Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Black Prince

[Arquivado] remover o herss;dsoqq e o nodqq

Recommended Posts

coloquei um pen drive de um amigo no meu pc dps de um tempo o pc nao funcionou tao bem o explorer nao inicia certinho como antes de eu colocar esse bem dito pen drive......

nao consigo desinstalar alguns programas....nao consigo abrir alguns arquivos apareçe uma mensagem nao eh um arquivo do win32

resumindo pesquisei pesquisei e descobri o nome do virus e suas variaçoes mais nao consigo removelas jah tentei o avg o Malwarebytes' Anti-Malware

e nada me ajudem por favor abaixo o log feito pelo hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:48:16, on 6/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\The KMPlayer\KMPlayer Plus\KMPlayer.exe

C:\Level Up! Games\Perfect World\patcher\patcher.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start @uninstallReasonUrl

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ALLUpdate] "C:\Arquivos de programas\OpenSubtitlesPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D67E3F0-DBA3-4915-B539-2152E13B381A}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{8D67E3F0-DBA3-4915-B539-2152E13B381A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

 

--

End of file - 4306 bytes

 

agradeço desde ja pela atençao

odeio o dsoqq ¬¬

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

eu fiz isso q você pediu mais nao mudou em nada.......

Logfile of random's system information tool 1.07 (written by random/random)

Run by Administrador at 2010-07-07 12:49:33

Microsoft Windows XP Professional Service Pack 3

System drive C: has 54 GB (27%) free of 199 GB

Total RAM: 2038 MB (67% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:49:40, on 7/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\RSIT.exe

C:\Arquivos de programas\trend micro\Administrador.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D67E3F0-DBA3-4915-B539-2152E13B381A}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{8D67E3F0-DBA3-4915-B539-2152E13B381A}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{8D67E3F0-DBA3-4915-B539-2152E13B381A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

 

--

End of file - 4748 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1214440339-1801674531-500.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1214440339-1801674531-500.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-06 341600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Barra de Ferramentas do Yahoo! - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-07-06 382424]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-09-11 18895324]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dso32]

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\dsoqq.exe [2010-07-07 294358]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7641b884-6d9b-11df-ac37-806d6172696f}]

shell\AutoRun\command - E:\g6jk.exe

shell\open\command - E:\g6jk.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7641b887-6d9b-11df-ac37-806d6172696f}]

shell\AutoRun\command - C:\g6jk.exe

shell\open\command - C:\g6jk.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2c8c3d-7308-11df-9f23-001c254a6498}]

shell\AutoRun\command - G:\Sys\Drivers\raidhost.exe

shell\Explore\command - G:\Sys\Drivers\raidhost.exe

shell\open\command - G:\Sys\Drivers\raidhost.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-07-07 12:49:33 ----D---- C:\rsit

2010-07-07 12:49:33 ----D---- C:\Arquivos de programas\trend micro

2010-07-07 01:41:14 ----RSH---- C:\x3xh.exe

2010-07-06 11:22:37 ----A---- C:\WINDOWS\RTHDCPL.EXE

2010-07-06 00:23:30 ----HD---- C:\$AVG

2010-07-03 14:47:49 ----RSH---- C:\g6jk.exe

2010-07-02 00:50:14 ----RSH---- C:\rxf.exe

2010-06-30 18:31:55 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer Pro

2010-06-30 18:31:55 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer

2010-06-30 18:31:55 ----D---- C:\Arquivos de programas\Webteh

2010-06-30 00:40:07 ----A---- C:\WINDOWS\system32\igfxres.dll

2010-06-30 00:37:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Sony Shared

2010-06-30 00:36:16 ----D---- C:\Arquivos de programas\Motorola

2010-06-30 00:36:12 ----A---- C:\WINDOWS\system32\sm56co76.dll

2010-06-30 00:36:11 ----D---- C:\dell

2010-06-30 00:35:07 ----A---- C:\WINDOWS\system32\CSVer.dll

2010-06-30 00:35:06 ----D---- C:\Arquivos de programas\Intel

2010-06-30 00:28:59 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll

2010-06-30 00:28:58 ----D---- C:\WINDOWS\system32\Lang

2010-06-30 00:28:57 ----A---- C:\WINDOWS\system32\igxpun.exe

2010-06-30 00:24:14 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Easeware

2010-06-30 00:24:05 ----D---- C:\Arquivos de programas\Easeware

2010-06-28 21:47:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ALLPlayer

2010-06-28 21:47:07 ----A---- C:\WINDOWS\system32\xvidcore.dll

2010-06-28 21:47:07 ----A---- C:\WINDOWS\system32\libFLAC.dll

2010-06-23 23:20:23 ----RSH---- C:\eyruu.exe

2010-06-22 23:35:50 ----D---- C:\WINDOWS\Minidump

2010-06-20 11:06:19 ----HD---- C:\WINDOWS\PIF

2010-06-19 11:47:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\SITEguard

2010-06-19 11:47:07 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\STOPzilla!

2010-06-19 11:47:07 ----D---- C:\Arquivos de programas\Arquivos comuns\iS3

2010-06-18 13:18:37 ----A---- C:\WINDOWS\Elite Path 2010 Uninstaller.exe

2010-06-18 00:43:44 ----D---- C:\Arquivos de programas\Perfect World Elite Games

2010-06-17 19:12:30 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2

2010-06-17 19:12:22 ----D---- C:\Arquivos de programas\Teamspeak2_RC2

2010-06-17 17:33:45 ----D---- C:\Arquivos de programas\DsNET Corp

2010-06-17 00:11:29 ----RSH---- C:\xcr.exe

2010-06-16 23:07:41 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM

2010-06-16 23:06:43 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2010-06-16 23:06:05 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype

2010-06-16 23:06:04 ----RD---- C:\Arquivos de programas\Skype

2010-06-16 23:06:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2010-06-09 14:28:23 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Canneverbe Limited

2010-06-09 14:28:22 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited

2010-06-09 14:28:15 ----D---- C:\Arquivos de programas\CDBurnerXP

2010-06-09 14:09:12 ----N---- C:\WINDOWS\system32\agrsmdel.exe

2010-06-09 14:09:08 ----D---- C:\WINDOWS\Options

2010-06-08 00:04:13 ----D---- C:\WINDOWS\system32\x64

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igxprd32.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igxpgd32.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igxpdx32.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igxpdv32.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\iglicd32.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igldev32.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxsrvc.exe

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxsrvc.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxress.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxpph.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxexps.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxdo.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\igfxdev.dll

2010-06-08 00:03:40 ----A---- C:\WINDOWS\system32\hccutils.dll

 

======List of files/folders modified in the last 1 months======

 

2010-07-07 12:49:33 ----RD---- C:\Arquivos de programas

2010-07-07 12:49:05 ----D---- C:\WINDOWS\Prefetch

2010-07-07 12:33:12 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-07-07 12:33:07 ----D---- C:\WINDOWS\system32

2010-07-07 07:43:05 ----SD---- C:\WINDOWS\Tasks

2010-07-07 05:21:52 ----D---- C:\WINDOWS\system32\CatRoot2

2010-07-07 00:40:41 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-07-07 00:39:30 ----D---- C:\WINDOWS\Temp

2010-07-07 00:38:55 ----D---- C:\WINDOWS

2010-07-06 17:58:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-07-06 15:17:49 ----SHD---- C:\WINDOWS\Installer

2010-07-06 11:23:03 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-07-06 11:23:01 ----D---- C:\WINDOWS\system32\drivers

2010-07-06 11:23:00 ----D---- C:\WINDOWS\system32\RTCOM

2010-07-06 01:47:17 ----D---- C:\Arquivos de programas\Ares

2010-07-06 01:46:38 ----D---- C:\Arquivos de programas\Arquivos comuns\Real

2010-07-06 01:46:34 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2010-07-06 01:46:26 ----A---- C:\WINDOWS\system32\pndx5032.dll

2010-07-06 01:46:26 ----A---- C:\WINDOWS\system32\pndx5016.dll

2010-07-06 01:46:23 ----D---- C:\Arquivos de programas\Real

2010-07-06 01:45:56 ----A---- C:\WINDOWS\system32\pncrt.dll

2010-07-06 01:45:56 ----A---- C:\WINDOWS\system32\msvcr71.dll

2010-07-06 01:45:56 ----A---- C:\WINDOWS\system32\msvcp71.dll

2010-07-06 00:31:17 ----SD---- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft

2010-07-06 00:23:34 ----D---- C:\Arquivos de programas\QuickTime

2010-07-06 00:13:46 ----D---- C:\WINDOWS\pss

2010-07-05 22:20:21 ----A---- C:\WINDOWS\win.ini

2010-07-05 22:20:21 ----A---- C:\WINDOWS\system.ini

2010-06-30 01:02:28 ----HD---- C:\WINDOWS\inf

2010-06-30 00:37:49 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2010-06-30 00:37:49 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-06-30 00:37:48 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2010-06-30 00:37:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-06-30 00:37:08 ----D---- C:\WINDOWS\system32\CatRoot

2010-06-30 00:35:40 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-06-24 16:17:59 ----RSD---- C:\WINDOWS\Fonts

2010-06-22 17:48:47 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2010-06-16 11:45:25 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2010-06-09 14:11:15 ----D---- C:\WINDOWS\Driver Cache

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R2 irda;Protocolo IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-09-11 5911552]

R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 Rasirda;Miniporta de rede remota (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-11-12 1021056]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys []

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]

S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []

S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2008-04-13 161020]

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Irmon;Monitor de infravermelho; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 NMSAccessU;NMSAccessU; C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 212444]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 247260]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 1062358]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe []

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 1092574]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

olha o log ai feito pelo rsit

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Desative temporariamente seu antivírus

*Baixe o USBFix e salve-o no desktop

*Conecte o Pendrive no PC

*Duplo clique em UsbFix

*Clique em [Pesquisa] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.