Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ramon Freitas

[Arquivado] Analise de log

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Ramon Freitas    0

Ramon Freitas
Postado

Bom,a uns tempos,o avast foi atualizado para a nova versão,depois da atualizaçao,o pc reiniciou e eu nao conseguiu acessar nada pq o avast detectava erro,exclui ele do pc só que agora,nao consigo instalar nenhum antivirus e alguns programas como Ccleaner,jogos,photoshop e alguns outras programas nao instalam.eles simplesmente fecham depois de executados.

 

segue o log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:23, on 19/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\TEMP\xksgcp.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\HiJackThis.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ns1.natalnosso.info:8082/windows.pac

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="d:\driver\common\win2k_xp\PhysX_9.09.0203_SystemSoftware.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD338FB-B1BF-4301-9608-CA508AA85D63}: NameServer = 200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CC99323-1EC2-4792-AECB-B2B511C7AD1C}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1ca8127297d89e2) (gupdate1ca8127297d89e2) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7242 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Ramon Freitas

 

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ramon Freitas    0

Ramon Freitas
Postado

segue o primeiro log

 

22/6/2010 21:33:12

mbam-log-2010-06-22 (21-33-12).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 260586

Tempo decorrido: 1 hora(s), 20 minuto(s), 2 segundo(s)

 

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 0

Arquivos Infectados: 85

 

Processos de Memória Infectados:

C:\WINDOWS\Temp\lnppv.exe (Trojan.Agent) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\WINDOWS\Temp\lnppv.exe (Trojan.Agent) -> Delete on reboot.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP194\A0117078.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP194\A0117349.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP194\A0117749.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP194\A0118108.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP194\A0118374.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP195\A0118766.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP195\A0118907.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP195\A0119305.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP197\A0119836.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP197\A0120135.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP197\A0120483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP198\A0120836.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP198\A0121181.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP198\A0121480.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP199\A0121614.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP199\A0121965.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP199\A0122451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP199\A0122816.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP199\A0123194.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP200\A0123460.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP200\A0123810.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP200\A0124262.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP202\A0124791.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP202\A0125049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP202\A0125416.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP202\A0126895.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP203\A0127431.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP203\A0127912.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP203\A0128274.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP203\A0128600.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP204\A0128928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP204\A0129206.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP204\A0129558.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP204\A0129921.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0130074.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0130444.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0130826.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0131135.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0131549.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0131833.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP205\A0133320.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP206\A0133737.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0134097.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0134707.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0135080.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0135472.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0135857.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0136166.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP207\A0136578.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP208\A0136992.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP209\A0137402.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP210\A0137830.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP210\A0138139.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP210\A0138542.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP210\A0138820.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP211\A0139234.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP211\A0139408.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP211\A0139887.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP211\A0140152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP211\A0140736.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP211\A0141182.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP212\A0141741.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP212\A0142311.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP212\A0143588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP212\A0143779.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP213\A0144402.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP213\A0144863.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP213\A0144802.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP213\A0145189.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP213\A0145614.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP214\A0145788.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP214\A0146204.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP214\A0146624.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP214\A0146729.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP215\A0146941.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP215\A0147358.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{E11D2F46-D856-45B1-8B2C-6F287F84F4A5}\RP215\A0147958.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EA GAMES\Need for Speed Underground 2\rld-nu2k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Ragnarok Online - RagnaProject\GameFort.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Backup\Documents and Settings\Ramon Freitas\Meus documentos\Nova pasta\Keys\rld-nu2k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

agora o log do hijack

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:38:28, on 22/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\notepad.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ns1.natalnosso.info:8082/windows.pac

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="d:\driver\common\win2k_xp\PhysX_9.09.0203_SystemSoftware.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD338FB-B1BF-4301-9608-CA508AA85D63}: NameServer = 200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CC99323-1EC2-4792-AECB-B2B511C7AD1C}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1ca8127297d89e2) (gupdate1ca8127297d89e2) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

obrigado pela atençao

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Ramon Freitas

 

<!> Repita o scan com o Malwarebytes,e poste o relatório.

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local ©.

<@> Execute-a!

<@> Concluindo,será gerado o log: C:\SafeBoot_Repair.txt <-- Não poste-o!

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < DrWebCureIt >

 

<!> < External Mirror 1 > <-- Link indireto!

 

<@> Salve DrWebCureIt.exe em Arquivos de programas!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

<@> Ps: Neste modo são verificados os seguintes objetos:

 

<1> Sectores de Arranque de Todos os Discos

<2> Todas as Unidades Removíveis

<3> Todos os Discos Locais

 

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Poste: C:\Documents and Settings\Administrator\DoctorWeb\CureIt.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ramon Freitas    0

Ramon Freitas
Postado

quando eu clico no link do DR.Web cure it a janela fecha automaticamente,ja tentei abrir pelo internet explorer e nada,ja tentei abrir por outro link,como baixaki e superdownloads,mas eles fecham automaticamente...é,esse antvirus deve ser bom mesmo,os virus fecham ele antes de ele ser baixado kkkkkkkkkkkkkkkk

 

e agora,o que eu faço?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

quando eu clico no link do DR.Web cure it a janela fecha automaticamente,ja tentei abrir pelo internet explorer e nada,ja tentei abrir por outro link,como baixaki e superdownloads,mas eles fecham automaticamente...é,esse antvirus deve ser bom mesmo,os virus fecham ele antes de ele ser baixado kkkkkkkkkkkkkkkk

 

e agora,o que eu faço?

///////////////\\\\\\\\\\\\\\

Opa! Ramon Freitas

 

<!> Caso possua outro computador,copie DrWebCureIt.exe para um pendrive,e daí para seu PC.

<!> Ps: Recomendo,ao baixá-lo,renomeá-lo para UebCt.exe. <-- Sem o ( .exe )

00000000000000000000

oooooooooooooooooooo

<@> Vá a este endereço:

 

<!> < ConfickerWorkingGroup >

 

<@> Interprete as 6 imagens,na infecção pelo conficker. ( Conficker Eye Chart )

<@> Ps: Informe o resultado!

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < SalityKiller.zip >

<@> Link - 2 < SalityKiller.zip >

<@> Salve-o no Disco local C:\,e descompacte-o ai mesmo.

<@> Desative a Restauração do Sistema,indo pelo caminho:

 

:seta: Meu Computador --> Propriedades --> Restauração do Sistema --> Desativar Restauração do Sistema --> OK --> Sim

 

<@> Ps: Este programa irá rodar em 2 janelas,distintas,ao mesmo tempo!!

 

<1> A primeira janela:

 

Vá em Iniciar --> Executar --> copie e cole: C:\salitykiller.exe -mClique OK.

<@> Ps: Mantenha a janela rodando e não a feche! Se desejar,minimize-a.

 

<2> A segunda janela:

 

Vá em Iniciar --> Executar --> copie e cole: C:\salitykiller.exe -y -x -j -l sality.txt -vClique OK.

<@> Concluindo,a janela será fechada automaticamente.

<@> Feche,à seguir,a janela.

 

Infected files: 6382

19:59:42 Infected processes: 0

19:59:42 Infected threads: 0

19:59:42 Cured files: 5808

19:59:42 Executed registry scripts: 1

<@> Poste o rusumo do relatório: C:\sality.txt,segundo o exemplo que está no Quote.

<@> Poste,também,UebCt.txt <-- Relatório do DrWebCureIt!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ramon Freitas    0

Ramon Freitas
Postado

cara,me desculpe pela demora,muito trabalho,e como eu nao posso usar esse pc ai fode tudo.

 

o relatorio do DR.Web eu nao tenho,pq quando estava terminando,a força da cidade acabou.mas eu lembro de alguns valores.foram 12.000 infectados, 11 movidos e 1 suspeito e o resto 0.ja tava quase terminando,ai a força caiu.demorou 19 horas.

 

o resultado do conficker foi : Normal/Not Infected by Conficker (or using proxy)

 

 

17:17:14:765 3392 Infected files: 3

17:17:14:765 3392 Infected processes: 0

17:17:14:765 3392 Infected threads: 0

17:17:14:765 3392 Cured files: 3

17:17:14:765 3392 Executed registry scripts: 1

 

 

aqui esta o relatorio do hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:42:30, on 1/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\WINDOWS\system32\notepad.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ns1.natalnosso.info:8082/windows.pac

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="d:\driver\common\win2k_xp\PhysX_9.09.0203_SystemSoftware.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD338FB-B1BF-4301-9608-CA508AA85D63}: NameServer = 200.165.132.147

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CC99323-1EC2-4792-AECB-B2B511C7AD1C}: NameServer = 200.165.132.148 200.165.132.155

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1ca8127297d89e2) (gupdate1ca8127297d89e2) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

abraços e desculpa denovo pela demora

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito