blawless 0 Denunciar post Postado Julho 19, 2010 Prezados, Meu computaodr tem se comportado estranhamente. Ao ligá-lo, aparece a tela de BOOT do sistema, com um aviso de que meu CPU estaria "aberto", mas não é nada físico. O windows tb tem demorado mais para iniciar. Se alguem puder ajudar agradeço. ---------------- Segue o log do Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:37:26, on 19/7/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe C:\Arquivos de programas\Winamp\winampa.exe C:\Arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Arquivos de programas\Vuze_Remote\tbVuz1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Arquivos de programas\Vuze_Remote\tbVuz1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Arquivos de programas\Vuze_Remote\tbVuz1.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [itype] "C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Cyberlink.exe] C:\Documents and Settings\All Users\Dados de aplicativos\Cyberlink.exe O4 - HKLM\..\Run: [MsnSys.exe] C:\Documents and Settings\All Users\Dados de aplicativos\MsnSys.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [DivXUpdate] "C:\Arquivos de programas\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\RunOnce: [b Register C:\Arquivos de programas\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax] "C:\WINDOWS\system32\rundll32.exe" "C:\Arquivos de programas\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax",DllRegisterServer O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177613663208 O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Arquivos de programas\Network Associates\Common Framework\FrameworkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 13828 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 20, 2010 *Baixe o AVZ e salve-o no desktop *Extraia o seu conteúdo para o desktop *Na pasta avz4, execute o aplicativo avz *Clique em [File] > [Database Update] e aguarde o final da atualização. *Em seguida, selecione a partição onde o Windows está instalado. Geralmente é [] Disco local (C:) *Selecione e copie (Ctrl+c) o código abaixo: beginExecuteStdScr(2); end. *Clique em [File] > [Custom Scripts] *Cole (Ctrl+v) o código no espaço em branco *Clique em [Run] *Ao término do scan, uma janela será apresentada informando: "Script executed susccessfully" *Clique [OK] e feche a janela *Na tela principal do AVZ, ao lado do espaço Log, clique no botão com a imagem de um disquete e salve o relatório (avz_log) no desktop *Feche o programa *Cole o relatório na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
blawless 0 Denunciar post Postado Julho 21, 2010 Wings, obrigado pela ajuda. Para ser mais específico, além do relógio ter ficado louco, ao ligar o computador a tela de "Setup" aparece com o aviso: "The system intruded, chassis opened or tempered before, Please check the System" Somente para escalrecimentos, tenho 3 HD's ligados (120 ,160 e um de 500 gigas), num AMD 64, x2, 4 giga de Ram. Sem prejuízo, fiz o procedimento que você explicou com o AVZ e abaixo colaciono o log da operação: ---------------------- AVZ Antiviral Toolkit log; AVZ version is 4.34 Scanning started at 19/7/2010 15:12:53 Database loaded: signatures - 276282, NN profile(s) - 2, malware removal microprograms - 56, signature database released 18.07.2010 00:06 Heuristic microprograms loaded: 383 PVS microprograms loaded: 9 Digital signatures of system files loaded: 213742 Heuristic analyzer mode: Medium heuristics mode Malware removal mode: disabled Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=085700) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 8055C700 KiST = 8050446C (284) Function NtCreateKey (29) intercepted (806237C8->B9EA80E0), hook spyg.sys Function NtEnumerateKey (47) intercepted (80624014->B9EC6CA2), hook spyg.sys Function NtEnumerateValueKey (49) intercepted (8062427E->B9EC7030), hook spyg.sys Function NtOpenKey (77) intercepted (80624BA6->B9EA80C0), hook spyg.sys Function NtQueryKey (A0) intercepted (80624EE8->B9EC7108), hook spyg.sys Function NtQueryValueKey (B1) intercepted (806219EC->B9EC6F88), hook spyg.sys Function NtSetValueKey (F7) intercepted (80621D3A->B9EC719A), hook spyg.sys Functions checked: 284, intercepted: 7, restored: 0 1.3 Checking IDT and SYSENTER Analyzing CPU 1 Analyzing CPU 2 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed 1.5 Checking IRP handlers Driver loaded successfully \FileSystem\ntfs[iRP_MJ_CREATE] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_CLOSE] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_WRITE] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_EA] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_EA] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_VOLUME_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_VOLUME_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_DIRECTORY_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_FILE_SYSTEM_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_DEVICE_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_LOCK_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_SECURITY] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_SECURITY] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_PNP] = 8A55C1F8 -> hook not defined \FileSystem\FastFat[iRP_MJ_CREATE] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_CLOSE] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_WRITE] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_QUERY_INFORMATION] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_SET_INFORMATION] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_QUERY_EA] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_SET_EA] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_QUERY_VOLUME_INFORMATION] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_SET_VOLUME_INFORMATION] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_DIRECTORY_CONTROL] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_FILE_SYSTEM_CONTROL] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_DEVICE_CONTROL] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_LOCK_CONTROL] = 8A09F500 -> hook not defined \FileSystem\FastFat[iRP_MJ_PNP] = 8A09F500 -> hook not defined Checking - complete 2. Scanning RAM Number of processes found: 46 Number of modules loaded: 403 Scanning RAM - complete 3. Scanning disks Direct reading: C:\Documents and Settings\WINXP\Configurações locais\temp\~DF65C2.tmp Direct reading: C:\Documents and Settings\WINXP\Configurações locais\temp\~DFCF73.tmp Direct reading: C:\WINDOWS\system32\drivers\sptd.sys 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto) >> Services: potentially dangerous service allowed: TermService (Serviços de terminal) >> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP) >> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas) >> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting) >> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements Checking - complete 9. Troubleshooting wizard >> Abnormal SCR files association >> Internet Explorer - automatic queries of ActiveX operating elements are allowed >> HDD autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 142263, extracted from archives: 113698, malicious software found 0, suspicions - 0 Scanning finished at 19/7/2010 15:35:35 Time of scanning: 00:22:42 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference System Analysis in progress System Analysis - complete -------------------------------------- Obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 21, 2010 *Delete o arquivo avz_log localizado no desktop *Na pasta avz4, execute novamente o aplicativo avz *Em seguida, selecione a partição onde o Windows está instalado. Geralmente é [] Disco local (C:) *Selecione as opções: []Enable malware removal mode []Copy suspicious files to Quarantine *Clique em [start] e aguarde o término *Na tela principal do AVZ, ao lado do espaço Log, clique no botão e salve o relatório (avz_log) no desktop *Feche o programa *Cole o relatório na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
blawless 0 Denunciar post Postado Julho 22, 2010 Wings, segue o log de acordo com o solicitado. ----- AVZ Antiviral Toolkit log; AVZ version is 4.34 Scanning started at 20/7/2010 15:32:55 Database loaded: signatures - 276282, NN profile(s) - 2, malware removal microprograms - 56, signature database released 18.07.2010 00:06 Heuristic microprograms loaded: 383 PVS microprograms loaded: 9 Digital signatures of system files loaded: 213742 Heuristic analyzer mode: Medium heuristics mode Malware removal mode: enabled Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions >> Danger ! Process masking detected 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=085700) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 8055C700 KiST = 8050446C (284) Function NtCreateKey (29) intercepted (806237C8->B9EA80E0), hook spau.sys Function NtEnumerateKey (47) intercepted (80624014->B9EC6CA2), hook spau.sys Function NtEnumerateValueKey (49) intercepted (8062427E->B9EC7030), hook spau.sys Function NtOpenKey (77) intercepted (80624BA6->B9EA80C0), hook spau.sys Function NtQueryKey (A0) intercepted (80624EE8->B9EC7108), hook spau.sys Function NtQueryValueKey (B1) intercepted (806219EC->B9EC6F88), hook spau.sys Function NtSetValueKey (F7) intercepted (80621D3A->B9EC719A), hook spau.sys Functions checked: 284, intercepted: 7, restored: 0 1.3 Checking IDT and SYSENTER Analyzing CPU 1 Analyzing CPU 2 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed 1.5 Checking IRP handlers Driver loaded successfully \FileSystem\ntfs[iRP_MJ_CREATE] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_CLOSE] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_WRITE] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_EA] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_EA] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_VOLUME_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_VOLUME_INFORMATION] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_DIRECTORY_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_FILE_SYSTEM_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_DEVICE_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_LOCK_CONTROL] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_QUERY_SECURITY] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_SET_SECURITY] = 8A55C1F8 -> hook not defined \FileSystem\ntfs[iRP_MJ_PNP] = 8A55C1F8 -> hook not defined \FileSystem\FastFat[iRP_MJ_CREATE] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_CLOSE] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_WRITE] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_QUERY_INFORMATION] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_SET_INFORMATION] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_QUERY_EA] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_SET_EA] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_QUERY_VOLUME_INFORMATION] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_SET_VOLUME_INFORMATION] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_DIRECTORY_CONTROL] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_FILE_SYSTEM_CONTROL] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_DEVICE_CONTROL] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_LOCK_CONTROL] = 8A183500 -> hook not defined \FileSystem\FastFat[iRP_MJ_PNP] = 8A183500 -> hook not defined Checking - complete 2. Scanning RAM Number of processes found: 48 Number of modules loaded: 417 Scanning RAM - complete 3. Scanning disks Direct reading: C:\Documents and Settings\WINXP\Configurações locais\temp\~DF91CB.tmp Direct reading: C:\Documents and Settings\WINXP\Configurações locais\temp\~DF9D9B.tmp Direct reading: C:\WINDOWS\system32\drivers\sptd.sys 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto) >> Services: potentially dangerous service allowed: TermService (Serviços de terminal) >> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP) >> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas) >> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting) >> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements Checking - complete 9. Troubleshooting wizard >> Abnormal SCR files association >> Internet Explorer - automatic queries of ActiveX operating elements are allowed >> HDD autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 141917, extracted from archives: 113704, malicious software found 0, suspicions - 0 Scanning finished at 20/7/2010 15:55:17 Time of scanning: 00:22:24 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 22, 2010 1. *Execute novamente o AVZ *Selecione e copie (Ctrl+c) o código abaixo: begin ExecuteStdScr(6); RebootWindows(true); end. *Clique em [File] > [Custom Scripts] *Cole (Ctrl+v) o código no espaço em branco *Clique em [Run] *O PC será reiniciado *Delete a pasta avz4 e o arquivo avz_log localizados no desktop. 2. *Desative temporariamente seu antivírus Iniciar > Programas > AVG Abra a Interface do usuário do AVG Clique duas vezes na Proteção Residente Desmarque a opção "Proteção Residente ativa" Salve as alterações *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
blawless 0 Denunciar post Postado Julho 23, 2010 Wings, fiz o procedimento mencionado. O problema na tela de Setup do Windows não está mais ocorrendo. Eu desliguei 2 HDs e deixei só o principal (C:) pois estou na dúvida se pode ser a fonte. Segue o relatório do COmbofix: ------------------- ComboFix 10-07-22.01 - WINXP 01/01/2006 15:48:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2046.1567 [GMT -2:00] Executando de: c:\documents and settings\WINXP\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ADS - drivers: deleted 132 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll c:\documents and settings\WINXP\count.exe c:\documents and settings\WINXP\Dados de aplicativos\ACD Systems\ACDSee\ImageDB.ddf c:\documents and settings\WINXP\Dados de aplicativos\avdrn.dat c:\documents and settings\WINXP\Dados de aplicativos\pcouffin.sys c:\windows\system\vdremote.dll c:\windows\system\vdsvrlnk.dll c:\windows\system\winspool.drv c:\windows\system32\Thumbs.db A cópia de c:\windows\system32\msgsvc.dll foi encontrada e desinfectada Cópia restaurada de - c:\windows\ERDNT\cache\msgsvc.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2005-12-01 to 2006-01-01 )))))))))))))))))))))))))))) . 2010-07-19 16:32 . 2010-07-19 16:37 -------- d-----w- C:\Hijack 2010-07-15 22:33 . 2010-07-15 22:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-14 01:35 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-06-12 18:37 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-03 18:25 . 2010-06-03 18:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe 2010-06-03 18:14 . 2010-06-03 18:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR 2010-05-22 22:23 . 2010-07-15 22:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DivX 2010-05-17 02:51 . 2010-05-17 02:51 -------- d-----w- c:\arquivos de programas\Icons 2010-04-23 00:42 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-20 05:31 . 2010-04-20 05:31 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll 2010-04-10 20:50 . 2010-04-10 20:50 -------- d-----w- c:\arquivos de programas\Conduit 2010-04-10 20:50 . 2010-05-25 01:06 -------- d-----w- c:\arquivos de programas\Vuze_Remote 2010-04-01 13:52 . 2010-04-01 13:52 -------- d-----w- c:\arquivos de programas\Kerkythea Rendering System 2010-03-31 03:16 . 2010-03-31 03:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 03:10 . 2010-03-31 03:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-03-27 04:47 . 2010-03-27 04:47 -------- d-----w- c:\windows\system32\DRM 2010-03-10 19:29 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-03-10 02:43 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-05 14:38 . 2010-03-05 14:38 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-19 17:40 . 2010-02-19 17:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Xing Shared 2010-02-19 17:40 . 1998-12-16 14:08 317952 ----a-w- c:\windows\system32\Roboex32.dll 2010-02-12 04:34 . 2010-02-12 04:34 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll 2010-01-13 14:01 . 2010-01-13 14:01 86528 -c----w- c:\windows\system32\dllcache\cabview.dll 2010-01-12 23:17 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2009-12-24 07:00 . 2009-12-24 07:00 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll 2009-12-20 00:42 . 2009-12-20 00:43 -------- d-----w- c:\arquivos de programas\Norton Security Scan 2009-12-17 07:41 . 2009-12-17 07:41 345600 -c----w- c:\windows\system32\dllcache\mspaint.exe 2009-12-15 22:15 . 2009-12-16 00:06 -------- d-----w- c:\windows\BDOSCAN8 2009-12-14 07:09 . 2009-12-14 07:09 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll 2009-12-14 02:15 . 2009-12-14 02:25 -------- d-----w- C:\UsbFix 2009-12-11 03:21 . 2009-12-11 03:21 -------- d-----w- c:\documents and settings\WINXP\Dados de aplicativos\AVG9 2009-12-08 23:23 . 2009-12-08 23:23 -------- d-----w- c:\arquivos de programas\Sophos 2009-11-29 19:37 . 2009-11-29 19:39 -------- d-----w- C:\LinhaDefensiva 2009-11-29 15:11 . 2010-03-13 03:39 -------- d-----w- C:\$AVG 2009-11-29 15:11 . 2010-07-15 22:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-29 15:11 . 2010-06-03 02:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-29 15:10 . 2006-01-01 03:12 -------- d-----w- c:\windows\system32\drivers\Avg 2009-11-29 15:10 . 2009-11-30 21:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar 2009-11-29 15:10 . 2010-07-15 22:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-29 15:10 . 2009-11-29 15:10 -------- d-----w- c:\arquivos de programas\AVG 2009-11-29 15:10 . 2009-11-29 15:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9 2009-11-27 23:58 . 2009-12-05 16:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2009-11-27 23:50 . 2009-11-27 23:50 -------- d-----w- c:\arquivos de programas\Adobe Media Player 2009-11-27 17:13 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2009-11-27 16:08 . 2009-11-27 16:08 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2009-11-27 16:08 . 2009-11-27 16:08 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll 2009-11-07 04:07 . 2009-11-07 04:07 49488 ----a-w- c:\windows\system32\netfxperf.dll 2009-11-07 04:07 . 2009-11-07 04:07 297808 ----a-w- c:\windows\system32\mscoree.dll 2009-11-07 04:06 . 2009-11-07 04:06 1130824 ----a-w- c:\windows\system32\dfshim.dll 2009-10-31 14:26 . 2009-10-31 17:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS 2009-10-21 05:39 . 2009-10-21 05:39 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 05:39 . 2009-10-21 05:39 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 16:20 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2009-10-18 22:20 . 2008-03-21 15:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-10-18 22:20 . 2008-03-27 06:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2009-10-18 22:19 . 2009-10-18 22:19 -------- d-----w- C:\Program Files 2009-10-13 10:34 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll 2009-10-12 13:39 . 2009-10-12 13:39 150016 -c----w- c:\windows\system32\dllcache\rastls.dll 2009-10-12 13:39 . 2009-10-12 13:39 79872 -c----w- c:\windows\system32\dllcache\raschap.dll 2009-10-09 00:43 . 2009-10-09 00:43 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector 2009-10-09 00:42 . 2009-10-09 00:42 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-09-09 22:00 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-04 21:04 . 2009-09-04 21:04 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll 2009-09-04 02:15 . 2009-09-04 02:15 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-04 02:15 . 2009-09-04 02:15 -------- d-----w- c:\arquivos de programas\MSBuild 2009-09-04 02:15 . 2009-09-04 02:15 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-09-04 02:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-09-04 02:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-09-04 02:14 . 2009-09-04 02:14 -------- d-----w- C:\c29b4c97c26ad52509e8e7 2009-09-04 02:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-09-04 02:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-09-04 02:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-09-04 02:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-09-04 02:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-09-04 02:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-09-04 02:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-09-02 18:05 . 2009-09-14 22:52 -------- d-----w- c:\documents and settings\WINXP\Dados de aplicativos\Autodesk 2009-09-02 18:05 . 2009-09-02 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk 2009-09-02 18:05 . 2009-09-02 18:09 -------- d-----w- c:\arquivos de programas\AutoCAD 2008 2009-09-02 18:01 . 2009-09-02 18:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared 2009-09-02 18:01 . 2009-09-02 18:01 -------- d-----w- c:\arquivos de programas\Autodesk 2009-08-30 11:58 . 2009-08-30 11:58 507904 ----a-r- c:\windows\system32\btwapi.dll 2009-08-30 02:25 . 2009-08-30 02:25 -------- d-----w- c:\documents and settings\WINXP\Dados de aplicativos\PlayFirst 2009-08-30 02:25 . 2009-08-30 02:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PlayFirst 2009-08-16 15:17 . 2010-01-29 15:00 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-10 18:50 . 2009-08-10 19:09 -------- d-----w- c:\documents and settings\WINXP\Dados de aplicativos\Corel 2009-08-10 18:44 . 2009-08-10 18:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis 2009-08-10 18:44 . 2009-08-10 18:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel 2009-08-10 18:44 . 2009-08-10 18:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel 2009-08-10 18:38 . 2009-08-10 18:44 -------- d-----w- c:\arquivos de programas\Corel 2009-08-09 18:12 . 2009-08-09 18:12 -------- d-----w- c:\documents and settings\WINXP\Dados de aplicativos\Malwarebytes 2009-08-09 18:12 . 2009-08-09 18:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-04 22:52 . 2009-08-04 22:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-21 02:05 . 2009-07-21 02:05 1348432 ----a-w- c:\windows\system32\msxml4.dll 2009-07-17 19:03 . 2009-07-17 19:03 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 16:17 . 2009-07-17 16:17 1439744 -c----w- c:\windows\system32\dllcache\query.dll 2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- c:\windows\WLXPGSS.SCR 2009-06-28 23:00 . 2010-06-04 14:52 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2009-06-25 08:27 . 2009-09-11 14:19 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 08:27 . 2009-06-25 08:27 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-06-25 08:27 . 2009-06-25 08:27 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-06-24 11:18 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-06-17 14:03 . 2009-06-17 14:03 -------- d-----w- c:\arquivos de programas\Motorola 2009-06-17 13:55 . 2009-06-17 13:55 -------- d-----w- c:\arquivos de programas\Avanquest update 2009-06-16 14:39 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-06-16 14:39 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2009-06-15 10:44 . 2009-06-15 10:44 77824 -c----w- c:\windows\system32\dllcache\telnet.exe 2009-06-15 10:44 . 2009-06-15 10:44 81408 -c----w- c:\windows\system32\dllcache\tlntsess.exe 2009-06-13 02:07 . 2010-05-06 10:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-13 02:07 . 2010-05-06 10:34 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 19:14 . 2009-06-11 19:14 -------- d-sh--w- c:\documents and settings\WINXP\IECompatCache 2009-06-10 14:14 . 2009-11-27 16:08 85504 -c----w- c:\windows\system32\dllcache\avifil32.dll 2009-06-10 06:15 . 2009-06-10 06:15 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll 2009-05-22 20:36 . 2009-05-22 20:43 -------- d-----w- c:\windows\system32\Adobe 2009-05-16 19:53 . 2009-05-16 19:53 -------- d-sh--w- c:\documents and settings\WINXP\PrivacIE 2009-05-11 05:03 . 2009-05-11 05:03 -------- d-sh--w- c:\documents and settings\WINXP\IETldCache 2009-05-11 05:00 . 2010-04-15 00:51 -------- d-----w- c:\windows\ie8updates . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-20 17:33 . 2010-07-20 17:33 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll 2010-07-20 17:33 . 2010-07-20 17:33 1373536 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssff.dll 2010-07-20 17:33 . 2010-07-20 17:33 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll 2010-07-20 17:33 . 2010-07-20 17:33 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll 2010-07-15 22:33 . 2010-07-15 22:33 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys 2010-07-15 22:33 . 2010-07-15 22:33 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys 2010-07-15 22:31 . 2010-07-15 22:31 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll 2010-07-15 22:31 . 2010-07-15 22:31 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe 2010-07-15 22:31 . 2010-07-15 22:31 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll 2010-07-15 22:31 . 2010-07-15 22:31 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe 2010-06-30 02:36 . 2001-10-28 12:07 80328 ----a-w- c:\windows\system32\perfc016.dat 2010-06-30 02:36 . 2001-10-28 12:07 471354 ----a-w- c:\windows\system32\perfh016.dat 2010-06-14 14:31 . 2007-04-26 00:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-10 22:26 . 2010-05-22 22:26 57344 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-10 22:17 . 2010-06-10 22:17 56765 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-06-10 22:17 . 2010-06-10 22:17 56997 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\WebPlayer\Uninstaller.exe 2010-06-10 22:17 . 2010-06-10 22:17 53600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\Update\Uninstaller.exe 2010-06-10 22:17 . 2010-06-10 22:17 57715 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\Player\Uninstaller.exe 2010-06-10 22:16 . 2010-06-10 22:16 84062 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\TransferWizard\Uninstaller.exe 2010-06-10 22:16 . 2010-06-10 22:16 54153 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DFXPlugin\Uninstaller.exe 2010-06-10 22:16 . 2010-06-10 22:16 54128 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\Converter\Uninstaller.exe 2010-06-10 22:16 . 2010-06-10 22:16 54644 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\TranscodeEngine\Uninstaller.exe 2010-06-10 22:16 . 2010-06-10 22:16 54101 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-10 22:13 . 2010-05-22 22:26 895256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\Setup\DivXSetup.exe 2010-06-10 22:13 . 2010-05-22 22:26 1090856 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\Setup\Resource.dll 2010-06-03 18:14 . 2010-06-03 18:14 38784 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-03 18:13 . 2010-06-03 18:13 33568 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Adobe\CS5\jre\bin\servertool.exe 2010-05-26 15:12 . 2010-06-03 15:20 134944 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Mozilla\Firefox\Profiles\z2zh6tzk.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll 2010-05-22 22:25 . 2010-05-22 22:25 57054 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 54166 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 57532 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DSASPDecoder\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 56458 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 54174 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DSAACDecoder\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 57409 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\ControlPanel\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 52963 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 54073 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\Qt4.5\Uninstaller.exe 2010-05-22 22:25 . 2010-05-22 22:25 56969 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\ASPEncoder\Uninstaller.exe 2010-05-21 23:08 . 2010-05-21 23:08 503808 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47e8d9de-n\msvcp71.dll 2010-05-21 23:08 . 2010-05-21 23:08 499712 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47e8d9de-n\jmc.dll 2010-05-21 23:08 . 2010-05-21 23:08 348160 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47e8d9de-n\msvcr71.dll 2010-05-21 23:08 . 2010-05-21 23:08 61440 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d27a7d8-n\decora-sse.dll 2010-05-21 23:08 . 2010-05-21 23:08 12800 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3d27a7d8-n\decora-d3d.dll 2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:31 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-10 20:53 . 2010-04-10 20:53 6123008 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Azureus\plugins\azemp\vuzeplayer.exe 2010-03-31 00:54 . 2010-03-31 00:54 503808 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d32a220-n\msvcp71.dll 2010-03-31 00:54 . 2010-03-31 00:54 499712 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d32a220-n\jmc.dll 2010-03-31 00:54 . 2010-03-31 00:54 348160 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d32a220-n\msvcr71.dll 2010-03-31 00:54 . 2010-03-31 00:54 61440 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3550527a-n\decora-sse.dll 2010-03-31 00:54 . 2010-03-31 00:54 12800 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3550527a-n\decora-d3d.dll 2010-03-29 22:24 . 2009-08-10 19:09 2828 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-03-29 22:24 . 2009-08-10 19:09 2828 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-03-29 22:24 . 2009-08-10 19:09 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\A5C34F2B45.sys 2010-03-29 22:24 . 2009-08-10 19:09 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\A5C34F2B45.sys 2010-03-10 06:16 . 2004-08-04 03:45 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-05 14:38 . 2004-08-04 03:45 65536 ----a-w- c:\windows\system32\asycfilt.dll 2010-02-24 13:11 . 2004-08-04 02:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:07 . 2004-08-04 03:40 2150400 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2004-08-04 00:40 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:34 . 2004-08-04 03:45 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-04 02:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-05 18:26 . 2004-08-04 03:45 1296384 ----a-w- c:\windows\system32\quartz.dll 2010-01-29 15:00 . 2007-04-26 00:07 691712 ----a-w- c:\windows\system32\inetcomm.dll 2010-01-18 19:05 . 2010-04-25 16:26 113616 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Mozilla\Firefox\Profiles\z2zh6tzk.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll 2010-01-17 19:32 . 2010-01-17 19:32 152576 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll 2010-01-17 19:31 . 2010-01-17 19:31 79488 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll 2010-01-13 14:01 . 2004-08-04 03:45 86528 ----a-w- c:\windows\system32\cabview.dll 2010-01-12 03:28 . 2010-05-22 22:26 530625 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe 2009-12-31 16:50 . 2004-08-04 02:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-24 07:00 . 2004-08-04 03:45 177664 ----a-w- c:\windows\system32\wintrust.dll 2009-12-21 03:08 . 2009-12-21 03:08 53248 ----a-r- c:\documents and settings\WINXP\Dados de aplicativos\Microsoft\Installer\{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}\ARPPRODUCTICON.exe 2009-12-17 07:41 . 2007-04-26 00:05 345600 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 22:13 . 2004-08-04 01:59 96512 ------w- c:\windows\system32\drivers\atapi.sys 2009-11-28 23:55 . 2009-11-28 23:55 12 ----a-w- c:\documents and settings\NetworkService\Dados de aplicativos\cbqozg.dat 2009-11-28 20:04 . 2009-11-28 20:04 12 ----a-w- c:\windows\system32\config\systemprofile\Dados de aplicativos\cbqozg.dat 2009-11-28 17:15 . 2009-11-27 21:37 16 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\cbqozg.dat 2009-11-27 17:13 . 2004-08-04 00:45 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:08 . 2001-09-05 23:50 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:08 . 2004-08-04 03:45 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:08 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08 . 2004-08-04 00:45 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:08 . 2001-10-28 12:07 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-31 14:27 . 2009-10-31 14:27 1925024 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player.exe 2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-18 22:20 . 2009-10-18 22:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf 2009-10-18 22:20 . 2009-10-18 22:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-10-16 14:12 . 2009-11-30 21:46 1119488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll 2009-10-15 16:32 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-10-15 16:32 . 2001-10-28 12:06 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-10-13 10:34 . 2004-08-04 03:45 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2004-08-04 03:45 150016 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:39 . 2004-08-04 03:45 79872 ----a-w- c:\windows\system32\raschap.dll 2009-09-26 03:16 . 2009-04-29 19:11 10686001 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Azureus\plugins\azump\mplayer.exe 2009-09-22 17:07 . 2007-09-26 01:40 7154255 ----a-w- c:\documents and settings\WINXP\Dados de aplicativos\Azureus\plugins\azemp\azmplay.exe 2009-09-11 14:19 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\arquivos de programas\Vuze_Remote\tbVuz1.dll" [2010-05-25 2515552] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-10-16 14:12 1119488 ----a-w- c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2010-05-25 01:06 2515552 ----a-w- c:\arquivos de programas\Vuze_Remote\tbVuz1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\arquivos de programas\Vuze_Remote\tbVuz1.dll" [2010-05-25 2515552] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488] "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\arquivos de programas\Vuze_Remote\tbVuz1.dll" [2010-05-25 2515552] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe" [2006-02-11 2048000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016] "RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "McAfeeUpdaterUI"="c:\arquivos de programas\Network Associates\Common Framework\UpdaterUI.exe" [2005-08-18 139320] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "itype"="c:\arquivos de programas\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2008-05-27 413696] "WinampAgent"="c:\arquivos de programas\Winamp\winampa.exe" [2008-08-03 36352] "RoxWatchTray"="c:\arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016] "Corel File Shell Monitor"="c:\arquivos de programas\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-01-21 16712] "AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040] "AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-03 500208] "SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "DivXUpdate"="c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 22:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Arquivos de programas\\GetRight\\getright.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"= "c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"= "c:\\Arquivos de programas\\Google\\Google SketchUp 7\\SketchUp.exe"= "c:\\Arquivos de programas\\Azureus\\Azureus.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/11/2009 13:10 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/11/2009 13:11 243024] R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [15/7/2010 20:33 308136] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2010 23:35 135664] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\63.tmp --> c:\windows\system32\63.tmp [?] S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 14:37 517096] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/7/2008 01:20 717296] UnknownUnknown GbpSv;GbpSv; [x] . Conteúdo da pasta 'Tarefas Agendadas' 2006-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 01:35] 2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-04 01:35] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab FF - ProfilePath - c:\documents and settings\WINXP\Dados de aplicativos\Mozilla\Firefox\Profiles\z2zh6tzk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/ FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p= FF - component: c:\arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\documents and settings\WINXP\Dados de aplicativos\Mozilla\Firefox\Profiles\z2zh6tzk.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - component: c:\documents and settings\WINXP\Dados de aplicativos\Mozilla\Firefox\Profiles\z2zh6tzk.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll FF - plugin: c:\arquivos de programas\Arquivos comuns\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . ------- Associação de arquivos/ficheiros ------- . .scr=AutoCADScriptFile . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-Cyberlink.exe - c:\documents and settings\All Users\Dados de aplicativos\Cyberlink.exe HKLM-Run-MsnSys.exe - c:\documents and settings\All Users\Dados de aplicativos\MsnSys.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\arquivos de programas\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2006-01-01 16:01 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\63.tmp" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-73586283-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C571D498-656F-C0FF-DE7B-5420C86531DD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oahnjnhmjifdghhbgffdepnhkhimal"=hex:64,61,68,68,70,6d,6d,6a,00,90 "oalabbhoeofcccecknadijihekmdna"=hex:6a,61,68,68,70,6d,64,62,64,61,64,70,63,69, 67,62,64,70,66,64,00,fd "nafahldkoboahjedjgklbmkekjkn"=hex:6a,61,68,68,70,6d,64,62,64,61,64,70,63,69, 67,62,64,70,66,64,00,fd [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_UTEXNJQ5\0000] @DACL=(02 0000) "Service"="utexnjq5" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000000 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="AVZ Kernel Driver" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(1420) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\AVG\AVG9\avgchsvx.exe c:\arquivos de programas\AVG\AVG9\avgrsx.exe c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Network Associates\Common Framework\FrameworkService.exe c:\windows\system32\nvsvc32.exe c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe c:\arquivos de programas\AVG\AVG9\avgnsx.exe c:\arquiv~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\arquivos de programas\SolidConverterPDF\SCPDF\SolidPdfService.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Tempo para conclusão: 2006-01-01 16:05:30 - Máquina reiniciou ComboFix-quarantined-files.txt 2006-01-01 18:05 ComboFix2.txt 2009-12-11 03:15 Pré-execução: 14 pasta(s) 128.168.775.680 bytes disponíveis Pós execução: 16 pasta(s) 128.818.753.536 bytes disponíveis - - End Of File - - 42210B9A48B9EE9587B66E0606E7DB01 -------------------- Mais uma vez, obrigado pela ajuda. abs. Vitor Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 23, 2010 1. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
blawless 0 Denunciar post Postado Julho 23, 2010 Wings, novamente conclui o procedimento indicado. Segue relatório para vossa análise: ------------------- alwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4340 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/7/2010 07:54:09 mbam-log-2010-07-23 (07-54-09).txt Tipo de Verificação: Verificação Completa (C:\|F:\|S:\|) Objetos escaneados: 283082 Tempo decorrido: 55 minuto(s), 40 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 11 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Arquivos de programas\Programas SRF\IRPF2007\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{18072012-5FDA-4E02-B339-9140C02885D4}\RP734\A0232589.exe (Malware.Packer) -> Quarantined and deleted successfully. F:\Gamez\Mythic Marbles\mythicmarbles.exe (Malware.Packer) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{18072012-5FDA-4E02-B339-9140C02885D4}\RP734\A0232553.DLL (Trojan.Agent) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{18072012-5FDA-4E02-B339-9140C02885D4}\RP734\A0232563.DLL (Trojan.Agent) -> Quarantined and deleted successfully. F:\VNF\Documentos2\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. F:\VNF\Documentos2\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. F:\VNF\Documentos2\Programas SRF\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. F:\VNF\Documentos2\Programas SRF\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. S:\VNF\Concursos - Provas\AFT - SP\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. S:\VNF\Concursos - Provas\AFT - SP\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. ------------------------------------------------ Obrigado Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 23, 2010 Há falso positivo do Malwarebytes para arquivos da Receita Federal (Imposto de Renda). *Abra o programa Malwarebytes e na aba [Quarentena], selecione os resultados abaixo e clique em [Restaurar] C:\Arquivos de programas\Programas SRF\IRPF2007\DARF32CBX.DLLF:\VNF\Documentos2\Programas SRF\IRPF2005\DARF32CBX.DLL F:\VNF\Documentos2\Programas SRF\IRPF2006\DARF32CBX.DLL F:\VNF\Documentos2\Programas SRF\Programas SRF\IRPF2005\DARF32CBX.DLL F:\VNF\Documentos2\Programas SRF\Programas SRF\IRPF2006\DARF32CBX.DLL S:\VNF\Concursos - Provas\AFT - SP\Programas SRF\IRPF2005\DARF32CBX.DLL S:\VNF\Concursos - Provas\AFT - SP\Programas SRF\IRPF2006\DARF32CBX.DLL *Após restaurar os resultados acima, selecione os demais resultados e clique em [Apagar tudo] *Clique na aba [Logs], selecione o relatório e clique em [Apagar] Verifique a questão levantada sobre Hardware. O PC está limpo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
blawless 0 Denunciar post Postado Julho 24, 2010 Wings, obrigado pela ajuda. abs! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 24, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
