pipe 0 Denunciar post Postado Julho 8, 2010 no tela no note qundo inicia aparece uma janela com a inscrição "Failed to set data for 'SynNglp" ++++++ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:46:37, on 08/07/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\SynNglp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Marcus\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.terra.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [synNglp] C:\Windows\System32\SynNglp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk.disabled O4 - Global Startup: Monitor.lnk.disabled O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 6699 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 Bom dia.... 1. Abra o Spybot No menu superior, clique em [Modo] > [Avançado] e confirme. Clique em [Ferramentas] > [Residente] Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema). Feche o programa. 2. Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Desmarque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme > Reinicie o PC 3. *Baixe o AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. 4. *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta *Cole também o relatório criado em C:\Ad-Report-CLEAN.log Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 Bom dia.... 1. Abra o Spybot No menu superior, clique em [Modo] > [Avançado] e confirme. Clique em [Ferramentas] > [Residente] Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema). Feche o programa. 2. Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Desmarque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme > Reinicie o PC 3. *Baixe o AD-Remover'>http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe"]AD-Remover e salve-o no desktop *Duplo clique em AD-R.exe *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. 4. *Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam/program/mbam-setup.exe"]MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta *Cole também o relatório criado em C:\Ad-Report-CLEAN.log Bom dia Em providencia. Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 ======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 ======= Updated by C_XX on 23/06/10 at 19:20 Contact: AdRemover.contact@gmail.com website: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 10:26:32 on 09/07/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Marcus@MARCUS-PC (Positivo Positivo Mobile) ============== SEARCH ============== 0,Folder found: C:\Users\Marcus\AppData\LocalLow\pdfforge 0,Folder found: C:\Program Files\pdfforge Toolbar 0,Folder found: C:\Users\Marcus\AppData\LocalLow\Search Settings 3,File found: C:\Windows\Installer\4b46e4.msi 1,Key found: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 0,Key found: HKLM\Software\pdfforge 0,Key found: HKLM\Software\Search Settings 0,Key found: HKCU\Software\AppDataLow\Software\pdfforge 0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} 0,Key found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings 0,Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ============== ADDITIONNAL SCAN ============== ** Internet Explorer Version [8.0.6001.18928] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Show_ToolBar: yes Start Page: hxxp://mail.terra.com.br/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\Windows\System32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 2 File(s) C:\Program Files\Ad-Remover\Backup: 2 File(s) C:\Ad-Report-SCAN[1].txt - 09/07/2010 (2640 Byte(s)) End at: 10:29:31, 09/07/2010 ============== E.O.F ============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4295 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 09/07/2010 11:22:31 mbam-log-2010-07-09 (11-22-31).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 220498 Tempo decorrido: 45 minuto(s), 46 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 1. *Execute novamente o AD-Remover *Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa. *Cole o relatório criado em C:\Ad-Report-CLEAN.log Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 olá, antes de executar estas açoes propostas por voce, eu desbilitei ontem este arquivo "synnglp" dentro do spybot no menu ferramentas em inicialização do sistema. ======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 ======= Updated by C_XX on 23/06/10 at 19:20 Contact: AdRemover.contact@gmail.com website: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Launched at 11:42:54 on 09/07/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Marcus@MARCUS-PC (Positivo Positivo Mobile) ============== SEARCH ============== 0,Folder found: C:\Users\Marcus\AppData\LocalLow\pdfforge 0,Folder found: C:\Program Files\pdfforge Toolbar 0,Folder found: C:\Users\Marcus\AppData\LocalLow\Search Settings 3,File found: C:\Windows\Installer\4b46e4.msi 1,Key found: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 0,Key found: HKLM\Software\pdfforge 0,Key found: HKLM\Software\Search Settings 0,Key found: HKCU\Software\AppDataLow\Software\pdfforge 0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} 0,Key found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings 0,Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ============== ADDITIONNAL SCAN ============== ** Internet Explorer Version [8.0.6001.18928] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Show_ToolBar: yes Start Page: hxxp://mail.terra.com.br/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\Windows\System32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 2 File(s) C:\Program Files\Ad-Remover\Backup: 3 File(s) C:\Ad-Report-SCAN[1].txt - 09/07/2010 (2769 Byte(s)) C:\Ad-Report-SCAN[2].txt - 09/07/2010 (2695 Byte(s)) End at: 11:43:48, 09/07/2010 ============== E.O.F ============== Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 Amigo...você está clicando em [scan] no AD-Remover!!...eu quero que clique em [Clean] O arquivo em questão só será removido com o uso de outra ferramenta. Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 ======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 ======= Updated by C_XX on 23/06/10 at 19:20 Contact: AdRemover.contact@gmail.com website: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:12:16 on 09/07/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Marcus@MARCUS-PC (Positivo Positivo Mobile) ============== ACTION(S) ============== 0,Folder deleted: C:\Users\Marcus\AppData\LocalLow\pdfforge 0,Folder deleted: C:\Program Files\pdfforge Toolbar 0,Folder deleted: C:\Users\Marcus\AppData\LocalLow\Search Settings 3,File deleted: C:\Windows\Installer\4b46e4.msi (!) -- Temporary files deleted. 1,Key deleted: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 0,Key deleted: HKLM\Software\pdfforge 0,Key deleted: HKLM\Software\Search Settings 0,Key deleted: HKCU\Software\AppDataLow\Software\pdfforge 0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E} 0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings 0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ============== ADDITIONNAL SCAN ============== ** Internet Explorer Version [8.0.6001.18928] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\Windows\System32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 23 File(s) C:\Program Files\Ad-Remover\Backup: 18 File(s) C:\Ad-Report-CLEAN[1].txt - 09/07/2010 (2920 Byte(s)) C:\Ad-Report-SCAN[1].txt - 09/07/2010 (2769 Byte(s)) C:\Ad-Report-SCAN[2].txt - 09/07/2010 (2824 Byte(s)) End at: 14:13:29, 09/07/2010 ============== E.O.F ============== Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 1. *Execute novamente o AD-Remover *Clique em [uninstall] 2. *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme. *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 ComboFix 10-07-08.02 - Marcus 09/07/2010 15:42:00.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2940.2028 [GMT -3:00] Executando de: c:\users\Marcus\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - drivers: deleted 208 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\BisonC07.dll c:\windows\system32\%appdata% c:\windows\system32\~.inf c:\windows\system32\megaspdr.log . (((((((((((((((( Arquivos/Ficheiros criados de 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))) . 2010-07-09 18:47 . 2010-07-09 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-08 14:09 . 2010-07-08 14:09 -------- d-----w- c:\users\Marcus\AppData\Roaming\Malwarebytes 2010-07-08 14:09 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 14:09 . 2010-07-08 14:09 -------- d-----w- c:\programdata\Malwarebytes 2010-07-08 14:09 . 2010-07-09 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 14:09 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-07 16:32 . 2010-07-07 16:32 407552 ----a-w- c:\windows\system32\SynNglp.exe 2010-06-29 16:32 . 2010-06-29 16:32 -------- d-----w- c:\program files\Orban 2010-06-29 16:32 . 2010-06-29 16:32 -------- d-----w- c:\program files\Megacubo 2010-06-23 22:11 . 2009-11-08 13:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 22:11 . 2009-11-08 13:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 22:11 . 2009-11-08 13:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 22:11 . 2009-11-08 13:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 22:11 . 2009-11-08 13:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-23 20:18 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-23 20:18 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-13 22:22 . 2010-06-13 22:26 -------- d-----w- C:\CHALEGRECD 2010-06-13 22:11 . 2010-06-13 22:54 -------- d-----w- C:\CHALEGRE 2010-06-11 19:31 . 2010-06-11 19:31 -------- d-----w- C:\servidor 2010-06-11 19:08 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-06-10 22:15 . 2010-06-10 22:17 -------- d-----w- c:\program files\Google 2010-06-10 22:15 . 2010-06-10 22:15 -------- d-----w- c:\users\Marcus\AppData\Local\Google . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 18:18 . 2010-07-09 18:15 292383 ----a-w- c:\windows\system32\~.tmp 2010-07-08 20:21 . 2009-11-04 16:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-07-08 15:28 . 2010-04-22 18:30 -------- d-----w- c:\program files\danfeview 2010-07-08 15:28 . 2010-02-16 23:57 -------- d-----w- c:\program files\Common Files\eBay 2010-07-07 22:22 . 2009-10-06 02:33 71136 ----a-w- c:\users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-07 16:32 . 2009-12-01 15:58 -------- d-----w- c:\program files\Scpad 2010-07-07 16:20 . 2008-01-21 06:32 634222 ----a-w- c:\windows\system32\prfh0416.dat 2010-07-07 16:20 . 2008-01-21 06:32 121888 ----a-w- c:\windows\system32\prfc0416.dat 2010-06-25 16:59 . 2009-11-09 20:01 -------- d-----w- c:\program files\CCleaner 2010-06-13 02:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-13 02:27 . 2009-08-10 22:39 -------- d-----w- c:\programdata\Microsoft Help 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1562\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1562\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1562\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\1562\AcrobatUpdater.exe 2010-06-04 13:09 . 2009-11-27 23:48 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-31 19:55 . 2010-05-31 19:55 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-27 23:13 . 2009-08-10 22:33 -------- d-----w- c:\program files\Microsoft 2010-05-26 17:06 . 2010-06-11 19:09 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-11 19:09 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 18:00 . 2010-05-21 18:00 -------- d-----w- c:\program files\PDFCreator 2010-05-21 17:14 . 2009-10-06 14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-20 19:09 . 2010-05-20 19:09 -------- d-----w- c:\program files\SEBRAE 2010-05-19 19:51 . 2010-05-19 19:49 -------- d-----w- c:\program files\MakeMoney20 2010-05-04 05:59 . 2010-06-11 19:09 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-11 19:09 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-11 19:09 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-11 19:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-04-23 14:13 . 2010-05-26 00:34 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-21 17:53 . 2010-04-21 17:53 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-16 16:43 . 2010-06-23 20:18 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43 . 2010-06-23 20:18 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43 . 2010-06-23 20:18 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-04-16 16:43 . 2010-06-23 20:18 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2009-03-30 16:29 . 2009-03-30 16:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Recorte de tela e Iniciador do OneNote 2007.lnk.disabled [2009-10-29 1113] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor.lnk.disabled [2009-8-10 1959] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dll" [2010-02-22 315488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2010-02-22 21:10 315488 ----a-w- c:\program files\GbPlugin\gbiehcef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SynTPStart"=c:\program files\Synaptics\SynTP\SynTPStart.exe "SearchSettings"=c:\program files\pdfforge Toolbar\SearchSettings.exe "<NO NAME>"= "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SiSTray"=%ProgramFiles%\SiS VGA Utilities\SiSTray.exe "SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe "VivoAds"=vivoads.exe "RtHDVCpl"=RtHDVCpl.exe "BisonHK"=c:\windows\BisonCam\BisonHK.exe "DANFEmon"=c:\program files\danfeview\danfemon.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "SynNglp"=c:\windows\System32\SynNglp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(B):50,79,a6,f9,13,5c,ca,01 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 136176] R2 scpVista;scpVista; [x] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-02-22 30560] S1 aswSP;avast! Self Protection; [x] S1 Cloverh;Cloverh;c:\windows\system32\DRIVERS\Cloverh.sys [2009-02-25 7680] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-02-22 53856] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112] S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2009-03-02 463360] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-03-03 48128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 22:15] 2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 22:15] 2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{2AE15571-FF1A-4866-8CF2-F5AA07583C5E}.job - c:\windows\system32\msfeedssync.exe [2010-06-11 04:30] . . ------- Scan Suplementar ------- . IE: E&xportar para o Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-09 15:51 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Outros Processos em Execução ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\conime.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tempo para conclusão: 2010-07-09 15:56:52 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-07-09 18:56 Pré-execução: 217.839.783.936 bytes disponíveis Pós execução: 217.795.354.624 bytes disponíveis - - End Of File - - 096C5FE371A3A6CA15C595FD47E3893C Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 *Abra o bloco de notas e cole nele todo o conteúdo do código abaixo: File::c:\windows\system32\SynNglp.exe c:\windows\system32\~.tmp Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SynNglp"=- *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 executei a açao indicada, mas o programa não abriu e nem gerou log Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 Por favor.... Novo log do hijack Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:10:29, on 09/07/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Users\Marcus\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk.disabled O4 - Global Startup: Monitor.lnk.disabled O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 5505 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 O log não mostra mais a entrada. A mensagem ainda persiste? Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 vou reiniciar o computador a caixa com a mensagem nao apareceu Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 o note ja esta livre do do virus? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 9, 2010 o note ja esta livre do do virus? Para tirar sua dúvida.... *Baixe o OTL e salve-o no desktop *Duplo clique em OTL *Selecione as opções abaixo: [] Verificar All Users [] Ignorar Arquivos Microsoft [] Usar WhiteList para Nomes de Companhias [] Verificar Purity *Em "Extra Registry", selecione a opção *Clique em [Verificar] e aguarde o término do processo *Cole o relatório OTL.txt criado no desktop Compartilhar este post Link para o post Compartilhar em outros sites
pipe 0 Denunciar post Postado Julho 9, 2010 OTL logfile created on: 09/07/2010 20:42:27 - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Marcus\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 291,25 Gb Total Space | 202,79 Gb Free Space | 69,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARCUS-PC Current User Name: Marcus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/09 20:40:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe PRC - [2010/05/04 03:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe PRC - [2010/02/22 18:03:46 | 000,053,856 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe PRC - [2009/11/24 20:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 20:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 20:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 20:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 20:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Arquivos de programas\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/01/20 23:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe PRC - [2008/01/20 23:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe ========== Modules (SafeList) ========== MOD - [2010/07/09 20:40:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe MOD - [2009/04/11 03:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/20 23:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (scpVista) SRV - [2010/02/22 18:03:46 | 000,053,856 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2009/11/24 20:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 20:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 20:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 20:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/09/24 22:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/01/20 23:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2010/02/22 18:05:52 | 000,030,560 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2009/11/24 20:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 20:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/09/15 06:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009/09/15 06:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/09/15 06:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2009/03/12 16:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2009/03/02 15:48:14 | 000,463,360 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350) DRV - [2009/02/25 13:33:04 | 000,007,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\Cloverh.sys -- (Cloverh) DRV - [2009/01/13 17:56:06 | 000,346,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008/07/24 18:03:46 | 002,158,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/04/23 11:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2008/03/31 15:44:46 | 001,069,608 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008/03/03 15:12:50 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2008/01/20 23:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 23:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 23:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 23:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 23:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 23:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 23:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 23:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 23:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 23:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 23:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 23:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 23:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 23:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 23:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 23:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 23:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 23:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 23:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 23:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 23:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 23:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 23:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 23:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 23:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/08/18 06:12:28 | 000,190,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007/01/17 14:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://positivo.br.msn.com/ IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 6E 31 92 63 59 CA 01 [binary data] IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/07/09 20:21:37 | 000,411,183 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14235 more lines... O2 - BHO: (no name) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast!] C:\Arquivos de Programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000..\Run: [WMPNSCFG] C:\Arquivos de Programas\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk.disabled () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2408056106-2879374679-4187563052-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.21.192.133 201.21.192.131 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de Programas\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Program Files\GbPlugin\gbiehCef.dll - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - CLSID or File not found. O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - Reg Error: Key error. File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/09 20:38:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe [2010/07/09 18:11:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/07/09 15:49:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010/07/09 15:47:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/07/09 15:39:47 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/07/09 15:39:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/07/08 11:39:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marcus\Desktop\HiJackThis.exe [2010/07/08 11:09:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes [2010/07/08 11:09:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/07/08 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/08 11:09:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/07/08 11:09:40 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware [2010/07/08 11:00:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/07/08 11:00:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/07/08 11:00:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/07/08 11:00:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/07/08 10:58:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/07 17:10:51 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/06/29 13:32:20 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Orban [2010/06/29 13:32:10 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Megacubo [2010/06/13 19:22:00 | 000,000,000 | ---D | C] -- C:\CHALEGRECD [2010/06/13 19:11:58 | 000,000,000 | ---D | C] -- C:\CHALEGRE [2010/06/13 19:02:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus\Documents\Toshiba [2010/06/11 16:31:31 | 000,000,000 | ---D | C] -- C:\servidor [2010/06/10 19:15:53 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Google [2010/06/10 19:15:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Google [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/09 20:40:28 | 007,340,032 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT [2010/07/09 20:40:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe [2010/07/09 20:26:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/09 20:21:37 | 000,411,183 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/07/09 20:20:31 | 000,411,183 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100709-202137.backup [2010/07/09 20:11:35 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/09 20:11:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/09 20:11:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/09 20:11:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/09 20:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/09 20:11:10 | 3084,042,240 | -HS- | M] () -- C:\hiberfil.sys [2010/07/09 18:18:25 | 000,524,288 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{9b625817-1d4d-11de-989d-0008541c42e6}.TMContainer00000000000000000001.regtrans-ms [2010/07/09 18:18:25 | 000,065,536 | -HS- | M] () -- C:\Users\Marcus\NTUSER.DAT{9b625817-1d4d-11de-989d-0008541c42e6}.TM.blf [2010/07/09 18:18:21 | 001,364,786 | -H-- | M] () -- C:\Users\Marcus\AppData\Local\IconCache.db [2010/07/09 18:12:18 | 000,000,347 | ---- | M] () -- C:\Start_.cmd [2010/07/09 17:39:55 | 001,444,766 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/09 17:39:55 | 000,634,222 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/07/09 17:39:55 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/09 17:39:55 | 000,121,888 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/07/09 17:39:55 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/09 16:50:55 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AE15571-FF1A-4866-8CF2-F5AA07583C5E}.job [2010/07/09 15:49:43 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/07/09 15:49:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100709-202031.backup [2010/07/09 10:32:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/09 09:33:31 | 000,001,716 | -H-- | M] () -- C:\Users\Marcus\Documents\Default.rdp [2010/07/08 11:39:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marcus\Desktop\HiJackThis.exe [2010/07/07 19:22:57 | 000,071,136 | ---- | M] () -- C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT [2010/07/07 19:22:46 | 000,304,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/07/07 19:20:42 | 000,000,286 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/07/07 13:32:04 | 000,407,552 | ---- | M] () -- C:\Windows\System32\SynNglp.exe [2010/07/05 08:49:44 | 000,411,423 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100707-175100.backup [2010/07/05 08:49:10 | 000,411,423 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100705-084943.backup [2010/06/28 13:44:25 | 000,010,207 | ---- | M] () -- C:\Users\Marcus\Documents\linhas.docx [2010/06/25 15:11:53 | 000,029,696 | ---- | M] () -- C:\Users\Marcus\Documents\RESUMO[1].doc [2010/06/25 13:59:40 | 000,000,804 | ---- | M] () -- C:\Users\Marcus\Desktop\CCleaner.lnk [2010/06/25 13:57:30 | 000,408,580 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100705-084910.backup [2010/06/18 17:50:10 | 087,894,161 | ---- | M] () -- C:\20100618.K01 [2010/06/17 13:27:57 | 000,408,454 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100625-135730.backup [2010/06/15 22:08:18 | 000,038,400 | ---- | M] () -- C:\Users\Marcus\Documents\currículo.doc [2010/06/15 22:02:15 | 000,030,720 | ---- | M] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/15 13:28:36 | 000,180,471 | ---- | M] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_UNO_imprimir.do.pdf [2010/06/15 11:47:55 | 000,009,910 | ---- | M] () -- C:\Users\Marcus\Documents\__www.anuncio.zhclassificados.com.br_anuncios_include_inc.pdf [2010/06/13 20:27:58 | 000,172,558 | ---- | M] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_palio_imprimir.do.pdf [2010/06/13 20:16:27 | 000,175,774 | ---- | M] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_punto_imprimir.do.pdf [2010/06/13 20:07:40 | 000,183,684 | ---- | M] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_monte-seu-carro_imprimir.do.pdf [2010/06/13 16:08:26 | 000,404,392 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100617-132757.backup [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/09 16:38:09 | 000,000,347 | ---- | C] () -- C:\Start_.cmd [2010/07/08 11:09:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/08 11:00:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/07/08 11:00:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/07/08 11:00:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/07/08 11:00:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/07/08 11:00:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/07/07 13:32:00 | 000,407,552 | ---- | C] () -- C:\Windows\System32\SynNglp.exe [2010/06/28 13:44:25 | 000,010,207 | ---- | C] () -- C:\Users\Marcus\Documents\linhas.docx [2010/06/22 09:37:25 | 000,029,696 | ---- | C] () -- C:\Users\Marcus\Documents\RESUMO[1].doc [2010/06/19 12:02:04 | 087,894,161 | ---- | C] () -- C:\20100618.K01 [2010/06/18 17:08:40 | 095,251,080 | ---- | C] () -- C:\20100604.K01 [2010/06/15 22:08:58 | 000,038,400 | ---- | C] () -- C:\Users\Marcus\Documents\currículo.doc [2010/06/15 11:47:54 | 000,009,910 | ---- | C] () -- C:\Users\Marcus\Documents\__www.anuncio.zhclassificados.com.br_anuncios_include_inc.pdf [2010/06/14 11:59:43 | 000,180,471 | ---- | C] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_UNO_imprimir.do.pdf [2010/06/13 20:27:57 | 000,172,558 | ---- | C] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_palio_imprimir.do.pdf [2010/06/13 20:16:26 | 000,175,774 | ---- | C] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_punto_imprimir.do.pdf [2010/06/13 20:07:38 | 000,183,684 | ---- | C] () -- C:\Users\Marcus\Documents\__www.fiat.com.br_monte-seu-carro_imprimir.do.pdf [2010/06/10 19:16:04 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/10 19:16:02 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/31 16:55:28 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/05/31 16:55:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/05/31 16:55:26 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010/05/31 16:55:26 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/05/31 16:55:26 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/05/31 16:55:24 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010/05/31 16:55:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/05/21 15:00:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010/05/19 16:49:35 | 000,495,616 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2010/05/19 16:49:35 | 000,000,260 | ---- | C] () -- C:\Windows\System32\ic32.ini [2010/05/19 16:49:33 | 000,000,501 | ---- | C] () -- C:\Windows\System32\MMoney20.drv [2010/05/19 16:49:33 | 000,000,501 | ---- | C] () -- C:\Windows\System32\drcmmsys20.drv [2010/04/22 15:32:13 | 000,000,032 | ---- | C] () -- C:\Windows\danfev.INI [2010/04/22 15:31:06 | 000,000,032 | ---- | C] () -- C:\Windows\unidanfe.INI [2010/04/21 14:42:25 | 000,005,361 | ---- | C] () -- C:\Windows\DesinstWRecnet.ini [2010/04/21 14:42:25 | 000,000,129 | ---- | C] () -- C:\Windows\REC-NET.INI [2009/10/19 15:59:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/10 19:50:01 | 000,000,207 | ---- | C] () -- C:\Windows\OEM.ini [2009/08/10 19:50:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2009/08/10 19:48:27 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Cloverh.sys [2009/08/10 18:37:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:9A76BD1B_Cef.gbp @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8C35AEA7 < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
