

Trusted Zone: com.br\www.vendas-purina

TCP: {B4A3B3AF-C608-467A-A10B-62D80C6AF660} = 200.195.247.216,200.201.133.69

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Vinicius\Dados de aplicativos\Mozilla\Firefox\Profiles\lhpete9w.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.ig.com.br

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=

FF - component: c:\arquivos de programas\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-updateMgr - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

HKLM-Run-EPSON Stylus C67 Series (cópia 1) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

HKLM-Run-EPSON Stylus C67 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

MSConfigStartUp-MSMSGS - c:\arquivos de programas\Messenger\msmsgs.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-21 15:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nnyckmw]

"ImagePath"="\??\c:\windows\system32\01.tmp"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\devldr32.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-06-21 15:23:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-06-21 18:23

ComboFix2.txt 2010-01-12 17:29

 

Pré-execução: 111.005.696 bytes disponíveis

Pós execução: 244.822.016 bytes disponíveis

 

- - End Of File - - 398949E5645594FFBF38B4176DF9AF06

[Sam Spade 2]

Desculpe a demora, tive de viajar. Siga estas instruções:

 

Baixe Dr.WebCureIt e salve na sua área de trabalho:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Execute o arquivo drweb-cureit.exe, clique em Iniciar e deixe que ele faça uma verificação expressa no seu pc (express scan).
  
• Ele vai escanear os arquivos que estão rodando na memória e quando ele encontrar algo, clique no botão yes para permitir que ele recupere o arquivo infectado.(Esse é um exame rápido)
  
• Quando o scan rápido terminar, clique em Opções > Alterar Definições . Na aba Verificação desmarque a opção Análise Heurística e confirme.
  
• De volta à janela principal, marque os drives que você deseja examinar, clicando uma vez sobre a unidade desejada.
  
• Selecione todos. Um ponto vermelho vai indicar os drives selecionados.
  
• Clique na seta verde para iniciar o exame, conforme a imagem abaixo:

 

 

• Se ele perguntar se você deseja curar/mover o arquivo, clique em Sim para todos.
  
• Quando o exame terminar, observe se o ícone "objetos encontrados" está habilitado. ->
  
• Se estiver, clique nele e então clique no ícone logo abaixo e selecione Mover incuráveis, como mostra a imagem abaixo:

• Caso o programa não possa curá-los, ele irá movê-los para a pasta Quarentena, no diretório do DoctorWeb.
  
• Feito isto, vá no menu superior e clique na opção Ficheiros > Guardar listas de arquivos
  
• Salve a lista na sua área de trabalho. A lista será salva como DrWeb.csv
  
• Feche o programa
  
• Reinicie seu computador para que o programa termine de deletar/mover os arquivos que estavam sendo usados.

Depois que reiniciar:

 

Acesse o BitDefender.com, clique em I Agree e faça um scan online. Salve o resultado.

 

Na sua resposta cole o log do DrWebCureIt, juntamente com o resultado do scan online.

[krika 0]

Salvei o resaultado Dr Web no Desktop mas quando abri só veio isto:

 

 

RemoveWGA.exe C:\Documents and Settings\Vinicius\Desktop Tool.RemoveWGA Incurável.Movido.

 

 

 

QuickScan Beta 32-bit v0.9.9.23

-------------------------------

Scan date: Wed Aug 04 00:28:33 2010

Machine ID: FCAA32D6

 

 

 

Found 1 infected file!

----------------------

 

C:\WINDOWS\system32\drivers\UTEZNJCY.sys --> Rootkit.Bagle.K

--> HKLM\System\ControlSet002\Enum\Root\LEGACY_UTEZNJCY

--> HKLM\System\ControlSet002\services\uteznjcy\"ImagePath"

 

 

 

Processes

---------

<unsigned> a-squared 1212 C:\Arquivos de programas\a-squared Free\a2service.exe

<unsigned> AntiVir Desktop 1932 C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<unsigned> AntiVir Desktop 1236 C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

<unsigned> AntiVir Desktop 1120 C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

<unsigned> Kodak DC File System Driver (Win32) 1292 C:\WINDOWS\system32\drivers\KodakCCS.exe

<unsigned> Messenger 1996 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

<unsigned> PC Connectivity Solution 2144 C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

<unsigned> PC Connectivity Solution 2372 C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

<unsigned> PC Connectivity Solution 2316 C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

<unsigned> PC Suite 1988 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

<unsigned> QuickTime 1916 C:\Arquivos de programas\QuickTime\qttask.exe

 

<verified> Creative Ring3 NT Inteface 268 C:\WINDOWS\system32\devldr32.exe

<verified> Firefox 2532 C:\Arquivos de programas\Mozilla Firefox\firefox.exe

<verified> Java Platform SE 6 U2 1968 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

<verified> Microsoft® Windows® Operating System 2288 C:\WINDOWS\System32\alg.exe

<verified> Microsoft® Windows® Operating System 448 C:\WINDOWS\system32\csrss.exe

<verified> Microsoft® Windows® Operating System 528 C:\WINDOWS\system32\lsass.exe

<verified> Microsoft® Windows® Operating System 1072 C:\WINDOWS\system32\spoolsv.exe

<verified> Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 764 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 804 C:\WINDOWS\System32\svchost.exe

<verified> Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 960 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 992 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1428 C:\WINDOWS\system32\wdfmgr.exe

<verified> Microsoft® Windows® Operating System 2228 C:\WINDOWS\system32\wscntfy.exe

<verified> RealPlayer (32-bit) 1924 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

<verified> Sistema operacional Microsoft® Windows® 1840 C:\WINDOWS\Explorer.EXE

<verified> Sistema operacional Microsoft® Windows® 516 C:\WINDOWS\system32\services.exe

<verified> Sistema Operacional Microsoft® Windows® 400 C:\WINDOWS\System32\smss.exe

<verified> Sistema operacional Microsoft® Windows® 3128 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2580 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2588 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2596 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2604 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2612 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2620 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2628 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2636 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2644 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2652 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2660 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2668 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2676 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2684 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2692 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2700 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2708 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2716 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2724 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2732 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2740 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2748 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2756 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2764 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2772 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2780 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2788 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2796 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2804 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2812 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2844 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2852 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2860 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2868 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2876 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2884 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2892 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2900 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2908 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2916 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2924 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2932 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2940 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2948 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2972 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2980 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2988 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 2996 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3012 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3024 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3032 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3040 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3048 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3056 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3064 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3076 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3084 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3104 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3112 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 3120 C:\WINDOWS\system32\SNDVOL32.EXE

<verified> Sistema operacional Microsoft® Windows® 472 C:\WINDOWS\system32\winlogon.exe

 

 

Network activity

----------------

Process firefox.exe (2532) connected on port 80 (HTTP) --> crl.verisign.net

Process firefox.exe (2532) connected on port 80 (HTTP) --> 216.66.8.82

 

Process svchost.exe (764) listens on ports: 135 (RPC)

 

 

Autoruns and critical files

---------------------------

<unsigned> AntiVir Desktop C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<unsigned> Messenger C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

<unsigned> Nero BackItUp Scheduler C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

<unsigned> PC Suite C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

<unsigned> QuickTime C:\Arquivos de programas\QuickTime\qttask.exe

 

<verified> Adobe Acrobat C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

<verified> Adobe Reader and Acrobat Manager C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

<verified> Java Platform SE 6 U2 C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

<verified> RealPlayer (32-bit) C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\browseui.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\logonui.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\shell32.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\stobject.dll

<verified> Sistema operacional Microsoft® Windows® c:\windows\system32\userinit.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\webcheck.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll

<verified> Vantagens do Microsoft Original C:\WINDOWS\system32\KB905474\wgasetup.exe

 

 

Browser plugins

---------------

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin2.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin3.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin4.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin5.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin6.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin7.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin6.dll

<unsigned> QuickTime Plug-in 7.0.2 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin7.dll

<unsigned> RealJukebox NS Plugin C:\Arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

<unsigned> RealJukebox NS Plugin c:\arquivos de programas\real\realplayer\Netscape6\nprjplug.dll

<unsigned> RealPlayer Version Plugin C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

<unsigned> RealPlayer Version Plugin c:\arquivos de programas\real\realplayer\Netscape6\nprpjplug.dll

<unsigned> Seiko Epson Corporation Internet Printi C:\Arquivos de programas\Internet Explorer\plugins\NPIPRT32.DLL

 

<verified> AcroIEHelper Library c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelper.dll

<verified> AcroIEHelperShim Library c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelpershim.dll

<verified> Adobe Acrobat C:\Arquivos de programas\Internet Explorer\plugins\nppdf32.dll

<verified> Adobe Acrobat C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

<verified> BitDefender QuickScan C:\Documents and Settings\Vinicius\Dados de aplicativos\Mozilla\Firefox\Profiles\lhpete9w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

<verified> BitDefender QuickScan C:\Documents and Settings\Vinicius\Dados de aplicativos\Mozilla\Firefox\Profiles\lhpete9w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll

<verified> Mozilla Default Plug-in C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

<verified> Panda ActiveScan 2.0 C:\WINDOWS\Downloaded Program Files\as2stubie.dll

<verified> RealPlayer G2 LiveConnect-Enabled P C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

<verified> RealPlayer G2 LiveConnect-Enabled P c:\arquivos de programas\real\realplayer\Netscape6\nppl3260.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\shdocvw.dll

 

 

Scan

----

<unsigned> MD5: 0adfa052c927f2a214133e4df2ef5ab0 C:\Arquivos de programas\a-squared Free\a2service.exe

<unsigned> MD5: 371e7a4e9cb10bf49a53c5f3680544f6 C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

<unsigned> MD5: 7e3d9e781e7d2e099bd424b188fbc9aa C:\Arquivos de programas\Avira\AntiVir Desktop\aebb.dll

<unsigned> MD5: abbcb1867ad6c83615ef99220b25a3ad C:\Arquivos de programas\Avira\AntiVir Desktop\aecore.dll

<unsigned> MD5: 2364e3d43e8839ae6f47d4ca9ae05762 C:\Arquivos de programas\Avira\AntiVir Desktop\aeemu.dll

<unsigned> MD5: 9b9c4425584210ddce0ae2015a16f457 C:\Arquivos de programas\Avira\AntiVir Desktop\aegen.dll

<unsigned> MD5: 282ff189aa970391cf1b7544a1a8a383 C:\Arquivos de programas\Avira\AntiVir Desktop\aehelp.dll

<unsigned> MD5: afd564148aed1c6c126bb63d067e8d6f C:\Arquivos de programas\Avira\AntiVir Desktop\aeheur.dll

<unsigned> MD5: 76ae96973eecfa76a88264fd873e5b26 C:\Arquivos de programas\Avira\AntiVir Desktop\aeoffice.dll

<unsigned> MD5: 5854ebc0b3c7d3e9980cbabdab007e6f C:\Arquivos de programas\Avira\AntiVir Desktop\aepack.dll

<unsigned> MD5: c56e00c5335383893257c5b1c1334d9c C:\Arquivos de programas\Avira\AntiVir Desktop\aerdl.dll

<unsigned> MD5: f3a07c983a0ee71d150bcff15f6b40ec C:\Arquivos de programas\Avira\AntiVir Desktop\aesbx.dll

<unsigned> MD5: 2ee40bd646ae9e2aea3282f2c86a05ad C:\Arquivos de programas\Avira\AntiVir Desktop\aescn.dll

<unsigned> MD5: 8a471b46a195272b2f77bc30891a5221 C:\Arquivos de programas\Avira\AntiVir Desktop\aescript.dll

<unsigned> MD5: 100caaf3542fb51feca9c09db1cb940d C:\Arquivos de programas\Avira\AntiVir Desktop\aevdf.dll

<unsigned> MD5: 8c3372e134e788ccb190913075619948 C:\Arquivos de programas\Avira\AntiVir Desktop\avevtlog.dll

<unsigned> MD5: e6279db37754828a2f5016fdeea25a0f C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.dll

<unsigned> MD5: 29680a793f690eef4aaa68479d2a6df8 C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<unsigned> MD5: b8720a787c1223492e6f319465e996ce C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

<unsigned> MD5: 2013fba8166c3ef321f15917a4957b9f C:\Arquivos de programas\Avira\AntiVir Desktop\avipc.dll

<unsigned> MD5: fb8e5afbd9f99446888ed1df354ad28b C:\Arquivos de programas\Avira\AntiVir Desktop\avpref.dll

<unsigned> MD5: 6773f1370b793da385eb8b476595c103 C:\Arquivos de programas\Avira\AntiVir Desktop\ccgen.dll

<unsigned> MD5: 8dbc6f2f6f04003eed51744ef3a6539e C:\Arquivos de programas\Avira\AntiVir Desktop\ccgenrc.dll

<unsigned> MD5: 8ba9b411cf48d13115ebcb071c0463d3 C:\Arquivos de programas\Avira\AntiVir Desktop\ccgrdrc.dll

<unsigned> MD5: ce1fccfc91c0a14de738d03d252f87b1 C:\Arquivos de programas\Avira\AntiVir Desktop\ccguard.dll

<unsigned> MD5: 580d9dc5effbfef0b2a2186f947bf3ea C:\Arquivos de programas\Avira\AntiVir Desktop\cclib.dll

<unsigned> MD5: e77b57b521e5212f341338cc7c4adcdc C:\Arquivos de programas\Avira\AntiVir Desktop\cclic.dll

<unsigned> MD5: 3a37ce4877ec2c1d9b6650ac2958855a C:\Arquivos de programas\Avira\AntiVir Desktop\cclicrc.dll

<unsigned> MD5: 1d03cc5a2ee7204e7222405f71841fc2 C:\Arquivos de programas\Avira\AntiVir Desktop\ccmsg.dll

<unsigned> MD5: 2a13898f9aac250ead07c7267b16c49d C:\Arquivos de programas\Avira\AntiVir Desktop\ccupdate.dll

<unsigned> MD5: 7a62407e622d28df44ec3a7ab849a9c8 C:\Arquivos de programas\Avira\AntiVir Desktop\ccupdrc.dll

<unsigned> MD5: c1cfbd76fa002c045a01628c5c0276d2 C:\Arquivos de programas\Avira\AntiVir Desktop\guardmsg.dll

<unsigned> MD5: 9015bc03f62940527ec92d45ee89e46f C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

<unsigned> MD5: 6f4600130b890bc8559d05be9195e869 C:\Arquivos de programas\Avira\AntiVir Desktop\schedr.dll

<unsigned> MD5: 4dad5d05d96d57da36f61c40d3fb7241 C:\Arquivos de programas\Avira\AntiVir Desktop\smtplib.dll

<unsigned> MD5: 22064f0107f144acaa6bf444ebaca212 C:\Arquivos de programas\Avira\AntiVir Desktop\sqlite3.dll

<unsigned> MD5: 2c180a229601e45f523be5e7139aeef7 C:\Arquivos de programas\Internet Explorer\plugins\NPIPRT32.DLL

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin2.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin3.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin4.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin5.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin6.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin7.dll

<unsigned> MD5: 9db34817f3090cb308d2b9708585437b C:\Arquivos de programas\Mozilla Firefox\freebl3.dll

<unsigned> MD5: eb82fd83a2c2ed774aca5a129078df6b C:\Arquivos de programas\Mozilla Firefox\nssdbm3.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin6.dll

<unsigned> MD5: 37575a25798bedb9776fbbf13d367478 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin7.dll

<unsigned> MD5: dd33975dcfe8c020c07f6707f81a1d12 C:\Arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

<unsigned> MD5: 01f0264937036bd962563f1adf35ce72 C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

<unsigned> MD5: 8fb55d3243a7af029b6671996c2a6acc C:\Arquivos de programas\Mozilla Firefox\softokn3.dll

<unsigned> MD5: b6fad59c92d1381d986cd7368a5291f4 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll

<unsigned> MD5: cb3b04a1d5e1f32d5e38974b5e077ea6 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll

<unsigned> MD5: 75563ff603c40f0a5486750e0c486cc2 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSL.dll

<unsigned> MD5: dd14cdf45051a973b3311c53441ff330 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

<unsigned> MD5: c25f39fa2f2c02a7ca1d4a7606d487f4 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

<unsigned> MD5: 285a5075f1973e9beb8a12ee3641eea4 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\QtCore4.dll

<unsigned> MD5: 1ca1f99d167bb19f785f2d8582579cfb C:\Arquivos de programas\Nokia\Nokia PC Suite 7\QtGUI4.dll

<unsigned> MD5: c15230fc33b7fb9136c1f3fc93dd370c C:\Arquivos de programas\Nokia\Nokia PC Suite 7\QtNetwork4.dll

<unsigned> MD5: 958be76750b8b10750fb3de7419588c1 C:\Arquivos de programas\Nokia\Nokia PC Suite 7\QtSvg4.dll

<unsigned> MD5: b7ac803cf0df5ff872dd45d48bbbda6a C:\Arquivos de programas\Nokia\Nokia PC Suite 7\QtXml4.dll

<unsigned> MD5: 17bb6ffe018d0a4eb5610653cedca06c C:\Arquivos de programas\Nokia\Nokia PC Suite 7\Styles\NGLStyle.dll

<unsigned> MD5: c2fddf50807ed3013823cb418a44ca0c C:\Arquivos de programas\PC Connectivity Solution\ConfServer.dll

<unsigned> MD5: 60971d086ded56d49301f2f24f5b90f5 C:\Arquivos de programas\PC Connectivity Solution\ConnAPI.dll

<unsigned> MD5: 1ebf511ba4b1175b41ed321158826042 C:\Arquivos de programas\PC Connectivity Solution\DAAPI.dll

<unsigned> MD5: 4c1a99c311949f0dfdd92bdbae382f48 C:\Arquivos de programas\PC Connectivity Solution\PCCS_ABAPI.dll

<unsigned> MD5: c61bffb47784365cc0ca08780e443346 C:\Arquivos de programas\PC Connectivity Solution\PCCS_DBEngine.dll

<unsigned> MD5: 77faa749c34193f003f666d2e368a1f8 C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

<unsigned> MD5: f9f01df53db4fb1512959b896f03775f C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

<unsigned> MD5: e31ddc076a4c4b7df6aaed3a3f29b981 C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

<unsigned> MD5: 3e7d91f24d28c968b92c85c7e2882eed C:\Arquivos de programas\QuickTime\qttask.exe

<unsigned> MD5: d59112569b1e92c6e74e49d2f64dd48a C:\Arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

<unsigned> MD5: 84858a69b867e0087bfbcd20c07d8843 C:\Arquivos de programas\Real\RealPlayer\browserrecord\rpmainbrowserrecordplugin.dll

<unsigned> MD5: dd33975dcfe8c020c07f6707f81a1d12 c:\arquivos de programas\real\realplayer\Netscape6\nprjplug.dll

<unsigned> MD5: 01f0264937036bd962563f1adf35ce72 c:\arquivos de programas\real\realplayer\Netscape6\nprpjplug.dll

<unsigned> MD5: c9605533af5921ba586f19769a9f8a29 C:\Arquivos de programas\Windows Live\Messenger\msgsres.dll

<unsigned> MD5: 0c5266f76e7a16e71ca1ee154575a666 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

<unsigned> MD5: 9112c98090ed2914c44fb7616565848f C:\WINDOWS\System32\dot3svc.dll

<unsigned> MD5: 8fa5cdfa0d72befff5e9a36df50e13ec C:\WINDOWS\system32\drivers\AVGTDI.sys

<unsigned> MD5: 351735695e9ead93de6af85d8beb1ca8 C:\WINDOWS\system32\drivers\cdrbsdrv.sys

<unsigned> MD5: 6be1d6403727bdd8a2b2568dbe6bfb8b C:\WINDOWS\system32\drivers\CO_MON.sys

<unsigned> MD5: b1ad007f9a7dd8cfc981958d5c167d2d C:\WINDOWS\system32\DRIVERS\DcCam.sys

<unsigned> MD5: 5fd20284caaf112201311619ff89fa44 C:\WINDOWS\system32\DRIVERS\DcFpoint.sys

<unsigned> MD5: 867f7e6841b15d32481c3f1b83364e3a C:\WINDOWS\system32\drivers\dcfs2k.sys

<unsigned> MD5: 1b889ac45faf088ff2af690779368956 C:\WINDOWS\system32\DRIVERS\DcLps.sys

<unsigned> MD5: 47b1ccec23aec5ae6a2005d1a0d8ed65 C:\WINDOWS\system32\DRIVERS\DcPTP.sys

<unsigned> MD5: 20ff28fb3b268e7c76b10841a9f81ba4 C:\WINDOWS\system32\DRIVERS\exportit.sys

<unsigned> MD5: 4e1060d2f3b745931cf83b3649be8a57 C:\WINDOWS\system32\drivers\KodakCCS.exe

<unsigned> MD5: fd2041e9ba03db7764b2248f02475079 C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

<unsigned> MD5: b572ed0c3e6165643fa116af20425a54 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

<unsigned> MD5: e42f03d1081c4f60d3db6c38235b1456 C:\WINDOWS\system32\DRIVERS\ser2pl.sys

<unsigned> MD5: e266683fc95abdec17cd378564e1b54b C:\WINDOWS\system32\drivers\TVICHW32.sys

<unsigned> MD5: caad3467fbfae8a380f67e9c7150a85e C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

<unsigned> MD5: 524d8d450622db4a7875b111c299a76b C:\WINDOWS\system32\drivers\UTEZNJCY.sys

<unsigned> MD5: 729f76cd53af1685ca4c4c058519c58c C:\WINDOWS\system32\drivers\WUDFPF.sys

<unsigned> MD5: a2aafcc8a204736296d937c7c545b53f C:\WINDOWS\system32\DRIVERS\wudfrd.sys

<unsigned> MD5: 7aec176a5de912d440e3b37120e2e38f C:\WINDOWS\system32\E_FLMAAL.DLL

<unsigned> MD5: 5b9d556a93a49ce03e3b905f5fdfc680 C:\WINDOWS\system32\E_SL2346.DLL

<unsigned> MD5: 402ee8993f26d935bbfef62e1d1d1fb7 C:\WINDOWS\System32\eapsvc.dll

<unsigned> MD5: 6705d283ea00ad8cf13e1753a6803dbd C:\WINDOWS\System32\kmsvc.dll

<unsigned> MD5: cf0376023360aadd55c89ba50564afdc C:\WINDOWS\system32\mdimon.dll

<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\WINDOWS\system32\msvcp71.dll

<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\WINDOWS\system32\msvcr71.dll

<unsigned> MD5: 225d8c522b0637dfa3bc30c52755400f C:\WINDOWS\System32\qagentrt.dll

<unsigned> MD5: 58e13a2292839321d3cdc918d5a4f5ae C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

<unsigned> MD5: 6b2c6f8ebc8a52cb53978da7cc3e3c7d C:\WINDOWS\system32\WudfPlatform.dll

<unsigned> MD5: db5bf5aab72b1b99b5331231d09ebb26 C:\WINDOWS\system32\WudfSvc.dll

<unsigned> MD5: 3356df9145bc1ad45b43c528f9f7527c C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

<unsigned> MD5: acc5894fa46c5f218a68502b358eafae C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll

 

 

No file uploaded.

 

Scan finished - communication took 6 sec

Total traffic - 0.07 MB sent, 2.96 KB recvd

Scanned 982 files and modules - 355 seconds

 

==============================================================================

 

O Bitdefender que fica instalado na máquina, encontrou isto aqui:

 

 

C:\WINDOWS\system32\drivers\UTEZNJCY.sys - Rootkit.Bagle.K

[Mário Monteiro 179]

@krika postar postar um novo log do Hijackthis ?

 

Algum outro Moderador pode assumir este caso?

[Diogo R 0]

Olá krika

 

 

Acredito que você seja essa mesma usuária daqui:

 

http://www.guiadohardware.net/comunidade/virus-system32/1088783/1.html

 

Continue a solução por lá. Evite tal transtorno.

 

 

T+

[Felipe_88 0]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.