[Resolvido!] Malwares

[Chingotte 0]

Preciso de uma ajuda, observo recentemente alguns avisos de ameaça (cavalos de tróia) do avg, tais como:

 

Banload AYIC

Generic8.DUY

Banker5.BERU

Banker5.BEVY

Generic16.MEJ

 

Entre outros.

 

Agradeço antecipadamente.

 

 

 

Segue o log

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:52:26, on 14/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\runonce.exe

C:\Documents and Settings\danielc\Desktop\HiJackThis.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Arquivos de programas\Google\Chrome Frame\Application\5.0.375.62\npchrome_frame.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Arquivos de programas\RecFree.com\RecFreeToolbar\1.3.10.0\escorTlbr.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Arquivos de programas\New Boundary\Client\PTClient.exe" /Subscriber

O4 - HKLM\..\Run: [iAAnotif] "C:\Arquivos De Programas\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: RankQuest SEO Toolbar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: RankQuest SEO Toolbar - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Arquivos de programas\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)

O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Arquivos de programas\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grupoeco.local

O17 - HKLM\Software\..\Telephony: DomainName = grupoeco.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grupoeco.local

O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Arquivos de programas\Google\Chrome Frame\Application\5.0.375.62\npchrome_frame.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Arquivos de programas\Intel\AMT\atchksrv.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Arquivos De Programas\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Arquivos de programas\Intel\AMT\LMS.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Arquivos de programas\Arquivos comuns\New Boundary\PrismXL\PrismXL.sys

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Arquivos de programas\Intel\AMT\UNS.exe

 

--

End of file - 10225 bytes

[wings 22]

Boa noite.....

 

 

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[Chingotte 0]

Bom dia, segue o relatório.

 

Obrigado por hora,

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by danielc at 2010-07-15 11:53:38

Microsoft Windows XP Professional Service Pack 3

System drive C: has 34 GB (22%) free of 153 GB

Total RAM: 2005 MB (30% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{CFD4154F-837F-4A46-9D73-A8B8855CC81A}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

IeMonitorBho Class - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll [2009-12-01 108544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll [2009-10-22 310824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]

ChromeFrame BHO - C:\Arquivos de programas\Google\Chrome Frame\Application\5.0.375.99\npchrome_frame.dll [2010-07-09 1154104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

{0508F8F1-08E3-43EE-AAA8-09AD09803084} - RecFree Toolbar - C:\Arquivos de programas\RecFree.com\RecFreeToolbar\1.3.10.0\escorTlbr.dll [2009-07-26 172032]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2007-08-01 1036288]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-05-29 150040]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-05-29 170520]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-05-29 141848]

"Prism Deploy Client"=C:\Arquivos de programas\New Boundary\Client\PTClient.exe [2009-04-16 2957312]

"IAAnotif"=C:\Arquivos De Programas\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2010-07-12 2048352]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\QTTask.exe [2010-03-18 421888]

"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2010-06-15 141624]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Extraram"=C:\Arquivos de programas\Extra RAM\ExtraRAM.exe [2010-02-09 551936]

"Bandwidth Monitor Pro"=C:\Arquivos de programas\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2005-02-16 225280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]

C:\Arquivos de programas\Intel\AMT\atchk.exe [2007-06-12 408344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Arquivos de programas\iTunes\iTunesHelper.exe [2010-06-15 141624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\QTTask.exe [2010-03-18 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteVacuum]

C:\Arquivos de programas\EasySearch\SiteVacuumClient.exe [2009-08-17 479309]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe

 

C:\Documents and Settings\danielc\Menu Iniciar\Programas\Inicializar

Batch Bandwidth Monitor.lnk - C:\Arquivos de programas\Bandwidth\BandMon.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

C:\ARQUIV~1\GbPlugin\gbiehAbn.dll [2009-10-22 310824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-07-29 11952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-04-02 212992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehAbn.dll [2009-10-22 310824]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\DNA\btdna.exe"="C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\DNA\btdna.exe"="C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA"

"C:\Arquivos de programas\BitTorrent\bittorrent.exe"="C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4"

"C:\Arquivos de programas\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Arquivos de programas\CyberLink\PowerDVD DX\PowerDVD.exe:*:Disabled:CyberLink PowerDVD DX"

"C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Disabled:CyberLink PowerDVD DX Resident Program"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Grisoft\AVG7\avginet.exe"="C:\Arquivos de programas\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe"="C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Arquivos de programas\CoffeeCup Software\FreeFTPFree-4.0.1\FreeFTP.exe"="C:\Arquivos de programas\CoffeeCup Software\FreeFTPFree-4.0.1\FreeFTP.exe:*:Enabled:Free FTP Application"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"G:\Jogos\Counter Strike - Portable (100% Work Online) no addons need\Counter Strike - Portable\Programs\CS USB\root\cstrike.exe"="G:\Jogos\Counter Strike - Portable (100% Work Online) no addons need\Counter Strike - Portable\Programs\CS USB\root\cstrike.exe:*:Enabled:Half-Life Launcher"

"C:\Documents and Settings\danielc\Desktop\Counter Strike - Portable\Programs\CS USB\root\cstrike.exe"="C:\Documents and Settings\danielc\Desktop\Counter Strike - Portable\Programs\CS USB\root\cstrike.exe:*:Enabled:Half-Life Launcher"

"C:\Arquivos de programas\Free Video Converter\FreeVideoConverter.exe"="C:\Arquivos de programas\Free Video Converter\FreeVideoConverter.exe:*:Enabled:FreeVideoConverter"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\Arquivos comuns\Nero\Nero Web\SetupX.exe"="C:\Arquivos de programas\Arquivos comuns\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

 

======List of files/folders created in the last 1 months======

 

2010-07-15 11:53:39 ----D---- C:\Arquivos de programas\trend micro

2010-07-15 11:53:38 ----D---- C:\rsit

2010-07-15 10:32:35 ----SHD---- C:\RECYCLER

2010-07-14 14:47:54 ----D---- C:\WINDOWS\temp

2010-07-14 14:40:02 ----D---- C:\ComboFix

2010-07-14 14:34:36 ----A---- C:\WINDOWS\ntbtlog.txt

2010-07-13 15:31:19 ----A---- C:\Boot.bak

2010-07-13 15:31:13 ----RASHD---- C:\cmdcons

2010-07-13 15:27:33 ----A---- C:\WINDOWS\NIRCMD.exe

2010-07-08 09:26:08 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2010-06-29 15:00:41 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll

2010-06-29 15:00:32 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$

2010-06-24 09:34:39 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys

2010-06-24 09:34:39 ----A---- C:\WINDOWS\system32\drivers\MPE.sys

2010-06-24 09:34:38 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys

2010-06-24 09:34:37 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys

2010-06-24 09:34:37 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys

2010-06-24 09:34:36 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2010-06-24 09:34:34 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys

2010-06-24 09:34:33 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys

2010-06-24 09:34:31 ----RA---- C:\WINDOWS\system32\drivers\ZTUB10.sys

2010-06-24 09:34:30 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2010-06-24 09:34:30 ----A---- C:\WINDOWS\system32\PsisDecd.dll

2010-06-24 09:34:29 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys

2010-06-24 09:34:20 ----D---- C:\Documents and Settings\danielc\Dados de aplicativos\ArcSoft

2010-06-24 09:34:19 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\ArcSoft

2010-06-24 09:34:14 ----A---- C:\WINDOWS\system32\drivers\afc.sys

2010-06-24 09:33:32 ----D---- C:\Arquivos de programas\Arquivos comuns\ArcSoft

2010-06-17 11:23:14 ----D---- C:\Arquivos de programas\iPod

2010-06-17 11:23:09 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-17 11:23:09 ----D---- C:\Arquivos de programas\iTunes

2010-06-17 11:21:46 ----D---- C:\Arquivos de programas\QuickTime

2010-06-17 11:21:01 ----D---- C:\Arquivos de programas\Apple Software Update

2010-06-17 11:19:28 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll

 

======List of files/folders modified in the last 1 months======

 

2010-07-15 11:53:39 ----RD---- C:\Arquivos de programas

2010-07-15 10:12:06 ----D---- C:\WINDOWS\system32\drivers\Avg

2010-07-15 10:10:04 ----D---- C:\WINDOWS\security

2010-07-15 10:09:59 ----A---- C:\WINDOWS\system32\log.txt

2010-07-15 10:09:28 ----AD---- C:\WINDOWS\system32\drivers

2010-07-14 18:17:04 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-07-14 17:40:49 ----A---- C:\WINDOWS\NeroDigital.ini

2010-07-14 15:10:36 ----D---- C:\WINDOWS\Prefetch

2010-07-14 14:53:51 ----D---- C:\WINDOWS

2010-07-14 14:47:59 ----A---- C:\WINDOWS\system.ini

2010-07-14 14:46:58 ----D---- C:\WINDOWS\system32

2010-07-14 14:46:58 ----D---- C:\WINDOWS\AppPatch

2010-07-14 14:46:58 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-07-14 14:40:20 ----D---- C:\WINDOWS\system32\CatRoot2

2010-07-14 14:40:08 ----D---- C:\Qoobox

2010-07-14 11:56:42 ----D---- C:\WINDOWS\Debug

2010-07-13 15:39:15 ----D---- C:\WINDOWS\ERDNT

2010-07-13 15:38:23 ----D---- C:\WINDOWS\system32\drivers\etc

2010-07-13 15:31:19 ----RASH---- C:\boot.ini

2010-07-13 13:41:06 ----D---- C:\$AVG8.VAULT$

2010-07-13 13:40:55 ----D---- C:\Documents and Settings\danielc\Dados de aplicativos\uTorrent

2010-07-12 17:49:46 ----D---- C:\Documents and Settings\danielc\Dados de aplicativos\DC++

2010-07-12 17:46:38 ----D---- C:\dc

2010-07-08 14:33:57 ----D---- C:\WINDOWS\system32\config

2010-07-08 09:26:17 ----D---- C:\Documents and Settings\danielc\Dados de aplicativos\Adobe

2010-07-08 09:26:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2010-06-30 10:24:49 ----D---- C:\Arquivos de programas\Mozilla Firefox

2010-06-30 10:08:14 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2010-06-30 09:07:40 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2010-06-29 15:41:24 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2010-06-29 15:01:04 ----HD---- C:\WINDOWS\inf

2010-06-24 09:34:45 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-06-24 09:34:26 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-06-17 11:26:22 ----D---- C:\Config.Msi

2010-06-17 11:24:15 ----SHD---- C:\WINDOWS\Installer

2010-06-17 11:23:12 ----D---- C:\Arquivos de programas\Arquivos comuns\Apple

2010-06-17 11:21:03 ----SD---- C:\WINDOWS\Tasks

2010-06-17 11:18:48 ----D---- C:\Arquivos de programas\Bonjour

2010-06-17 11:18:19 ----D---- C:\WINDOWS\WinSxS

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2009-06-22 12552]

R0 GbpKm;Gbp KernelMode; C:\WINDOWS\system32\drivers\GbpKm.sys [2009-10-22 31080]

R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-09-29 308248]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-07-09 43872]

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-29 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-29 27784]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-22 108552]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-08-03 307712]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-06-12 45056]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-04-02 6008704]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2010-03-02 47360]

R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]

R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904]

S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~2\CONFIG~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys []

S3 MPE;Filtro BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2010-04-19 18432]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SMBDATuner;ZT-UB10 Tuner; C:\WINDOWS\System32\Drivers\ZTUB10.sys [2008-05-08 40448]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]

R2 Application Updater;Application Updater; C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]

R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Arquivos de programas\Intel\AMT\atchksrv.exe [2007-06-12 183064]

R2 avg8wd;AVG8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-07-29 297752]

R2 Bonjour Service;Serviço do Bonjour; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2010-05-18 345376]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-10-22 54376]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Arquivos De Programas\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]

R2 LMS;Intel® Active Management Technology Local Management Service; C:\Arquivos de programas\Intel\AMT\LMS.exe [2007-06-12 109336]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]

R2 PrismXL;PrismXL; C:\Arquivos de programas\Arquivos comuns\New Boundary\PrismXL\PrismXL.sys [2008-11-17 552960]

R2 PSI_SVC_2;Protexis Licensing V2; c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R2 UNS;Intel® Active Management Technology User Notification Service; C:\Arquivos de programas\Intel\AMT\UNS.exe [2007-06-12 2521880]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-20 655624]

R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2010-06-15 540472]

S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-28 133104]

S3 Adobe LM Service;Adobe LM Service; C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-07-08 68096]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]

 

-----------------EOF-----------------

[wings 22]

1.

Abra o Spybot

No menu superior, clique em [Modo] > [Avançado] e confirme.

Clique em [Ferramentas] > [Residente]

Desmarque a opção Ativar "TeaTimer" do Residente (proteção geral das configurações de sistema).

Feche o programa.

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[Chingotte 0]

Olá wings, a opção já estava desmarcada, permanecendo apenas a SDHelper. Descmarco?

 

Segue o log.

 

Obrigado.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4316

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

15/7/2010 14:45:59

mbam-log-2010-07-15 (14-45-59).txt

 

Tipo de Verificação: Verificação Completa (C:\|G:\|)

Objetos escaneados: 533338

Tempo decorrido: 2 hora(s), 4 minuto(s), 1 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 14

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 4

Arquivos Infectados: 25

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\xbtb09202.xbtb09202 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\xbtb09202.xbtb09202.3 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{fd90c192-481b-4a89-9fd7-cfa65709f541} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0fdcf5f0-d211-4412-a6e3-dd4938e26e24} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{105e2c3f-b804-4e5b-acdd-fd7733908d0e} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a30dfaca-4174-438e-bdb8-ae8fd54313a7} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{aff229f4-c47c-4965-8a83-2bfca62ab441} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb5a0bc8-e15f-48e8-afc2-95cef3e97ac3} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5f2caa6-16d2-4d34-9aff-3dc30d94b8c1} (Adware.SuperSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sitevacuum (Adware.SuperSearch) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

C:\Arquivos de programas\EasySearch (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt\chrome (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt\chrome\content (Adware.SuperSearch) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\Arquivos de programas\RankQuest SEO Toolbar\rankquest3.7.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\danielc\Desktop\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Arquivos de programas\Dealio Toolbar\WidgiHelper.exe.vir (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll.vir (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FE26E0A6-120E-4506-881B-1FC10F62EDEF}\RP306\A0044505.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FE26E0A6-120E-4506-881B-1FC10F62EDEF}\RP306\A0044506.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

G:\Softwares - Downloads\Internet\Desenvolvimento\Mail.Bomber.v9.3.Retail.-.WwW.DivxTotal.CoM\Mail.Bomber.v9.3.Retail.-.WwW.DivxTotal.CoM\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

G:\Softwares - Downloads\Softwares Design\Adobe\Adobe CS4\MAZUKi\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Alien Skin (Complete Photoshop Plugin Collection)\Keygens\MultiKeygen v1.0.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

G:\Softwares - Downloads\som\Sony - Sound Forge 8.0 Build 53\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

G:\Softwares - Downloads\Email\Mail.Bomber.v9.3.Retail.-.WwW.DivxTotal.CoM\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\MFC42U.DLL (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\SiteVacuumClient.bue (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\SiteVacuumClient.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\SiteVacuumClient.tlb (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\SiteVacuumLicense.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\tskill.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\uninst.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\UpdateHelper.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\what.is.SiteVacuumClient.exe.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\WSConfig.ini (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt\chrome.manifest (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt\install.rdf (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\EasySearch\FFExt\chrome\content\sitevacuum.xul (Adware.SuperSearch) -> Quarantined and deleted successfully.

[wings 22]

1.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Apagar tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Apagar]

 

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*A tela principal do programa será aberta automaticamente

*Selecione a opção:

 

[] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar.

*Caso encontre algo, clique em [skip]

*Ao término do scan, clique em [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas e cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório salvo no desktop na sua próxima resposta

[Chingotte 0]

ok, segue

 

Autoscan: stopped 20 hours ago (events: 2, objects: 7136, time: 00:08:02)

Autoscan: completed 20 hours ago (events: 2, objects: 4462, time: 00:04:43)

Autoscan: completed 1 minute ago (events: 53, objects: 1276718, time: 02:28:34)

15/7/2010 16:03:32 Task started

15/7/2010 16:46:14 Detected: not-a-virus:AdWare.Win32.Mostofate.ds C:\Arquivos de programas\RankQuest SEO Toolbar\tbhelper.dll

15/7/2010 16:46:33 Untreated: not-a-virus:AdWare.Win32.Mostofate.ds C:\Arquivos de programas\RankQuest SEO Toolbar\tbhelper.dll Skipped by user

15/7/2010 16:57:15 Processing error C:\Documents and Settings\danielc\Configurações locais\Dados de aplicativos\Microsoft\Outlook\archive.pst Read error

15/7/2010 16:57:17 Processing error C:\Documents and Settings\danielc\Configurações locais\Dados de aplicativos\Microsoft\Outlook\Outlook.pst Read error

15/7/2010 17:27:49 Detected: Trojan-Proxy.Win32.Agent.cnq C:\Documents and Settings\danielc\Meus documentos\Downloads\Virtual_DJ_5.2\Virtual DJ 5.2\Atomix_Virtual_DJ___Effects\Atomix Virtual DJ + Effects\SoundEffect\MultiFlangerOption.dll

15/7/2010 17:28:21 Detected: Trojan-Proxy.Win32.Agent.cnq C:\Documents and Settings\danielc\Meus documentos\Downloads\Virtual_DJ_5.2\Virtual DJ 5.2\Atomix_Virtual_DJ___Effects.rar/Atomix Virtual DJ + Effects/SoundEffect/MultiFlangerOption.dll

15/7/2010 17:28:37 Untreated: Trojan-Proxy.Win32.Agent.cnq C:\Documents and Settings\danielc\Meus documentos\Downloads\Virtual_DJ_5.2\Virtual DJ 5.2\Atomix_Virtual_DJ___Effects\Atomix Virtual DJ + Effects\SoundEffect\MultiFlangerOption.dll Skipped by user

15/7/2010 17:28:48 Untreated: Trojan-Proxy.Win32.Agent.cnq C:\Documents and Settings\danielc\Meus documentos\Downloads\Virtual_DJ_5.2\Virtual DJ 5.2\Atomix_Virtual_DJ___Effects.rar/Atomix Virtual DJ + Effects/SoundEffect/MultiFlangerOption.dll Write not supported

15/7/2010 18:19:37 Detected: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2807.zip/n-pes2008.jar/a

15/7/2010 18:20:59 Untreated: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2807.zip/n-pes2008.jar/a Write not supported

15/7/2010 18:21:06 Detected: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40v2.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2808.zip/n-pes2008.jar/a

15/7/2010 18:21:09 Untreated: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40v2.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2808.zip/n-pes2008.jar/a Write not supported

15/7/2010 18:21:14 Detected: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.Sagem.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2809.zip/n-pes2008.jar/a

15/7/2010 18:21:15 Untreated: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.Sagem.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2809.zip/n-pes2008.jar/a Write not supported

15/7/2010 18:21:18 Detected: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.Samsung.E700.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2810.zip/n-pes2008.jar/a

15/7/2010 18:21:21 Untreated: EICAR-Test-File G:\celular\games-cel\128x160.part1.rar/Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.Samsung.E700.J2Me.Read.nfo.Retail-NOKiApDA/n-ps2810.zip/n-pes2008.jar/a Write not supported

15/7/2010 18:22:55 Detected: EICAR-Test-File G:\celular\games-cel\128x160.part1\Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40.J2Me.Read.nfo.Retail-NOKiApDA\n-ps2807.zip/n-pes2008.jar/a

15/7/2010 18:22:55 Detected: EICAR-Test-File G:\celular\games-cel\128x160.part1\Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40v2.J2Me.Read.nfo.Retail-NOKiApDA\n-ps2808.zip/n-pes2008.jar/a

15/7/2010 18:22:59 Untreated: EICAR-Test-File G:\celular\games-cel\128x160.part1\Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40v2.J2Me.Read.nfo.Retail-NOKiApDA\n-ps2808.zip/n-pes2008.jar/a Skipped by user

15/7/2010 18:22:59 Untreated: EICAR-Test-File G:\celular\games-cel\128x160.part1\Konami.Pro.Evolution.Soccer.2008.128x160.v1.0.0.S40.J2Me.Read.nfo.Retail-NOKiApDA\n-ps2807.zip/n-pes2008.jar/a Skipped by user

15/7/2010 18:33:12 Task stopped

16/7/2010 09:38:43 Task started

16/7/2010 10:21:25 Detected: Trojan-Downloader.Win32.Agent.dhzv G:\Softwares - Downloads\RSFAN.rar/RSFAN/RSFAN.exe/PE_Patch.PECompact/PecBundle/PECompact

16/7/2010 10:21:34 Untreated: Trojan-Downloader.Win32.Agent.dhzv G:\Softwares - Downloads\RSFAN.rar/RSFAN/RSFAN.exe/PE_Patch.PECompact/PecBundle/PECompact Write not supported

16/7/2010 10:25:22 Detected: Trojan-Downloader.Win32.Agent.dmzl G:\Softwares - Downloads\craks\todas_chaves_nero9.rar/keymaker.exe

16/7/2010 10:25:25 Untreated: Trojan-Downloader.Win32.Agent.dmzl G:\Softwares - Downloads\craks\todas_chaves_nero9.rar/keymaker.exe Write not supported

16/7/2010 10:25:50 Detected: Trojan.Win32.Genome.rfv G:\Softwares - Downloads\Email\AutomailSender3[1].5.rar/AutomailSender3.5/Keygen/KeyGen.exe

16/7/2010 10:25:52 Untreated: Trojan.Win32.Genome.rfv G:\Softwares - Downloads\Email\AutomailSender3[1].5.rar/AutomailSender3.5/Keygen/KeyGen.exe Write not supported

16/7/2010 10:26:18 Detected: Trojan.Win32.Genome.rfv G:\Softwares - Downloads\Email\AutomailSender3.5\Keygen\KeyGen.exe

16/7/2010 10:28:17 Deleted: Trojan.Win32.Genome.rfv G:\Softwares - Downloads\Email\AutomailSender3.5\Keygen\KeyGen.exe

16/7/2010 10:31:18 Detected: not-a-virus:AdWare.Win32.Mostofate.ad G:\Softwares - Downloads\Internet\Navegadores\ad-ons - ie\rankquest.exe/data0014

16/7/2010 10:31:26 Untreated: not-a-virus:AdWare.Win32.Mostofate.ad G:\Softwares - Downloads\Internet\Navegadores\ad-ons - ie\rankquest.exe/data0014 Write not supported

16/7/2010 10:31:26 Detected: not-a-virus:AdWare.Win32.Mostofate.ds G:\Softwares - Downloads\Internet\Navegadores\ad-ons - ie\rankquest.exe/data0018

16/7/2010 11:46:12 Detected: Trojan.Win32.BHO.acvq G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Imagenomic.RealGrain.v1.0.1.for.Adobe.Photoshop-SCOTCH\RealGrainPluginSetup1010.exe

16/7/2010 11:46:15 Untreated: Trojan.Win32.BHO.acvq G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Imagenomic.RealGrain.v1.0.1.for.Adobe.Photoshop-SCOTCH\RealGrainPluginSetup1010.exe Skipped by user

16/7/2010 11:47:43 Detected: Trojan.Win32.BHO.acvq G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Imagenomic.RealGrain.v1.0.1.for.Adobe.Photoshop-SCOTCH\SCOTCH_IRG101.part1.rar/RealGrainPluginSetup1010.exe

16/7/2010 11:48:04 Untreated: Trojan.Win32.BHO.acvq G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Imagenomic.RealGrain.v1.0.1.for.Adobe.Photoshop-SCOTCH\SCOTCH_IRG101.part1.rar/RealGrainPluginSetup1010.exe Write not supported

16/7/2010 11:50:46 Detected: Trojan.Win32.Inject.anyw G:\Softwares - Downloads\Softwares Design\Portable FreeHand\authplay.dll

16/7/2010 11:51:00 Untreated: Trojan.Win32.Inject.anyw G:\Softwares - Downloads\Softwares Design\Portable FreeHand\authplay.dll Skipped by user

16/7/2010 11:51:59 Detected: Trojan-Downloader.Win32.AutoIt.is G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Photoshop_Plug_Ins\Photoshop_Plug_Ins.exe/data0000.cab/ANDY_V~1.EXE/andy_vcstats.au3.tbl

16/7/2010 11:52:04 Untreated: Trojan-Downloader.Win32.AutoIt.is G:\Softwares - Downloads\Softwares Design\Adobe\plug ins\Photoshop_Plug_Ins\Photoshop_Plug_Ins.exe/data0000.cab/ANDY_V~1.EXE/andy_vcstats.au3.tbl Write not supported

16/7/2010 12:01:09 Detected: Trojan-PSW.Win32.VB.bur G:\Softwares - Downloads\Vídeo&Players\aTubeCatcher_1_0_236_setup.exe/aTubeCatcher_1_0_setup.msi/_3A54DFA15EF9AAB5C6BFF4F00886A678/_9A65EFD64A6B407E9CB7642B78E9CFDB

16/7/2010 12:01:14 Untreated: Trojan-PSW.Win32.VB.bur G:\Softwares - Downloads\Vídeo&Players\aTubeCatcher_1_0_236_setup.exe/aTubeCatcher_1_0_setup.msi/_3A54DFA15EF9AAB5C6BFF4F00886A678/_9A65EFD64A6B407E9CB7642B78E9CFDB Write not supported

16/7/2010 12:01:32 Detected: Packed.Win32.Krap.y G:\Softwares - Downloads\Vídeo&Players\Sothink SWF To Video Converter v2.4 Build 80312.zip/Keygen.exe

16/7/2010 12:03:06 Detected: Trojan.Win32.Inject.anyw G:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP296\A0078612.dll

16/7/2010 12:03:07 Untreated: Packed.Win32.Krap.y G:\Softwares - Downloads\Vídeo&Players\Sothink SWF To Video Converter v2.4 Build 80312.zip/Keygen.exe Skipped by user

16/7/2010 12:03:09 Untreated: Trojan.Win32.Inject.anyw G:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP296\A0078612.dll Skipped by user

16/7/2010 12:04:53 Detected: Packed.Win32.Krap.hc G:\System Volume Information\_restore{FE26E0A6-120E-4506-881B-1FC10F62EDEF}\RP307\A0044620.exe

16/7/2010 12:04:56 Detected: Trojan.Win32.Genome.rfv G:\System Volume Information\_restore{FE26E0A6-120E-4506-881B-1FC10F62EDEF}\RP307\A0044623.exe

16/7/2010 12:04:57 Untreated: Packed.Win32.Krap.hc G:\System Volume Information\_restore{FE26E0A6-120E-4506-881B-1FC10F62EDEF}\RP307\A0044620.exe Skipped by user

16/7/2010 12:04:58 Untreated: Trojan.Win32.Genome.rfv G:\System Volume Information\_restore{FE26E0A6-120E-4506-881B-1FC10F62EDEF}\RP307\A0044623.exe Skipped by user

16/7/2010 12:07:17 Task completed

[wings 22]

Antivírus ainda acusa algo?

[Chingotte 0]

Por enq. não, obrigado.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.