[Resolvido!] Vírus no PC

[yahooofox 0]

Estou com esse virus ja faz meses, ja fiz de tudo pra remover e nada instalei inumeros anti virus e spywares e nada.

 

Já olhei os pots daqui achei alguns parecidos mais não identicos.

 

O problema é no meu navegador ie8 ou qualquer seja o navegador padrão, ele abre varias paginas sem parar e quando para fica atualizando a pagina volta para o home do navegador não sei mais o que fazer. por favor alguem da uma força ae

 

desde ja agradeço

 

segue o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:50:36, on 5/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\UnsignedThemesSvc.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\hijack2.2\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\UnsignedThemesSvc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 3697 bytes

[wings 22]

Bom dia....

 

 

1.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[yahooofox 0]

Boa tarde

 

segue o log:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4073

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

6/5/2010 15:35:26

mbam-log-2010-05-06 (15-35-26).txt

 

Tipo de Verificação: Verificação Completa (C:\|E:\|)

Objetos escaneados: 248753

Tempo decorrido: 1 hora(s), 12 minuto(s), 36 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

E:\Programas\Validar windows xp\update_xp_cd_key.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.

[wings 22]

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Kaspersky no canto inferior da tela > Selecione "Disable monitoring"

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[yahooofox 0]

Boa tarde

 

segue o log do combofix:

 

ComboFix 10-05-05.0D - Rafa 06/05/2010 16:35:13.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2302.1727 [GMT -3:00]

Executando de: I:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

Os seguintes arquivos/ficheiros foram desabilitados durante a execução:

C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))

.

 

2010-05-06 17:20:21 . 2010-04-29 18:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-05-06 17:20:18 . 2010-04-29 18:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-05-06 04:44:13 . 2008-02-07 20:10:11 -------- d-----w- C:\ckis

2010-05-06 02:05:34 . 2010-05-06 02:05:34 -------- d-----w- C:\Arquivos de programas\Ashampoo

2010-05-05 22:46:05 . 2010-05-05 22:50:46 -------- d-----w- C:\hijack2.2

2010-05-05 20:57:09 . 2008-06-11 00:22:52 81288 ----a-w- C:\WINDOWS\system32\drivers\iksyssec.sys

2010-05-05 20:57:09 . 2008-06-02 18:19:24 29576 ----a-w- C:\WINDOWS\system32\drivers\kcom.sys

2010-05-05 20:57:09 . 2008-06-02 18:19:16 66952 ----a-w- C:\WINDOWS\system32\drivers\iksysflt.sys

2010-05-05 20:57:09 . 2008-06-02 18:19:12 42376 ----a-w- C:\WINDOWS\system32\drivers\ikfilesec.sys

2010-05-05 20:56:56 . 2010-05-06 19:28:34 -------- d-----w- C:\Arquivos de programas\Spyware Doctor

2010-05-05 20:56:56 . 2010-05-05 20:56:56 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\PC Tools

2010-05-05 20:45:05 . 2010-05-05 20:45:06 -------- d-----w- C:\WINDOWS\system32\%DataFolder%

2010-05-05 18:31:15 . 2010-05-05 18:33:11 4212 ---h--w- C:\WINDOWS\system32\zllictbl.dat

2010-05-05 18:31:03 . 2007-03-09 03:02:00 75512 ----a-w- C:\WINDOWS\zllsputility.exe

2010-05-05 18:31:03 . 2004-04-27 07:40:52 11264 ----a-w- C:\WINDOWS\system32\SpOrder.dll

2010-05-03 22:09:59 . 2010-05-03 22:09:59 -------- d-----w- C:\Documents and Settings\Rafa\DoctorWeb

2010-05-03 02:47:56 . 2010-05-03 02:47:56 -------- d-----w- C:\Documents and Settings\Administrador.ITAUTEC.002\DoctorWeb

2010-05-03 02:46:21 . 2010-05-03 02:46:21 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.002\PrivacIE

2010-05-03 02:46:09 . 2010-05-03 02:46:09 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.002\IETldCache

2010-05-03 02:14:00 . 2010-05-03 02:14:00 -------- d-----w- C:\Documents and Settings\Administrador.ITAUTEC.001\DoctorWeb

2010-05-03 02:13:20 . 2010-05-03 02:13:20 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.001\PrivacIE

2010-05-03 02:12:23 . 2010-05-03 02:12:23 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.001\IETldCache

2010-05-03 00:59:03 . 2010-05-03 00:59:03 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Malwarebytes

2010-05-03 00:58:36 . 2010-05-03 00:58:36 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2010-05-03 00:58:35 . 2010-05-06 17:20:25 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-05-02 23:38:29 . 2010-05-02 23:38:29 1152 ----a-w- C:\WINDOWS\system32\windrv.sys

2010-05-02 23:33:35 . 2010-05-02 23:38:20 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\GetRightToGo

2010-05-02 21:25:06 . 2009-10-10 02:31:10 315408 ----a-w- C:\WINDOWS\system32\drivers\9747924.sys

2010-05-02 21:25:06 . 2009-09-25 20:59:42 128016 ----a-w- C:\WINDOWS\system32\drivers\97479241.sys

2010-05-02 17:59:25 . 2010-05-02 17:59:25 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2010-05-02 17:52:49 . 2010-05-02 17:58:00 -------- d-s---w- C:\Documents and Settings\Administrador.ITAUTEC

2010-05-01 20:32:46 . 2010-05-02 17:58:13 -------- d-----w- C:\Arquivos de programas\3D Billiards

2010-05-01 11:28:39 . 2010-05-01 11:28:39 635 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386\ForDiff\fa.avc.sys

2010-04-30 16:51:51 . 2010-05-06 18:04:18 -------- d-----w- C:\Arquivos de programas\PokerStars.NET

2010-04-29 02:55:46 . 2010-04-29 02:55:46 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\fltk.org

2010-04-28 19:40:39 . 2010-04-28 19:40:39 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\DivX

2010-04-27 16:05:30 . 2010-04-27 16:05:55 -------- d-----w- C:\Arquivos de programas\StarCodec

2010-04-23 21:56:40 . 2010-04-23 21:56:00 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2010-04-23 21:15:24 . 2010-04-23 21:15:25 -------- d-----w- C:\Arquivos de programas\Avanquest update

2010-04-23 21:15:24 . 2010-04-23 21:15:24 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\BVRP Software

2010-04-23 21:14:43 . 2010-04-23 21:14:43 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Sony Ericsson

2010-04-23 21:14:43 . 2010-04-23 21:14:43 -------- d-----w- C:\Arquivos de programas\Sony Ericsson

2010-04-23 21:14:13 . 2010-04-23 21:14:13 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\InstallShield

2010-04-21 21:38:56 . 2010-04-21 21:44:35 -------- d-----w- C:\Arquivos de programas\eMule

2010-04-21 19:58:36 . 2010-04-21 21:34:57 -------- d-----w- C:\Arquivos de programas\DreaMule

2010-04-19 15:31:54 . 2010-04-19 15:31:54 427 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\as\pas\ForDiff\as.trm.com

2010-04-18 23:18:32 . 2010-04-18 23:23:50 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\LimeWire

2010-04-18 17:51:58 . 2010-04-18 17:51:59 -------- d-----w- C:\Arquivos de programas\SystemRequirementsLab

2010-04-18 17:51:50 . 2010-04-28 21:46:13 -------- d-----w- C:\Documents and Settings\Rafa\SystemRequirementsLab

2010-04-16 19:22:22 . 2010-04-16 19:22:22 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2010-04-16 19:22:20 . 2010-04-16 19:22:22 -------- d-----w- C:\Arquivos de programas\UltraISO

2010-04-11 21:26:54 . 2010-04-11 21:27:02 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Media Player Classic

2010-04-10 16:09:26 . 2010-04-10 16:10:50 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Nero

2010-04-10 14:37:47 . 2010-04-10 14:41:42 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2010-04-07 18:29:48 . 2010-04-07 18:46:19 720896 ----a-w- C:\WINDOWS\iun6002ev.exe

2010-04-06 22:50:42 . 2004-08-18 08:34:07 442368 ----a-r- C:\WINDOWS\system32\vp6vfw.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-06 19:46:17 . 2010-04-03 20:43:55 19744 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat

2010-05-06 19:46:16 . 2010-04-03 20:43:55 32 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx

2010-05-06 19:42:18 . 2010-04-03 20:43:55 803360 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat

2010-05-06 19:42:18 . 2010-04-03 20:43:55 60872 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx

2010-05-06 19:32:31 . 2010-04-02 21:24:09 -------- d---a-w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2010-05-06 19:31:27 . 2010-04-03 20:43:55 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab

2010-05-05 18:30:47 . 2010-05-05 18:30:47 -------- d-----w- C:\Arquivos de programas\Zone Labs

2010-05-05 18:28:00 . 2001-10-28 18:07:18 83186 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-05-05 18:28:00 . 2001-10-28 18:07:18 477468 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-05-05 15:10:59 . 2010-04-03 20:44:40 97549 ----a-w- C:\WINDOWS\system32\drivers\klick.dat

2010-05-05 15:10:59 . 2010-04-03 20:44:40 113933 ----a-w- C:\WINDOWS\system32\drivers\klin.dat

2010-05-02 15:36:04 . 2010-01-26 20:39:02 -------- d-----w- C:\Arquivos de programas\SpywareBlaster

2010-04-23 21:57:46 . 2010-03-13 19:45:12 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Java

2010-04-23 21:15:24 . 2010-01-09 16:56:00 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2010-04-22 20:05:39 . 2010-04-03 21:03:13 -------- d-----w- C:\Arquivos de programas\Java

2010-04-19 19:34:44 . 2010-01-09 17:21:58 -------- d-----w- C:\Arquivos de programas\Glary Utilities

2010-04-16 18:24:21 . 2010-04-05 18:19:26 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-16 18:24:17 . 2010-04-05 18:19:26 -------- d-----w- C:\Arquivos de programas\SUPERAntiSpyware

2010-04-16 13:46:45 . 2010-04-04 15:54:26 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft Help

2010-04-08 23:18:27 . 2010-04-03 21:04:00 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\GanymedeNet

2010-04-08 23:18:04 . 2010-01-11 23:10:06 -------- d-----w- C:\Arquivos de programas\Ganymede

2010-04-06 16:40:36 . 2010-04-06 16:16:07 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\DAEMON Tools Lite

2010-04-06 16:17:32 . 2010-04-06 16:16:26 -------- d-----w- C:\Arquivos de programas\DAEMON Tools Lite

2010-04-06 16:17:32 . 2010-03-29 19:22:00 -------- d-----w- C:\Arquivos de programas\DAEMON Tools Toolbar

2010-04-06 16:16:39 . 2010-04-06 16:16:39 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2010-04-06 16:16:09 . 2010-04-06 16:16:01 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\DAEMON Tools Lite

2010-04-05 18:19:58 . 2010-04-05 18:19:58 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-04 19:59:45 . 2010-04-04 19:59:29 -------- d-----w- C:\Arquivos de programas\RocketDock

2010-04-04 16:00:31 . 2010-04-04 16:00:31 -------- d-----w- C:\Arquivos de programas\Microsoft.NET

2010-04-04 15:56:49 . 2010-04-04 15:56:47 -------- d-----w- C:\Arquivos de programas\Microsoft Visual Studio 8

2010-04-03 23:52:27 . 2010-04-03 23:52:27 503808 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6856f775-n\msvcp71.dll

2010-04-03 23:52:27 . 2010-04-03 23:52:27 499712 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6856f775-n\jmc.dll

2010-04-03 23:52:27 . 2010-04-03 23:52:27 348160 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6856f775-n\msvcr71.dll

2010-04-03 23:52:19 . 2010-04-03 23:52:19 61440 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e79c0cb-n\decora-sse.dll

2010-04-03 23:52:19 . 2010-04-03 23:52:19 12800 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e79c0cb-n\decora-d3d.dll

2010-04-03 21:05:14 . 2010-04-03 21:05:14 54272 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\GanymedeNet\Online Games\Common\ielauncher.exe

2010-04-03 21:04:01 . 2010-04-03 21:04:01 4 ----a-w- C:\WINDOWS\system32\proc-322085784.bin

2010-04-03 20:43:55 . 2010-04-03 20:43:55 -------- d-----w- C:\Arquivos de programas\Kaspersky Lab

2010-04-03 20:43:09 . 2010-04-03 20:43:09 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-03 18:03:15 . 2010-01-13 13:24:23 -------- d-----w- C:\Arquivos de programas\Windows Desktop Search

2010-04-03 03:40:26 . 2010-04-03 03:40:26 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Windows Desktop Search

2010-04-02 23:50:50 . 2010-01-09 17:21:36 -------- d-----w- C:\Arquivos de programas\IObit

2010-04-02 23:50:11 . 2010-04-02 23:50:11 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\GlarySoft

2010-04-02 23:49:10 . 2010-01-13 22:26:07 -------- d-----w- C:\Arquivos de programas\ESET

2010-04-02 23:48:56 . 2010-01-22 21:05:30 -------- d-----w- C:\Arquivos de programas\DsNET Corp

2010-04-02 23:45:41 . 2010-02-25 15:36:33 -------- d-----w- C:\Arquivos de programas\Gabest

2010-04-02 23:40:52 . 2010-01-09 20:33:46 -------- d-----w- C:\Arquivos de programas\Real Alternative

2010-04-02 22:02:13 . 2010-04-02 22:02:13 0 ----a-w- C:\WINDOWS\nsreg.dat

2010-04-02 21:22:52 . 2010-04-02 21:22:52 -------- d-----w- C:\Arquivos de programas\VIA

2010-04-02 21:22:22 . 2010-04-02 21:22:22 17801 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys

2010-04-02 20:04:45 . 2010-04-02 20:04:23 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat

2010-04-02 20:01:31 . 2010-04-02 20:01:31 21844 ----a-w- C:\WINDOWS\system32\emptyregdb.dat

2010-04-02 19:16:44 . 2010-01-20 19:04:16 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Ahead

2010-04-02 18:52:21 . 2010-04-02 18:21:00 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Nero

2010-04-02 17:11:51 . 2010-04-02 17:11:51 -------- d-----w- C:\Arquivos de programas\Rockstar Games

2010-04-02 16:18:42 . 2010-04-02 16:10:28 -------- d-----w- C:\Arquivos de programas\Unlocker

2010-04-02 16:18:18 . 2010-01-09 20:31:33 -------- d-----w- C:\Arquivos de programas\Windows Media Connect 2

2010-03-29 19:49:46 . 2010-03-29 19:49:35 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2010-03-10 06:16:48 . 2008-04-13 22:20:42 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll

2010-02-26 05:42:28 . 2010-02-26 05:42:28 81920 ------w- C:\WINDOWS\system32\ieencode.dll

2010-02-25 06:17:52 . 2008-04-13 22:20:44 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2010-02-24 13:11:07 . 2008-04-13 15:17:02 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2010-02-19 19:02:47 . 2010-03-28 16:11:44 38784 ----a-w- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-19 19:02:47 . 2010-01-22 20:25:25 38784 ----a-w- C:\Documents and Settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-16 19:07:12 . 2008-04-13 22:00:36 2150400 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe

2010-02-16 19:07:12 . 2008-04-13 19:00:52 2028544 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe

2010-02-12 04:34:55 . 2008-04-13 22:20:24 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll

2010-02-11 12:02:15 . 2008-04-13 15:00:04 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys

2008-03-09 09:25:10 . 2010-01-09 20:29:45 236 ---ha-w- C:\Arquivos de programas\Arquivos comuns\dx.reg

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:20:56 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2007-07-05 12:42:00 53248]

"S3Trayp"="S3trayp.exe" [2007-07-05 12:42:00 176128]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-03-09 02:52:49 15872]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040]

"'Ashampoo AntiSpyWare 2 Guard'"="C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-09-08 14:09:16 2349912]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 21:36:14 227856]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:20:56 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 01:41:34 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\All Users.WINDOWS\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R1 97479241;97479241;C:\WINDOWS\system32\drivers\97479241.sys [2/5/2010 18:25:06 128016]

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [5/5/2010 23:05:42 749400]

R2 UnsignedThemes;Unsigned Themes;C:\WINDOWS\UnsignedThemesSvc.exe [13/7/2009 01:07:48 21096]

R2 uxpatch;uxpatch;C:\WINDOWS\system32\drivers\uxpatch.sys [13/7/2009 01:07:46 25448]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [13/12/2007 13:28:40 24592]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [5/5/2010 17:57:01 356920]

S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [6/4/2010 13:16:39 691696]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mchInjDrv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-05 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2010-04-02 23:42:36 . 2006-09-12 20:49:00]

 

2010-05-04 C:\WINDOWS\Tasks\AwcProUpdate.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe [2010-04-02 23:42:36 . 2006-10-10 15:57:38]

 

2010-05-06 C:\WINDOWS\Tasks\GlaryInitialize.job

- C:\Arquivos de programas\Glary Utilities\initialize.exe [2010-01-09 17:21:59 . 2008-04-09 16:22:50]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mStart Page = about:blank

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - C:\Documents and Settings\Rafa\Dados de aplicativos\Mozilla\Firefox\Profiles\o3d80e8w.default\

FF - plugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPBOARDS.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPMAKAOV2.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

[wings 22]

O relatório do combofix está incompleto...

 

Copie-o e cole-o na íntegra!

[yahooofox 0]

Olá boa noite, o relatorio apresentado exibe apenas esses dados. é necessario realizar o procedimento novamente?

 

seg o log novamente combofix.txt:

 

ComboFix 10-05-05.0D - Rafa 06/05/2010 16:35:13.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2302.1727 [GMT -3:00]

Executando de: I:\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

Os seguintes arquivos/ficheiros foram desabilitados durante a execução:

C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))

.

 

2010-05-06 17:20:21 . 2010-04-29 18:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-05-06 17:20:18 . 2010-04-29 18:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-05-06 04:44:13 . 2008-02-07 20:10:11 -------- d-----w- C:\ckis

2010-05-06 02:05:34 . 2010-05-06 02:05:34 -------- d-----w- C:\Arquivos de programas\Ashampoo

2010-05-05 22:46:05 . 2010-05-05 22:50:46 -------- d-----w- C:\hijack2.2

2010-05-05 20:57:09 . 2008-06-11 00:22:52 81288 ----a-w- C:\WINDOWS\system32\drivers\iksyssec.sys

2010-05-05 20:57:09 . 2008-06-02 18:19:24 29576 ----a-w- C:\WINDOWS\system32\drivers\kcom.sys

2010-05-05 20:57:09 . 2008-06-02 18:19:16 66952 ----a-w- C:\WINDOWS\system32\drivers\iksysflt.sys

2010-05-05 20:57:09 . 2008-06-02 18:19:12 42376 ----a-w- C:\WINDOWS\system32\drivers\ikfilesec.sys

2010-05-05 20:56:56 . 2010-05-06 19:28:34 -------- d-----w- C:\Arquivos de programas\Spyware Doctor

2010-05-05 20:56:56 . 2010-05-05 20:56:56 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\PC Tools

2010-05-05 20:45:05 . 2010-05-05 20:45:06 -------- d-----w- C:\WINDOWS\system32\%DataFolder%

2010-05-05 18:31:15 . 2010-05-05 18:33:11 4212 ---h--w- C:\WINDOWS\system32\zllictbl.dat

2010-05-05 18:31:03 . 2007-03-09 03:02:00 75512 ----a-w- C:\WINDOWS\zllsputility.exe

2010-05-05 18:31:03 . 2004-04-27 07:40:52 11264 ----a-w- C:\WINDOWS\system32\SpOrder.dll

2010-05-03 22:09:59 . 2010-05-03 22:09:59 -------- d-----w- C:\Documents and Settings\Rafa\DoctorWeb

2010-05-03 02:47:56 . 2010-05-03 02:47:56 -------- d-----w- C:\Documents and Settings\Administrador.ITAUTEC.002\DoctorWeb

2010-05-03 02:46:21 . 2010-05-03 02:46:21 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.002\PrivacIE

2010-05-03 02:46:09 . 2010-05-03 02:46:09 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.002\IETldCache

2010-05-03 02:14:00 . 2010-05-03 02:14:00 -------- d-----w- C:\Documents and Settings\Administrador.ITAUTEC.001\DoctorWeb

2010-05-03 02:13:20 . 2010-05-03 02:13:20 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.001\PrivacIE

2010-05-03 02:12:23 . 2010-05-03 02:12:23 -------- d-sh--w- C:\Documents and Settings\Administrador.ITAUTEC.001\IETldCache

2010-05-03 00:59:03 . 2010-05-03 00:59:03 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Malwarebytes

2010-05-03 00:58:36 . 2010-05-03 00:58:36 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2010-05-03 00:58:35 . 2010-05-06 17:20:25 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-05-02 23:38:29 . 2010-05-02 23:38:29 1152 ----a-w- C:\WINDOWS\system32\windrv.sys

2010-05-02 23:33:35 . 2010-05-02 23:38:20 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\GetRightToGo

2010-05-02 21:25:06 . 2009-10-10 02:31:10 315408 ----a-w- C:\WINDOWS\system32\drivers\9747924.sys

2010-05-02 21:25:06 . 2009-09-25 20:59:42 128016 ----a-w- C:\WINDOWS\system32\drivers\97479241.sys

2010-05-02 17:59:25 . 2010-05-02 17:59:25 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2010-05-02 17:52:49 . 2010-05-02 17:58:00 -------- d-s---w- C:\Documents and Settings\Administrador.ITAUTEC

2010-05-01 20:32:46 . 2010-05-02 17:58:13 -------- d-----w- C:\Arquivos de programas\3D Billiards

2010-05-01 11:28:39 . 2010-05-01 11:28:39 635 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386\ForDiff\fa.avc.sys

2010-04-30 16:51:51 . 2010-05-06 18:04:18 -------- d-----w- C:\Arquivos de programas\PokerStars.NET

2010-04-29 02:55:46 . 2010-04-29 02:55:46 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\fltk.org

2010-04-28 19:40:39 . 2010-04-28 19:40:39 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\DivX

2010-04-27 16:05:30 . 2010-04-27 16:05:55 -------- d-----w- C:\Arquivos de programas\StarCodec

2010-04-23 21:56:40 . 2010-04-23 21:56:00 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2010-04-23 21:15:24 . 2010-04-23 21:15:25 -------- d-----w- C:\Arquivos de programas\Avanquest update

2010-04-23 21:15:24 . 2010-04-23 21:15:24 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\BVRP Software

2010-04-23 21:14:43 . 2010-04-23 21:14:43 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Sony Ericsson

2010-04-23 21:14:43 . 2010-04-23 21:14:43 -------- d-----w- C:\Arquivos de programas\Sony Ericsson

2010-04-23 21:14:13 . 2010-04-23 21:14:13 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\InstallShield

2010-04-21 21:38:56 . 2010-04-21 21:44:35 -------- d-----w- C:\Arquivos de programas\eMule

2010-04-21 19:58:36 . 2010-04-21 21:34:57 -------- d-----w- C:\Arquivos de programas\DreaMule

2010-04-19 15:31:54 . 2010-04-19 15:31:54 427 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\bases\as\pas\ForDiff\as.trm.com

2010-04-18 23:18:32 . 2010-04-18 23:23:50 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\LimeWire

2010-04-18 17:51:58 . 2010-04-18 17:51:59 -------- d-----w- C:\Arquivos de programas\SystemRequirementsLab

2010-04-18 17:51:50 . 2010-04-28 21:46:13 -------- d-----w- C:\Documents and Settings\Rafa\SystemRequirementsLab

2010-04-16 19:22:22 . 2010-04-16 19:22:22 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2010-04-16 19:22:20 . 2010-04-16 19:22:22 -------- d-----w- C:\Arquivos de programas\UltraISO

2010-04-11 21:26:54 . 2010-04-11 21:27:02 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Media Player Classic

2010-04-10 16:09:26 . 2010-04-10 16:10:50 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Nero

2010-04-10 14:37:47 . 2010-04-10 14:41:42 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2010-04-07 18:29:48 . 2010-04-07 18:46:19 720896 ----a-w- C:\WINDOWS\iun6002ev.exe

2010-04-06 22:50:42 . 2004-08-18 08:34:07 442368 ----a-r- C:\WINDOWS\system32\vp6vfw.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-06 19:46:17 . 2010-04-03 20:43:55 19744 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat

2010-05-06 19:46:16 . 2010-04-03 20:43:55 32 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx

2010-05-06 19:42:18 . 2010-04-03 20:43:55 803360 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat

2010-05-06 19:42:18 . 2010-04-03 20:43:55 60872 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx

2010-05-06 19:32:31 . 2010-04-02 21:24:09 -------- d---a-w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2010-05-06 19:31:27 . 2010-04-03 20:43:55 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab

2010-05-05 18:30:47 . 2010-05-05 18:30:47 -------- d-----w- C:\Arquivos de programas\Zone Labs

2010-05-05 18:28:00 . 2001-10-28 18:07:18 83186 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-05-05 18:28:00 . 2001-10-28 18:07:18 477468 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-05-05 15:10:59 . 2010-04-03 20:44:40 97549 ----a-w- C:\WINDOWS\system32\drivers\klick.dat

2010-05-05 15:10:59 . 2010-04-03 20:44:40 113933 ----a-w- C:\WINDOWS\system32\drivers\klin.dat

2010-05-02 15:36:04 . 2010-01-26 20:39:02 -------- d-----w- C:\Arquivos de programas\SpywareBlaster

2010-04-23 21:57:46 . 2010-03-13 19:45:12 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Java

2010-04-23 21:15:24 . 2010-01-09 16:56:00 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2010-04-22 20:05:39 . 2010-04-03 21:03:13 -------- d-----w- C:\Arquivos de programas\Java

2010-04-19 19:34:44 . 2010-01-09 17:21:58 -------- d-----w- C:\Arquivos de programas\Glary Utilities

2010-04-16 18:24:21 . 2010-04-05 18:19:26 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-16 18:24:17 . 2010-04-05 18:19:26 -------- d-----w- C:\Arquivos de programas\SUPERAntiSpyware

2010-04-16 13:46:45 . 2010-04-04 15:54:26 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft Help

2010-04-08 23:18:27 . 2010-04-03 21:04:00 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\GanymedeNet

2010-04-08 23:18:04 . 2010-01-11 23:10:06 -------- d-----w- C:\Arquivos de programas\Ganymede

2010-04-06 16:40:36 . 2010-04-06 16:16:07 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\DAEMON Tools Lite

2010-04-06 16:17:32 . 2010-04-06 16:16:26 -------- d-----w- C:\Arquivos de programas\DAEMON Tools Lite

2010-04-06 16:17:32 . 2010-03-29 19:22:00 -------- d-----w- C:\Arquivos de programas\DAEMON Tools Toolbar

2010-04-06 16:16:39 . 2010-04-06 16:16:39 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys

2010-04-06 16:16:09 . 2010-04-06 16:16:01 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\DAEMON Tools Lite

2010-04-05 18:19:58 . 2010-04-05 18:19:58 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-04 19:59:45 . 2010-04-04 19:59:29 -------- d-----w- C:\Arquivos de programas\RocketDock

2010-04-04 16:00:31 . 2010-04-04 16:00:31 -------- d-----w- C:\Arquivos de programas\Microsoft.NET

2010-04-04 15:56:49 . 2010-04-04 15:56:47 -------- d-----w- C:\Arquivos de programas\Microsoft Visual Studio 8

2010-04-03 23:52:27 . 2010-04-03 23:52:27 503808 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6856f775-n\msvcp71.dll

2010-04-03 23:52:27 . 2010-04-03 23:52:27 499712 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6856f775-n\jmc.dll

2010-04-03 23:52:27 . 2010-04-03 23:52:27 348160 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6856f775-n\msvcr71.dll

2010-04-03 23:52:19 . 2010-04-03 23:52:19 61440 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e79c0cb-n\decora-sse.dll

2010-04-03 23:52:19 . 2010-04-03 23:52:19 12800 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e79c0cb-n\decora-d3d.dll

2010-04-03 21:05:14 . 2010-04-03 21:05:14 54272 ----a-w- C:\Documents and Settings\Rafa\Dados de aplicativos\GanymedeNet\Online Games\Common\ielauncher.exe

2010-04-03 21:04:01 . 2010-04-03 21:04:01 4 ----a-w- C:\WINDOWS\system32\proc-322085784.bin

2010-04-03 20:43:55 . 2010-04-03 20:43:55 -------- d-----w- C:\Arquivos de programas\Kaspersky Lab

2010-04-03 20:43:09 . 2010-04-03 20:43:09 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files

2010-04-03 18:03:15 . 2010-01-13 13:24:23 -------- d-----w- C:\Arquivos de programas\Windows Desktop Search

2010-04-03 03:40:26 . 2010-04-03 03:40:26 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\Windows Desktop Search

2010-04-02 23:50:50 . 2010-01-09 17:21:36 -------- d-----w- C:\Arquivos de programas\IObit

2010-04-02 23:50:11 . 2010-04-02 23:50:11 -------- d-----w- C:\Documents and Settings\Rafa\Dados de aplicativos\GlarySoft

2010-04-02 23:49:10 . 2010-01-13 22:26:07 -------- d-----w- C:\Arquivos de programas\ESET

2010-04-02 23:48:56 . 2010-01-22 21:05:30 -------- d-----w- C:\Arquivos de programas\DsNET Corp

2010-04-02 23:45:41 . 2010-02-25 15:36:33 -------- d-----w- C:\Arquivos de programas\Gabest

2010-04-02 23:40:52 . 2010-01-09 20:33:46 -------- d-----w- C:\Arquivos de programas\Real Alternative

2010-04-02 22:02:13 . 2010-04-02 22:02:13 0 ----a-w- C:\WINDOWS\nsreg.dat

2010-04-02 21:22:52 . 2010-04-02 21:22:52 -------- d-----w- C:\Arquivos de programas\VIA

2010-04-02 21:22:22 . 2010-04-02 21:22:22 17801 ----a-w- C:\WINDOWS\system32\drivers\AegisP.sys

2010-04-02 20:04:45 . 2010-04-02 20:04:23 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat

2010-04-02 20:01:31 . 2010-04-02 20:01:31 21844 ----a-w- C:\WINDOWS\system32\emptyregdb.dat

2010-04-02 19:16:44 . 2010-01-20 19:04:16 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Ahead

2010-04-02 18:52:21 . 2010-04-02 18:21:00 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Nero

2010-04-02 17:11:51 . 2010-04-02 17:11:51 -------- d-----w- C:\Arquivos de programas\Rockstar Games

2010-04-02 16:18:42 . 2010-04-02 16:10:28 -------- d-----w- C:\Arquivos de programas\Unlocker

2010-04-02 16:18:18 . 2010-01-09 20:31:33 -------- d-----w- C:\Arquivos de programas\Windows Media Connect 2

2010-03-29 19:49:46 . 2010-03-29 19:49:35 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2010-03-10 06:16:48 . 2008-04-13 22:20:42 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll

2010-02-26 05:42:28 . 2010-02-26 05:42:28 81920 ------w- C:\WINDOWS\system32\ieencode.dll

2010-02-25 06:17:52 . 2008-04-13 22:20:44 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2010-02-24 13:11:07 . 2008-04-13 15:17:02 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2010-02-19 19:02:47 . 2010-03-28 16:11:44 38784 ----a-w- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-19 19:02:47 . 2010-01-22 20:25:25 38784 ----a-w- C:\Documents and Settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-02-16 19:07:12 . 2008-04-13 22:00:36 2150400 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe

2010-02-16 19:07:12 . 2008-04-13 19:00:52 2028544 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe

2010-02-12 04:34:55 . 2008-04-13 22:20:24 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll

2010-02-11 12:02:15 . 2008-04-13 15:00:04 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys

2008-03-09 09:25:10 . 2010-01-09 20:29:45 236 ---ha-w- C:\Arquivos de programas\Arquivos comuns\dx.reg

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:20:56 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2007-07-05 12:42:00 53248]

"S3Trayp"="S3trayp.exe" [2007-07-05 12:42:00 176128]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2010-03-09 02:52:49 15872]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040]

"'Ashampoo AntiSpyWare 2 Guard'"="C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-09-08 14:09:16 2349912]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 21:36:14 227856]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:20:56 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 01:41:34 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\All Users.WINDOWS\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Brazilian\\setup.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R1 97479241;97479241;C:\WINDOWS\system32\drivers\97479241.sys [2/5/2010 18:25:06 128016]

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [5/5/2010 23:05:42 749400]

R2 UnsignedThemes;Unsigned Themes;C:\WINDOWS\UnsignedThemesSvc.exe [13/7/2009 01:07:48 21096]

R2 uxpatch;uxpatch;C:\WINDOWS\system32\drivers\uxpatch.sys [13/7/2009 01:07:46 25448]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [13/12/2007 13:28:40 24592]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [5/5/2010 17:57:01 356920]

S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [6/4/2010 13:16:39 691696]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mchInjDrv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-05 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2010-04-02 23:42:36 . 2006-09-12 20:49:00]

 

2010-05-04 C:\WINDOWS\Tasks\AwcProUpdate.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe [2010-04-02 23:42:36 . 2006-10-10 15:57:38]

 

2010-05-06 C:\WINDOWS\Tasks\GlaryInitialize.job

- C:\Arquivos de programas\Glary Utilities\initialize.exe [2010-01-09 17:21:59 . 2008-04-09 16:22:50]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mStart Page = about:blank

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - C:\Documents and Settings\Rafa\Dados de aplicativos\Mozilla\Firefox\Profiles\o3d80e8w.default\

FF - plugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPBOARDS.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPCARDS.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPDOMINO.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPMAKAOV2.dll

FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\NPPOKER.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[yahooofox 0]

boa noite ja digitei o comando no executar e até copiei do proprio site mas não consegui dá erro o windows não consegue encontrar o Combofix...

 

mais a pasta dele ainda continua na unidade c: .

 

faço o proximo passo ou tem outra maneira de desinstalar o combofix?

[wings 22]

Observe que há um espaço entre combofix e /uninstall

[yahooofox 0]

Eu coloquei com o espaço, mas continua sem desinstalar.

 

Posso utilizar o RSIT sem desinstalar?

[wings 22]

Eu coloquei com o espaço, mas continua sem desinstalar.

 

Posso utilizar o RSIT sem desinstalar?

 

Pode amigo...depois resolvemos isto.

[yahooofox 0]

segue o log do rsit:

 

Logfile of random's system information tool 1.07 (written by random/random)

Run by Rafa at 2010-05-06 21:22:27

Microsoft Windows XP Professional Service Pack 3

System drive C: has 2 GB (6%) free of 25 GB

Total RAM: 2302 MB (78% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:22:50, on 6/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\UnsignedThemesSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Rafa\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\trend micro\Rafa.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\UnsignedThemesSvc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

--

End of file - 4775 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Advanced WindowsCare V2 Pro.job

C:\WINDOWS\tasks\GlaryInitialize.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-23 79648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2007-07-05 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-07-05 176128]

"UnlockerAssistant"=C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe [2010-03-08 15872]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-02-18 248040]

"'Ashampoo AntiSpyWare 2 Guard'"=C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe [2008-09-08 2349912]

"AVP"=C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoResolveSearch"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Brazilian\setup.exe"="C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Brazilian\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-05-06 21:22:27 ----D---- C:\rsit

2010-05-06 21:22:27 ----D---- C:\Arquivos de programas\trend micro

2010-05-06 16:34:04 ----A---- C:\WINDOWS\zip.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\SWSC.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\SWREG.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\sed.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\PEV.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\NIRCMD.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\MBR.exe

2010-05-06 16:34:04 ----A---- C:\WINDOWS\grep.exe

2010-05-06 16:33:22 ----D---- C:\ComboFix

2010-05-06 16:33:08 ----D---- C:\Qoobox

2010-05-06 01:44:13 ----D---- C:\ckis

2010-05-05 23:05:34 ----D---- C:\Arquivos de programas\Ashampoo

2010-05-05 19:46:05 ----D---- C:\hijack2.2

2010-05-05 17:56:56 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\PC Tools

2010-05-05 17:56:56 ----D---- C:\Arquivos de programas\Spyware Doctor

2010-05-05 17:45:05 ----D---- C:\WINDOWS\system32\%DataFolder%

2010-05-05 15:31:03 ----A---- C:\WINDOWS\zllsputility.exe

2010-05-05 15:31:03 ----A---- C:\WINDOWS\system32\SpOrder.dll

2010-05-05 15:30:55 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll

2010-05-05 15:30:54 ----A---- C:\WINDOWS\system32\vsregexp.dll

2010-05-05 15:30:53 ----A---- C:\WINDOWS\system32\zlcommdb.dll

2010-05-05 15:30:53 ----A---- C:\WINDOWS\system32\zlcomm.dll

2010-05-05 15:30:48 ----A---- C:\WINDOWS\system32\vswmi.dll

2010-05-05 15:30:47 ----D---- C:\WINDOWS\system32\ZoneLabs

2010-05-05 15:30:47 ----D---- C:\Arquivos de programas\Zone Labs

2010-05-05 15:30:47 ----A---- C:\WINDOWS\system32\zpeng24.dll

2010-05-05 15:30:47 ----A---- C:\WINDOWS\system32\vsxml.dll

2010-05-05 15:30:47 ----A---- C:\WINDOWS\system32\vspubapi.dll

2010-05-05 15:30:47 ----A---- C:\WINDOWS\system32\vsmonapi.dll

2010-05-05 15:30:13 ----D---- C:\WINDOWS\Internet Logs

2010-05-05 15:30:13 ----A---- C:\WINDOWS\system32\vsutil.dll

2010-05-05 15:30:13 ----A---- C:\WINDOWS\system32\vsinit.dll

2010-05-05 15:30:13 ----A---- C:\WINDOWS\system32\vsdata.dll

2010-05-03 12:10:28 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\Mozilla

2010-05-02 21:59:03 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\Malwarebytes

2010-05-02 21:58:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2010-05-02 21:58:35 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-05-02 20:33:35 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\GetRightToGo

2010-05-01 17:32:46 ----D---- C:\Arquivos de programas\3D Billiards

2010-04-30 13:51:51 ----D---- C:\Arquivos de programas\PokerStars.NET

2010-04-28 23:55:46 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\fltk.org

2010-04-28 16:40:39 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\DivX

2010-04-27 13:05:30 ----D---- C:\Arquivos de programas\StarCodec

2010-04-25 23:15:35 ----A---- C:\WINDOWS\NeroDigital.ini

2010-04-23 18:56:40 ----A---- C:\WINDOWS\system32\javaws.exe

2010-04-23 18:56:40 ----A---- C:\WINDOWS\system32\javaw.exe

2010-04-23 18:56:40 ----A---- C:\WINDOWS\system32\java.exe

2010-04-23 18:56:40 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-04-23 18:15:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\BVRP Software

2010-04-23 18:15:24 ----D---- C:\Arquivos de programas\Avanquest update

2010-04-23 18:14:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Sony Ericsson

2010-04-23 18:14:43 ----D---- C:\Arquivos de programas\Sony Ericsson

2010-04-23 18:14:13 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\InstallShield

2010-04-21 18:38:56 ----D---- C:\Arquivos de programas\eMule

2010-04-21 16:58:36 ----D---- C:\Arquivos de programas\DreaMule

2010-04-18 20:18:32 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\LimeWire

2010-04-18 14:51:58 ----D---- C:\Arquivos de programas\SystemRequirementsLab

2010-04-16 16:22:22 ----D---- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2010-04-16 16:22:20 ----D---- C:\Arquivos de programas\UltraISO

2010-04-15 00:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-15 00:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-15 00:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-15 00:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-15 00:14:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-15 00:13:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-11 18:26:54 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\Media Player Classic

2010-04-10 13:09:26 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\Nero

2010-04-10 11:37:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nero

2010-04-10 11:36:10 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2010-04-07 15:29:48 ----A---- C:\WINDOWS\iun6002ev.exe

 

======List of files/folders modified in the last 1 months======

 

2010-05-06 21:22:27 ----RD---- C:\Arquivos de programas

2010-05-06 20:50:37 ----D---- C:\WINDOWS\temp

2010-05-06 20:49:50 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-06 20:49:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab

2010-05-06 20:49:24 ----D---- C:\WINDOWS

2010-05-06 20:49:06 ----D---- C:\WINDOWS\system32\drivers

2010-05-06 20:46:52 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-06 18:59:27 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

2010-05-06 18:50:46 ----D---- C:\WINDOWS\system32

2010-05-06 18:50:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-05-06 16:48:53 ----SD---- C:\WINDOWS\Tasks

2010-05-06 16:46:21 ----D---- C:\WINDOWS\Prefetch

2010-05-06 16:45:01 ----A---- C:\WINDOWS\system.ini

2010-05-06 16:41:56 ----D---- C:\WINDOWS\system32\config

2010-05-06 16:41:37 ----D---- C:\WINDOWS\ERDNT

2010-05-06 16:38:39 ----D---- C:\WINDOWS\AppPatch

2010-05-06 16:38:37 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-05-06 16:21:04 ----RD---- C:\WINDOWS\Offline Web Pages

2010-05-06 13:21:00 ----D---- C:\WINDOWS\Debug

2010-05-05 23:27:00 ----SHD---- C:\WINDOWS\Installer

2010-05-05 23:26:59 ----D---- C:\Config.Msi

2010-05-05 23:25:20 ----HD---- C:\WINDOWS\inf

2010-05-05 23:04:30 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\Adobe

2010-05-05 23:04:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Adobe

2010-05-05 20:02:55 ----SHD---- C:\System Volume Information

2010-05-05 20:02:55 ----D---- C:\WINDOWS\system32\Restore

2010-05-03 21:36:30 ----D---- C:\WINDOWS\system32\LogFiles

2010-05-03 12:27:00 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft

2010-05-03 12:10:08 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-05-03 11:24:39 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-05-03 11:22:27 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-05-02 23:45:45 ----D---- C:\Documents and Settings

2010-05-02 14:59:33 ----D---- C:\WINDOWS\system32\wbem

2010-05-02 14:59:25 ----D---- C:\WINDOWS\Registration

2010-05-02 12:36:04 ----D---- C:\Arquivos de programas\SpywareBlaster

2010-04-30 13:35:26 ----SD---- C:\Documents and Settings\Rafa\Dados de aplicativos\Microsoft

2010-04-27 21:46:24 ----A---- C:\WINDOWS\win.ini

2010-04-23 18:57:46 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2010-04-23 18:15:24 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2010-04-23 18:15:18 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-04-22 17:05:39 ----D---- C:\Arquivos de programas\Java

2010-04-19 16:34:44 ----D---- C:\Arquivos de programas\Glary Utilities

2010-04-16 15:28:18 ----D---- C:\WINDOWS\WinSxS

2010-04-16 15:24:21 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\SUPERAntiSpyware.com

2010-04-16 15:24:17 ----D---- C:\Arquivos de programas\SUPERAntiSpyware

2010-04-16 10:46:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft Help

2010-04-15 00:19:09 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-10 11:37:45 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\Real

2010-04-10 11:36:16 ----D---- C:\WINDOWS\system32\DirectX

2010-04-08 20:18:27 ----D---- C:\Documents and Settings\Rafa\Dados de aplicativos\GanymedeNet

2010-04-08 20:18:04 ----D---- C:\Arquivos de programas\Ganymede

2010-04-07 18:40:13 ----RSD---- C:\WINDOWS\assembly

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 97479241;97479241; C:\WINDOWS\system32\DRIVERS\97479241.sys [2009-09-25 128016]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Arquivos de programas\UltraISO\drivers\ISODrive.sys []

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 KLIF;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-02 17801]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-07-05 12544]

R2 uxpatch;uxpatch; \??\C:\WINDOWS\system32\drivers\uxpatch.sys []

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-06-21 547072]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-07-05 594432]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-07-05 995712]

R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-07-05 206976]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]

R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-05 634880]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-07-05 726400]

S3 catchme;catchme; \??\C:\DOCUME~1\Rafa\CONFIG~1\Temp\catchme.sys []

S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-06-02 42376]

S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]

S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-06 691696]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service; C:\Arquivos de programas\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-09-08 749400]

R2 AVP;Kaspersky Internet Security 7.0; C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-04-23 153376]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208]

R2 UnsignedThemes;Unsigned Themes; C:\WINDOWS\UnsignedThemesSvc.exe [2009-07-13 21096]

R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2007-07-05 65536]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 sdAuxService;PC Tools Auxiliary Service; C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [2008-06-05 356920]

S3 sdCoreService;PC Tools Security Service; C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe [2008-06-10 1072008]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S4 NetTcpPortSharing;Serviço de Compartilhamento de Porta Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

*Baixe o SystemLook e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

 

:dir

C:\ckis

:file

C:\WINDOWS\system32\DRIVERS\97479241.sys

*Duplo clique em SystemLook.exe

*Cole (Ctrl+v) o código no espaço em branco

*Clique em [Look]

*Cole o relatório apresentado em SystemLook.txt localizado no desktop

[yahooofox 0]

segue o log do systemloock:

 

 

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 21:52 on 06/05/2010 by Rafa (Administrator - Elevation successful)

 

========== dir ==========

 

C:\ckis - Parameters: "(none)"

 

---Files---

crack.lst -rah-- 112504 bytes [04:44 06/05/2010] [04:02 14/05/2006]

 

---Folders---

None found.

 

========== file ==========

 

C:\WINDOWS\system32\DRIVERS\97479241.sys - File found and opened.

MD5: 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C

Created at 21:25 on 02/05/2010

Modified at 20:59 on 25/09/2009

Size: 128016 bytes

Attributes: --a---

FileDescription: Kaspersky Unified Driver

FileVersion: 6.4.0.11

ProductVersion: 1.0.0.0

OriginalFilename: KL1.SYS

InternalName: KL1

ProductName: Kaspersky Anti-Virus

CompanyName: Kaspersky Lab

LegalCopyright: Copyright © Kaspersky Lab 1997-2009.

 

-=End Of File=-

[wings 22]

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Baixe o ToolsCleaner e salve-o no desktop

*Duplo clique em ToolsCleaner2.exe

*Clique em [Recherche] aguarde o término da listagem e depois clique em [supression]

*Cole o relatório criado em C:\TCleaner.txt

 

3.

*Delete o SystemLook e seu relatório.

 

4.

*Siga os passos deste tutorial e cole o relatório.

[yahooofox 0]

não apareceu bem igual o do tutorial.

 

mais segue o relatorio.

 

MalAware - Version 1.0.0.4

Last update: 7/5/2010 00:03:29

 

Scan settings:

 

Scan type: Quick Scan

Objects: Memory, Traces

Cleaning: Off

Scan start: 6/5/2010 22:21:15

 

 

Scanned

 

Files: 516

Traces: 52970

Cookies: 0

Processes: 34

 

Found

 

Files: 0

Traces: 0

Cookies: 0

Processes: 0

 

Scan end: 6/5/2010 22:21:42

Scan time: 00:00:26

[wings 22]

Usou o ToolsCleaner conforme orientei?

 

OK...o PC está limpo.

[yahooofox 0]

Ainda nao parou de abrir páginas. Independente de estar ou não na internet, as paginas continuam abrindo.

 

Vou falar mais um pouco sobre o virus para ver se ajuda, eu já até formatei o meu pc antes excluindo todas as partições, formatei em NFTS normal, instalei o vista e windows 7 ou o xp mesmo quando iniciava eles começava abrir as paginas novamente.

[wings 22]

Amigo, não há sinais de contaminação.

 

Que tipos de páginas estão abrindo?

 

você alterou configurações nos navegadores?

 

você disse ter formatado o PC. E toda vez que instala o Windows estas páginas aparecem. você se lembra de ter instalado algum programa e estas páginas iniciarem?

 

Você usa MSN PLUS! ?