Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

lilobaby

[Resolvido] &nbspWindows XP SP3 - lento e travando.

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

lilobaby    0

lilobaby
Postado

Bom dia, meu computador de um tempo para cá está travando muito em qualquer momento, já formatei e voltou a ficar assim, e a explicação que me deram era do meu anti virus KIS 2010 estar fazendo isso, mas o engraçado ou por coincidência antes eu tinha uma net mais lenta da OI 1 mega e agora estou com a GVT 10 megas e depois que mudei o meu CPU ficou esquisito, trava do nada não só a net mas qualquer programa que uso. Se puderem me ajudar ficarei muito agradecida, segue o relatório do HijackThis.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:49:26, on 5/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\VSO\ConvertX\4\convertxtodvd.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\IncrediMail\Bin\IncMail.exe

C:\Arquivos de programas\IncrediMail\bin\IMApp.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Arquivos de programas\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Adicionar ao Antifaixas - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280415710343

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281061806781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: zipfldra.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: @C:\Arquivos de programas\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Arquivos de programas\Nero\Update\NASvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9489 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá lilobaby

 

Seja Bem Vindo (a)

 

 

1.

 

:veja: Faça o download do '>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]Ad Remover

:veja: Execute o Ad Remover...

:veja: Logo após, tecle --> L <--e depois ENTER <------------

:veja: Durante o processo de remoção será perguntado se deseja remover, Tecle [O]

:veja: Será gerado um Log em C:\Ad-Report-CLEAN.log

:veja: Copie e cole esse log aqui...

 

2.

 

:veja: Desative temporiariamente seu AntiVirus

:veja: Utilize o Navegador Internet Explorer para fazer o scaniamento!

:veja: Acesse o site '>http://www.eset.com/onlinescan/index.php"]AQUI

:veja: Faça o scan com o Nod32 de acordo com o flash abaixo:

 

75708734.gif

 

:veja: Ao final da verificação marque a caixa "Delete Quarantined files" e clique em [FINISH]

:veja: Será gerado um relatório, que estará em:

 

C:\Arquivos de programas\EsetOnlineScanner\log.txt

 

Copie e Cole o log aqui...

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Olá lilobaby

 

Seja Bem Vindo (a)

 

 

1.

 

:veja: Faça o download do '>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]Ad Remover

:veja: Execute o Ad Remover...

:veja: Logo após, tecle --> L <--e depois ENTER <------------

:veja: Durante o processo de remoção será perguntado se deseja remover, Tecle [O]

:veja: Será gerado um Log em C:\Ad-Report-CLEAN.log

:veja: Copie e cole esse log aqui...

 

2.

 

:veja: Desative temporiariamente seu AntiVirus

:veja: Utilize o Navegador Internet Explorer para fazer o scaniamento!

:veja: Acesse o site '>http://www.eset.com/onlinescan/index.php"]AQUI

:veja: Faça o scan com o Nod32 de acordo com o flash abaixo:

 

75708734.gif

 

:veja: Ao final da verificação marque a caixa "Delete Quarantined files" e clique em [FINISH]

:veja: Será gerado um relatório, que estará em:

 

C:\Arquivos de programas\EsetOnlineScanner\log.txt

 

Copie e Cole o log aqui...

 

 

T+

 

Boa noite, obrigada pela atenção, abaixo segue o que foi solicitado:

 

1)

======= REPORT FROM AD-REMOVER 2.0.0.1,E | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 06/09/10 at 15:20

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (SCAN [1]) -> Launched at 21:38:45 on 09/09/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

xp@PC-LIA ( )

 

============== SEARCH ==============

 

 

0,Folder found: C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File found: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

0,Folder found: C:\Documents and Settings\xp\Dados de aplicativos\Mozilla\FireFox\Profiles\qs6e31vm.default\extensions\toolbar@ask.com

0,Folder found: C:\Arquivos de programas\Ask.com

0,Folder found: C:\Documents and Settings\xp\Configurações locais\Dados de aplicativos\AskToolbar

3,File found: C:\WINDOWS\Installer\4aab8.msi

 

-- File opened: C:\Documents and Settings\xp\Dados de aplicativos\Mozilla\FireFox\Profiles\qs6e31vm.default\Prefs.js --

Line found: user_pref("extensions.asktb.cbid", "F4");

Line found: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Line found: user_pref("extensions.asktb.dtid", "YYYYYYBCBR");

Line found: user_pref("extensions.asktb.fresh-install", false);

Line found: user_pref("extensions.asktb.l", "dis");

Line found: user_pref("extensions.asktb.last-config-req", "1284066061283");

Line found: user_pref("extensions.asktb.locale", "en_US");

Line found: user_pref("extensions.asktb.o", "101699");

Line found: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line found: user_pref("extensions.asktb.qsrc", "2871");

Line found: user_pref("extensions.asktb.r", "4");

Line found: user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,jqs@sun.com:1.0,l...

-- File closed --

 

 

1,Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key found: HKLM\Software\Conduit

0,Key found: HKCU\Software\Ask.com

0,Key found: HKCU\Software\AskToolbar

0,Key found: HKCU\Software\Conduit

0,Key found: HKCU\Software\AppDataLow\AskToolbarInfo

3,Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

0,Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

 

-- C:\Documents and Settings\xp\Dados de aplicativos\Mozilla\FireFox\Profiles\qs6e31vm.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\xp\\Desktop\\Testes

browser.startup.homepage, hxxp://www.brturbo.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

 

========================================

 

** Internet Explorer Version [8.0.6001.18702] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: &hxxp://home.microsoft.com/intl/br/access/allinone.asp

Show_ToolBar: yes

Start Page: hxxp://mystart.incredimail.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 1 File(s)

 

C:\Ad-Report-SCAN[1].txt - 09/09/2010 (1905 Byte(s))

 

End at: 21:45:36, 09/09/2010

 

============== E.O.F ==============

 

2)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=fd424af2fd28bc4aadc2a164b8e373cd

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-09-10 02:38:31

# local_time=2010-09-09 11:38:31 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1280 16777191 100 0 2087849 2087849 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=72644

# found=20

# cleaned=20

# scan_time=5641

C:\Documents and Settings\xp\Desktop\PS2\TUTORIAL Converter CD em DVD\tutoriais de conversão cd para dvd\Playstation 2-TUTORIAL 2\Playstation 2-PROGRAMAS.zip probably a variant of Win32/Agent.FDSUVWE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\Cancelado\DIRECT TV\Sua senha de acesso ao Site de Serviços da DIRECT.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\Manual Câmera fotogr P73\MANUAL EM PORTUGUÊS CÂMERA DIGITAL SONY P 73.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\Manual Câmera fotogr P73\Parabéns! Você é o vencedor da negociação Manual PORTUGUES P.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\Manual Câmera fotogr P73\RE MANUAL EM PORTUGUÊS CÂMERA DIGITAL SONY P 73.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\Manual Câmera fotogr P73\RE RES MANUAL EM PORTUGUÊS CÂMERA DIGITAL SONY P 73.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\squeeze\MercadoLivre Brasil.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\squeeze\Perguntas.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\mercado livre\squeeze\Perguntas_arquivos\org_mkt.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\COMPRAS - diversas\PS2 MUNDO-SITE\__Seja Bem Vindo__A Maior Loja em Games de Playstation 2 La.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\MANUAL\Legendas Brasil - Fazendo um DVD-DIKO.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\MANUAL\PrimeiramenteDIKO.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\MANUAL\ADSL - D-LINK\CONF. MODEM EM PPPOA.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\MANUAL\ADSL - D-LINK\CONFIG. ROUTER.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\Senhas\FOTOGRAFIAS\LOJA DO GORILA.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\Senhas\Programas\tradutor\registro silicon-Lingo Ware.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\Pessoal\Assinaturas\Senhas\Programas\tradutor\registro silicon-Lingo Ware_arquivos\$d=100$p=1$s=14.htm HTML/Iframe.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\SONY ERICSSON\programas\a2uploader.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\SONY ERICSSON\programas\A2_TOOL_PATCH_FIX.rar a variant of Win32/Packed.Themida application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\xp\Meus documentos\SONY ERICSSON\software\a2uploader+usbdriversrar\a2uploader\a2uploader.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá

 

 

1.

 

:veja: Delete a pasta C:\Arquivos de programas\EsetOnlineScanner

 

 

2.

 

:veja: Execute o Ad Remover...

:veja: Clique em "Clean"

:veja: Será gerado um Log em C:\Ad-Report-CLEAN.log

:veja: Copie e cole esse log aqui...

 

3.

 

Baixe o Malwarebytes'>http://www.besttechie.net/tools/mbam-setup.exe"]Malwarebytes Anti-Malware

 

 

:veja: Inicie a instalação clicando em "mbam-setup.exe"...

:veja: Marque "Atualizar Malwarebytes Anti-Malware" e clique em concluir...

:veja: Execute o programa MalwareBytes Anti Malware...

:veja: Clique na aba: "Verificação", selecione a opção "Verificação completa"....

:veja: Clique então em "Verificar"...

:veja: Selecione tudo que deseja escanear.....

:veja: Clique então em "Verificar"....

:veja: Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log...

:veja: Se algo for detectado, veja se tudo está marcado e clique em "Remover"....

:veja: Se perguntar se você deseja remover objetos da memória, clica em Sim...

:veja: O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal...

:veja: Copie e cole esse log aqui...

 

Aguardo seu poste...

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Mais uma vez obrigada pela atenção, seguem os resultados:

 

1) pasta deletada.

2)

======= REPORT FROM AD-REMOVER 2.0.0.1,E | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 06/09/10 at 15:20

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (SCAN [2]) -> Launched at 19:49:00 on 10/09/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

xp@PC-LIA ( )

 

============== SEARCH ==============

 

 

0,Folder found: C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File found: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

0,Folder found: C:\Documents and Settings\xp\Dados de aplicativos\Mozilla\FireFox\Profiles\qs6e31vm.default\extensions\toolbar@ask.com

0,Folder found: C:\Arquivos de programas\Ask.com

0,Folder found: C:\Documents and Settings\xp\Configurações locais\Dados de aplicativos\AskToolbar

3,File found: C:\WINDOWS\Installer\4aab8.msi

 

-- File opened: C:\Documents and Settings\xp\Dados de aplicativos\Mozilla\FireFox\Profiles\qs6e31vm.default\Prefs.js --

Line found: user_pref("extensions.asktb.cbid", "F4");

Line found: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Line found: user_pref("extensions.asktb.dtid", "YYYYYYBCBR");

Line found: user_pref("extensions.asktb.fresh-install", false);

Line found: user_pref("extensions.asktb.l", "dis");

Line found: user_pref("extensions.asktb.last-config-req", "1284066061283");

Line found: user_pref("extensions.asktb.locale", "en_US");

Line found: user_pref("extensions.asktb.o", "101699");

Line found: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line found: user_pref("extensions.asktb.qsrc", "2871");

Line found: user_pref("extensions.asktb.r", "4");

Line found: user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,jqs@sun.com:1.0,l...

-- File closed --

 

 

1,Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key found: HKLM\Software\Conduit

0,Key found: HKCU\Software\Ask.com

0,Key found: HKCU\Software\AskToolbar

0,Key found: HKCU\Software\Conduit

3,Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

0,Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

 

-- C:\Documents and Settings\xp\Dados de aplicativos\Mozilla\FireFox\Profiles\qs6e31vm.default\Prefs.js --

browser.download.lastDir, C:\\Documents and Settings\\xp\\Meus documentos\\Meus vídeos\\Filmes\\You don't Know Jack

browser.startup.homepage, hxxp://www.brturbo.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

 

========================================

 

** Internet Explorer Version [8.0.6001.18702] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: &hxxp://home.microsoft.com/intl/br/access/allinone.asp

Show_ToolBar: yes

Start Page: hxxp://mystart.incredimail.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 2 File(s)

 

C:\Ad-Report-SCAN[1].txt - 09/09/2010 (5393 Byte(s))

C:\Ad-Report-SCAN[3].txt - 10/09/2010 (1905 Byte(s))

 

End at: 19:55:30, 10/09/2010

 

============== E.O.F ==============

 

 

3)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4591

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

10/9/2010 21:10:33

mbam-log-2010-09-10 (21-10-33).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 227145

Tempo decorrido: 1 hora(s), 8 minuto(s), 28 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\unimake\uninfe\AZIP32.DLL (Trojan.Agent) -> No action taken.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá.

 

1.

 

:veja: Abra/execute o Malwarebytes Anti-Malware

:veja: Clique na aba Quarentena

:veja: Se haver algum malware lá, selecione todos e clique em Remover

:veja: Feche o programa...

 

2.

 

Delete todos os relatorios do ad-remover no seu disco c:\

 

3.

 

Preste bastante atenção, execute o ad-remover, ao abrir terá um botão escrito "SUPRESSÃO" clique nele, aguarde o térnimo da remoção.

 

Vá no seu disco c:\ e cole o mais recente log do ad-remover (como você excluiu antes os logs ja tidos, provavelmente após a "supressão" só terá um log.

 

Copie e cole ele aqui.

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Olá.

 

1.

 

:veja: Abra/execute o Malwarebytes Anti-Malware

:veja: Clique na aba Quarentena

:veja: Se haver algum malware lá, selecione todos e clique em Remover

:veja: Feche o programa...

 

2.

 

Delete todos os relatorios do ad-remover no seu disco c:\

 

3.

 

Preste bastante atenção, execute o ad-remover, ao abrir terá um botão escrito "SUPRESSÃO" clique nele, aguarde o térnimo da remoção.

 

Vá no seu disco c:\ e cole o mais recente log do ad-remover (como você excluiu antes os logs ja tidos, provavelmente após a "supressão" só terá um log.

 

Copie e cole ele aqui.

 

 

T+

 

 

Bom dia, fiz as partes 1 e 2, mas no AD-remover não aparece o botão SUPRESSÃO somente os botões: Scan, Clean, Uninstal e Exit, por acaso seria o CLEAN?

Obrigada.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá.

 

Me desculpe, me confundi com outra ferramenta parecida.

 

Sim, é a opção CLEAN, faça ela de acordo com o pedido.

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Boa noite, segui a orientação:

1) removi os objetos que estavam em quarentena no MalwareBytes;

 

2) deletei os relatórios que estavam no c: Ad-remover;

 

3) cliquei em clean no ad-remover, só que houve um probleminha, quando terminou saiu a mensagem do término e eu cliquei em sim aí ele reiniciou o CPU, quando voltou fui até a pasta em arquivos de programas Ad-remover e procurei o relatório, só que o estranho é que os relatórios que eu havia deletado e excluído da lixeira voltaram para a mesma pasta e não localizo o último relatório, e também apareceu 2 pastas com os nomes C e Registry-11-09-2010. O que eu faço agora?

Obrigada.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá lilobaby

 

 

1.

 

:veja: Execute o Ad-remover

:veja: Clique no botão "Uninstall"

:veja: Aguarde o ternimo da desinstalação.

 

 

2.

 

 

Faça o download do ComboFix'>http://majorgeeks.com/downloadget.php?id=6402&file=1&evp=4d90f753bf109637fabd69481c775ab1"]ComboFix

 

 

:veja: Desative temporariamente o seu antivirus

:veja: Dê um duplo clique no ícone combofix.exe para iniciar o scaniamento...

:veja: Aceita o contrato para continuar....

:veja: Tecle 1 e logo após, tecle Enter...

:veja: Irá abrir uma janela do Console de Recuperação, clique em Sim, se aparecer outra janela, clique em OK, e depois em Sim...

:veja: Aguarde o ComboFix com seu scan...

:veja: Se ocorrer algum problema durante o scan, reinicie o micro em Modo de Segurança e faça novamente o processo...

:veja: Não utilize nem o mouse nem o teclado...se isso acontecer seu desktop ficará branco...

:veja: Caso queira sair ou cancelar o ComboFix, tecle N;

:veja: Quando terminar, o computador será reiniciado, após isso, a ferramenta executará novamente, então aguarde...

:veja: Será gerado um log em C:\ComboFix.txt ...

:veja: Cole este log em sua próxima resposta...

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Boa tarde,

1) desinstalado o Ad-Remover;

 

2)

ComboFix 10-09-11.04 - xp 12/09/2010 14:53:53.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.691 [GMT -3:00]

Executando de: c:\documents and settings\xp\Meus documentos\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* Criado um novo ponto de restauração

.

ADS - WINDOWS: deleted 72 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\xp\Dados de aplicativos\inst.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-12 to 2010-09-12 ))))))))))))))))))))))))))))

.

 

2010-09-11 00:48 . 2010-09-11 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony

2010-09-11 00:48 . 2010-09-11 00:48 -------- d-----w- c:\arquivos de programas\Sony

2010-09-11 00:48 . 2010-09-11 00:55 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Sony

2010-09-05 15:31 . 2010-09-05 15:31 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-09-03 01:40 . 2010-09-03 01:40 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Image Zone Express

2010-08-28 20:04 . 2010-08-28 20:04 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Foxit Software

2010-08-28 20:02 . 2010-08-28 20:02 -------- d-----w- c:\arquivos de programas\Foxit Software

2010-08-25 21:06 . 2010-08-25 21:06 -------- d-----w- C:\unimake

2010-08-20 13:03 . 2008-12-23 18:49 113640 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\qs6e31vm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

2010-08-18 17:34 . 2010-08-18 17:34 170584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll

2010-08-18 17:34 . 2010-08-18 17:34 340520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe

2010-08-17 02:03 . 2010-08-17 02:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-08-17 00:48 . 2010-08-17 01:33 -------- d-----w- C:\b7068edae52977a0bcdb95b4e03d9df1

2010-08-16 03:40 . 2010-08-16 03:40 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Malwarebytes

2010-08-16 03:38 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-16 03:38 . 2010-08-16 03:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-08-16 03:38 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-16 03:38 . 2010-08-16 03:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-08-16 02:22 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-15 23:55 . 2010-08-17 02:52 -------- d-----w- c:\arquivos de programas\r2 Studios

2010-08-15 22:45 . 2010-08-15 22:45 932368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-08-15 22:45 . 2010-08-15 22:45 678416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-08-15 22:45 . 2010-08-15 22:45 604688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-08-15 22:45 . 2010-08-15 22:45 1096208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-08-15 22:45 . 2010-08-15 22:45 522768 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-08-15 22:42 . 2010-08-15 22:42 397328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2010-08-15 22:42 . 2010-08-15 22:42 109072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2010-08-15 22:42 . 2010-08-15 22:42 17936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2010-08-15 22:42 . 2010-08-15 22:42 133720 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-08-15 22:42 . 2010-08-15 22:42 80400 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-08-15 22:42 . 2010-08-15 22:42 315408 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2010-08-15 22:08 . 2010-08-15 22:43 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-08-15 22:08 . 2010-08-15 22:43 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-08-15 22:07 . 2010-09-12 17:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-08-15 22:07 . 2010-08-15 22:07 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-08-15 22:05 . 2010-08-15 22:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-08-15 21:36 . 2010-08-15 21:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-08-15 21:01 . 2010-08-15 21:01 -------- d-----w- C:\DPEC

2010-08-15 20:59 . 2010-08-23 02:43 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Media Player Classic

2010-08-15 20:59 . 2010-08-15 20:59 -------- d-----w- c:\windows\Sun

2010-08-15 20:58 . 2010-09-10 00:47 -------- d-sh--w- c:\documents and settings\xp\IECompatCache

2010-08-15 20:57 . 2010-08-15 20:57 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-08-15 20:57 . 2010-08-15 20:57 -------- d--h--w- c:\windows\PIF

2010-08-15 20:56 . 2010-08-15 20:56 -------- d-----w- c:\arquivos de programas\IMG Converter

2010-08-14 02:35 . 2010-08-20 13:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-11 21:36 . 2010-07-29 19:29 2776 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\Protexis\KGyGaAvL.sys

2010-09-06 03:32 . 2010-08-01 16:03 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\uTorrent

2010-09-05 14:40 . 2010-08-01 18:37 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Vso

2010-09-05 01:29 . 2010-08-01 16:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-09-03 02:30 . 2008-04-14 12:00 80668 ----a-w- c:\windows\system32\perfc016.dat

2010-09-03 02:30 . 2008-04-14 12:00 473740 ----a-w- c:\windows\system32\perfh016.dat

2010-08-31 19:37 . 2010-08-01 16:16 697328 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-08-22 22:07 . 2010-08-01 20:52 -------- d-----w- c:\arquivos de programas\OpemP2MBrasil

2010-08-17 03:05 . 2010-08-01 16:09 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2010-08-17 02:31 . 2010-08-01 18:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-08-16 03:36 . 2010-07-29 18:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-08-15 21:35 . 2010-07-29 18:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-08-15 21:01 . 2010-08-10 19:03 -------- d-----w- c:\arquivos de programas\Programas SPED

2010-08-15 21:00 . 2010-08-10 00:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2010-08-15 20:59 . 2010-08-08 19:46 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\BSplayer

2010-08-15 20:57 . 2010-07-29 18:12 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-08-13 00:00 . 2010-08-13 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe

2010-08-12 23:48 . 2010-08-12 23:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-08-12 02:37 . 2010-08-01 16:10 -------- d-----w- c:\arquivos de programas\CCleaner

2010-08-10 01:00 . 2010-08-10 01:00 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Nero

2010-08-10 00:45 . 2010-08-10 00:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-08-10 00:45 . 2010-07-29 19:43 -------- d-----w- c:\arquivos de programas\Nero

2010-08-09 01:18 . 2010-08-09 01:18 222830 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\NewShortcut11_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 222830 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\NewShortcut1_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 16958 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\NewShortcut3_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 8854 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\UNINST_Uninstall_o_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 60322 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\configuracoes_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 10134 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\ARPPRODUCTICON.exe

2010-08-08 23:53 . 2010-08-08 23:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2010-08-08 19:46 . 2010-08-08 19:46 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\BSplayer Pro

2010-08-08 19:46 . 2010-08-08 19:46 -------- d-----w- c:\arquivos de programas\Webteh

2010-08-07 16:36 . 2010-08-07 16:36 61440 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34cb37e0-n\decora-sse.dll

2010-08-07 16:36 . 2010-08-07 16:36 503808 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5335bb9c-n\msvcp71.dll

2010-08-07 16:36 . 2010-08-07 16:36 499712 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5335bb9c-n\jmc.dll

2010-08-07 16:36 . 2010-08-07 16:36 348160 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5335bb9c-n\msvcr71.dll

2010-08-07 16:36 . 2010-08-07 16:36 12800 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34cb37e0-n\decora-d3d.dll

2010-08-02 02:20 . 2010-08-01 19:29 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\HP

2010-08-01 21:13 . 2010-08-01 21:13 -------- d-----w- c:\arquivos de programas\Arquivos de Programas RFB

2010-08-01 20:11 . 2010-08-01 20:11 -------- d-----w- c:\arquivos de programas\danny_kay1710

2010-08-01 19:41 . 2010-08-01 19:29 113133 ----a-w- c:\windows\hpoins07.dat

2010-08-01 19:40 . 2010-08-01 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-08-01 19:39 . 2010-08-01 19:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-08-01 19:39 . 2010-08-01 19:31 -------- d-----w- c:\arquivos de programas\HP

2010-08-01 19:37 . 2010-08-01 19:37 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2010-08-01 19:36 . 2010-08-01 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2010-08-01 19:21 . 2010-08-01 19:21 -------- d-----w- c:\arquivos de programas\Peer2Mail

2010-08-01 19:10 . 2010-08-01 19:10 -------- d-----w- c:\arquivos de programas\AnyDVD Registration

2010-08-01 19:10 . 2010-08-01 16:34 -------- d-----w- c:\arquivos de programas\SlySoft

2010-08-01 18:38 . 2010-08-01 18:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-08-01 18:38 . 2010-08-01 18:38 47360 ----a-w- c:\documents and settings\xp\Dados de aplicativos\pcouffin.sys

2010-08-01 18:38 . 2010-08-01 18:38 47360 ----a-w- c:\documents and settings\xp\Dados de aplicativos\pcouffin.sys

2010-08-01 18:37 . 2010-08-01 18:37 -------- d-----w- c:\arquivos de programas\VSO

2010-08-01 18:31 . 2010-08-01 18:31 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\AnvSoft

2010-08-01 18:31 . 2010-08-01 18:31 -------- d-----w- c:\arquivos de programas\AnvSoft

2010-08-01 17:52 . 2010-08-01 17:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SlySoft

2010-08-01 16:48 . 2010-08-01 16:48 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2010-08-01 16:19 . 2010-08-01 16:19 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2010-08-01 16:11 . 2010-08-01 16:11 -------- d-----w- c:\arquivos de programas\7-Zip

2010-08-01 15:58 . 2010-08-01 15:56 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter 9.0

2010-08-01 15:50 . 2010-08-01 15:50 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter

2010-08-01 03:53 . 2010-08-01 03:53 0 ----a-w- c:\windows\nsreg.dat

2010-08-01 02:42 . 2010-08-01 02:42 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\ViGlance

2010-07-31 03:31 . 2010-07-31 03:30 -------- d-----w- c:\arquivos de programas\Google

2010-07-31 03:00 . 2010-07-31 02:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IM

2010-07-31 02:59 . 2010-07-31 02:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PhotoMail

2010-07-31 02:59 . 2010-07-31 02:59 -------- d-----w- c:\arquivos de programas\PhotoMail Maker

2010-07-31 02:58 . 2010-07-31 02:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IncrediMail

2010-07-31 02:58 . 2010-07-31 02:58 -------- d-----w- c:\arquivos de programas\IncrediMail

2010-07-30 21:15 . 2010-07-29 14:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-30 19:25 . 2010-07-29 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2010-07-29 20:17 . 2010-07-29 20:17 -------- d-----w- c:\arquivos de programas\PokerStars.NET

2010-07-29 19:52 . 2010-07-29 19:52 2605008 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-07-29 19:44 . 2010-07-29 19:44 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Ahead

2010-07-29 19:31 . 2010-07-29 19:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-07-29 19:29 . 2010-07-29 17:45 -------- d-----w- c:\arquivos de programas\Java

2010-07-29 19:29 . 2010-07-29 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2010-07-29 19:29 . 2010-07-29 19:29 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Corel

2010-07-29 19:29 . 2010-07-29 19:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Protexis

2010-07-29 19:24 . 2010-07-29 19:24 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll

2010-07-29 19:23 . 2010-07-29 19:23 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll

2010-07-29 19:23 . 2010-07-29 19:23 416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2010-07-29 19:21 . 2010-07-29 19:21 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 9.0

2010-07-29 19:21 . 2010-07-29 19:21 -------- d-----w- c:\arquivos de programas\Microsoft SDKs

2010-07-29 19:21 . 2010-07-29 19:21 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-07-29 19:20 . 2010-07-29 19:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2010-07-29 19:20 . 2010-07-29 19:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis

2010-07-29 19:20 . 2010-07-29 19:20 503808 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ea6b506-n\msvcp71.dll

2010-07-29 19:20 . 2010-07-29 19:20 499712 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ea6b506-n\jmc.dll

2010-07-29 19:20 . 2010-07-29 19:20 348160 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ea6b506-n\msvcr71.dll

2010-07-29 19:16 . 2010-07-29 19:16 -------- d-----w- c:\arquivos de programas\Corel

2010-07-29 19:04 . 2010-07-29 19:04 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-29 18:36 . 2010-07-29 18:36 -------- d-----w- c:\arquivos de programas\Analog Devices

2010-07-29 18:30 . 2010-07-29 18:30 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\DeviceDoctorSoftware

2010-07-29 18:26 . 2010-07-29 17:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-07-29 18:21 . 2010-07-29 18:21 2605008 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\arquivos de programas\MSBuild

2010-07-29 17:59 . 2010-07-29 17:57 -------- d-----w- c:\arquivos de programas\Windows Live

2010-07-29 17:59 . 2010-07-29 17:59 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2010-07-29 17:58 . 2010-07-29 17:58 -------- d-----w- c:\arquivos de programas\Microsoft

2010-07-29 17:58 . 2010-07-29 17:58 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"nwiz"="nwiz.exe" [2008-05-03 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NBAgent"="c:\arquivos de programas\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-03 1234216]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\IncrediMail\\Bin\\IncMail.exe"=

"c:\\Arquivos de programas\\IncrediMail\\Bin\\ImApp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\Bin\\ImpCnt.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 13:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 18:39 19472]

S1 setup_9.0.0.722_16.08.2010_06-49(2)drv;setup_9.0.0.722_16.08.2010_06-49(2)drv;c:\windows\system32\DRIVERS\9571266.sys --> c:\windows\system32\DRIVERS\9571266.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [31/7/2010 00:31 136176]

S3 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [25/3/2010 14:39 490280]

S3 slnt;Kaiomy KM8139D 10/100Mbps PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [29/7/2010 15:46 17972]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/8/2010 13:16 697328]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-08-22 c:\windows\Tasks\User_Feed_Synchronization-{F0A55585-978D-4420-BF7C-89B55AF091B0}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

IE: &Add animation to IncrediMail Style Box - c:\arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\qs6e31vm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.brturbo.com.br/

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\qs6e31vm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-NeroFilterCheck - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-12 14:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2010-09-12 15:02:02

ComboFix-quarantined-files.txt 2010-09-12 18:01

 

Pré-execução: 12 pasta(s) 422.370.201.600 bytes disponíveis

Pós execução: 15 pasta(s) 422.866.755.584 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 52D6BD1189D914BB7DB9A0887B7F2991

 

Obrigada, pela atenção.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá

 

1.

 

Delete o arquivo C:\combofix.txt

 

:veja: Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

Dirlook::

c:\arquivos de programas\danny_kay1710

c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe

Filelook::

c:\windows\system32\DRIVERS\9571266.sys

Folder::

C:\unimake

 

:veja: Salve o arquivo no desktop como CFScript.txt

:veja: Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

CFScript.gif

 

:veja: Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

:veja: Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

:veja: Cole o relatório criado em C:\combofix.txt

 

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Boa noite, segue o relatório:

 

ComboFix 10-09-11.04 - xp 12/09/2010 23:40:45.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.479 [GMT -3:00]

Executando de: c:\documents and settings\xp\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\xp\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\unimake

c:\unimake\uninfe\AUNZIP32.DLL

c:\unimake\uninfe\C60ASCX.DLL

c:\unimake\uninfe\C60DOSX.DLL

c:\unimake\uninfe\c60netx.dll

c:\unimake\uninfe\C60RUNX.DLL

c:\unimake\uninfe\C60TPSX.DLL

c:\unimake\uninfe\cwhh60.dll

c:\unimake\uninfe\dados\config.tps

c:\unimake\uninfe\dados\ConfigBD.tps

c:\unimake\uninfe\dados\configc.tps

c:\unimake\uninfe\dados\configg.tps

c:\unimake\uninfe\dados\ConfigI.tps

c:\unimake\uninfe\dados\configv.tps

c:\unimake\uninfe\dados\configvn.tps

c:\unimake\uninfe\dados\controle.tps

c:\unimake\uninfe\dados\remetente.tps

c:\unimake\uninfe\doc\UniDANFe2.pdf

c:\unimake\uninfe\email\anexos\2010-08\2010-08-25_18-10-48_47987759\31100865134140000106550030000021070046555575-nfe.xml

c:\unimake\uninfe\email\anexos\2010-08\2010-08-25_18-10-48_47987759\nfe-000002107_serie-3.dnf

c:\unimake\uninfe\email\enviar\2010-08-25_18-10-48_47987759.dfe

c:\unimake\uninfe\libeay32.dll

c:\unimake\uninfe\libssl32.dll

c:\unimake\uninfe\unidanfe.exe

c:\unimake\uninfe\uninstall.exe

c:\unimake\uninfe\uninstall.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-13 to 2010-09-13 ))))))))))))))))))))))))))))

.

 

2010-09-13 01:50 . 2010-09-13 01:50 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\dvdcss

2010-09-12 19:36 . 2010-09-12 19:36 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\DivX

2010-09-12 19:32 . 2010-09-12 19:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Yahoo!

2010-09-12 19:32 . 2010-09-12 19:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle VideoSpin

2010-09-12 19:32 . 2010-09-12 19:32 -------- d-----w- c:\arquivos de programas\Pinnacle

2010-09-12 19:31 . 2010-09-12 19:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle

2010-09-11 00:48 . 2010-09-11 00:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony

2010-09-11 00:48 . 2010-09-11 00:48 -------- d-----w- c:\arquivos de programas\Sony

2010-09-11 00:48 . 2010-09-11 00:55 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Sony

2010-09-05 15:31 . 2010-09-05 15:31 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-09-03 01:40 . 2010-09-03 01:40 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Image Zone Express

2010-08-28 20:04 . 2010-08-28 20:04 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Foxit Software

2010-08-28 20:02 . 2010-08-28 20:02 -------- d-----w- c:\arquivos de programas\Foxit Software

2010-08-20 13:03 . 2008-12-23 18:49 113640 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\qs6e31vm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

2010-08-18 17:34 . 2010-08-18 17:34 170584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll

2010-08-18 17:34 . 2010-08-18 17:34 340520 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe

2010-08-17 02:03 . 2010-08-17 02:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-08-17 00:48 . 2010-08-17 01:33 -------- d-----w- C:\b7068edae52977a0bcdb95b4e03d9df1

2010-08-16 03:40 . 2010-08-16 03:40 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Malwarebytes

2010-08-16 03:38 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-16 03:38 . 2010-08-16 03:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-08-16 03:38 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-16 03:38 . 2010-08-16 03:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-08-16 02:22 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-15 23:55 . 2010-08-17 02:52 -------- d-----w- c:\arquivos de programas\r2 Studios

2010-08-15 22:45 . 2010-08-15 22:45 932368 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll

2010-08-15 22:45 . 2010-08-15 22:45 678416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll

2010-08-15 22:45 . 2010-08-15 22:45 604688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll

2010-08-15 22:45 . 2010-08-15 22:45 1096208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll

2010-08-15 22:45 . 2010-08-15 22:45 522768 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll

2010-08-15 22:42 . 2010-08-15 22:42 397328 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll

2010-08-15 22:42 . 2010-08-15 22:42 109072 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll

2010-08-15 22:42 . 2010-08-15 22:42 17936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll

2010-08-15 22:42 . 2010-08-15 22:42 133720 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-08-15 22:42 . 2010-08-15 22:42 80400 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-08-15 22:42 . 2010-08-15 22:42 315408 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys

2010-08-15 22:08 . 2010-08-15 22:43 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-08-15 22:08 . 2010-08-15 22:43 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-08-15 22:07 . 2010-09-12 18:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2010-08-15 22:07 . 2010-08-15 22:07 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-08-15 22:05 . 2010-08-15 22:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2010-08-15 21:36 . 2010-08-15 21:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-08-15 21:01 . 2010-08-15 21:01 -------- d-----w- C:\DPEC

2010-08-15 20:59 . 2010-08-23 02:43 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Media Player Classic

2010-08-15 20:59 . 2010-08-15 20:59 -------- d-----w- c:\windows\Sun

2010-08-15 20:58 . 2010-09-10 00:47 -------- d-sh--w- c:\documents and settings\xp\IECompatCache

2010-08-15 20:57 . 2010-08-15 20:57 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-08-15 20:57 . 2010-08-15 20:57 -------- d--h--w- c:\windows\PIF

2010-08-15 20:56 . 2010-08-15 20:56 -------- d-----w- c:\arquivos de programas\IMG Converter

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 01:49 . 2010-08-01 18:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-09-11 21:36 . 2010-07-29 19:29 2776 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\Protexis\KGyGaAvL.sys

2010-09-06 03:32 . 2010-08-01 16:03 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\uTorrent

2010-09-05 14:40 . 2010-08-01 18:37 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Vso

2010-09-05 01:29 . 2010-08-01 16:03 -------- d-----w- c:\arquivos de programas\uTorrent

2010-09-03 02:30 . 2008-04-14 12:00 80668 ----a-w- c:\windows\system32\perfc016.dat

2010-09-03 02:30 . 2008-04-14 12:00 473740 ----a-w- c:\windows\system32\perfh016.dat

2010-08-31 19:37 . 2010-08-01 16:16 697328 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-08-22 22:07 . 2010-08-01 20:52 -------- d-----w- c:\arquivos de programas\OpemP2MBrasil

2010-08-20 13:37 . 2010-08-14 02:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-08-17 03:05 . 2010-08-01 16:09 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2010-08-16 03:36 . 2010-07-29 18:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-08-15 21:35 . 2010-07-29 18:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-08-15 21:01 . 2010-08-10 19:03 -------- d-----w- c:\arquivos de programas\Programas SPED

2010-08-15 21:00 . 2010-08-10 00:34 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2010-08-15 20:59 . 2010-08-08 19:46 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\BSplayer

2010-08-15 20:57 . 2010-07-29 18:12 -------- d-----w- c:\arquivos de programas\Microsoft Works

2010-08-13 00:00 . 2010-08-13 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe

2010-08-12 23:48 . 2010-08-12 23:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

2010-08-12 02:37 . 2010-08-01 16:10 -------- d-----w- c:\arquivos de programas\CCleaner

2010-08-10 01:00 . 2010-08-10 01:00 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Nero

2010-08-10 00:45 . 2010-08-10 00:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2010-08-10 00:45 . 2010-07-29 19:43 -------- d-----w- c:\arquivos de programas\Nero

2010-08-09 01:18 . 2010-08-09 01:18 222830 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\NewShortcut11_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 222830 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\NewShortcut1_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 16958 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\NewShortcut3_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 8854 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\UNINST_Uninstall_o_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 60322 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\configuracoes_CECD47740972467B949C2231EDF769A8.exe

2010-08-09 01:18 . 2010-08-09 01:18 10134 ----a-r- c:\documents and settings\xp\Dados de aplicativos\Microsoft\Installer\{CECD4774-0972-467B-949C-2231EDF769A8}\ARPPRODUCTICON.exe

2010-08-08 23:53 . 2010-08-08 23:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk

2010-08-08 19:46 . 2010-08-08 19:46 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\BSplayer Pro

2010-08-08 19:46 . 2010-08-08 19:46 -------- d-----w- c:\arquivos de programas\Webteh

2010-08-07 16:36 . 2010-08-07 16:36 61440 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34cb37e0-n\decora-sse.dll

2010-08-07 16:36 . 2010-08-07 16:36 503808 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5335bb9c-n\msvcp71.dll

2010-08-07 16:36 . 2010-08-07 16:36 499712 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5335bb9c-n\jmc.dll

2010-08-07 16:36 . 2010-08-07 16:36 348160 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5335bb9c-n\msvcr71.dll

2010-08-07 16:36 . 2010-08-07 16:36 12800 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-34cb37e0-n\decora-d3d.dll

2010-08-02 02:20 . 2010-08-01 19:29 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\HP

2010-08-01 21:13 . 2010-08-01 21:13 -------- d-----w- c:\arquivos de programas\Arquivos de Programas RFB

2010-08-01 20:11 . 2010-08-01 20:11 -------- d-----w- c:\arquivos de programas\danny_kay1710

2010-08-01 19:41 . 2010-08-01 19:29 113133 ----a-w- c:\windows\hpoins07.dat

2010-08-01 19:40 . 2010-08-01 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-08-01 19:39 . 2010-08-01 19:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-08-01 19:39 . 2010-08-01 19:31 -------- d-----w- c:\arquivos de programas\HP

2010-08-01 19:37 . 2010-08-01 19:37 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2010-08-01 19:36 . 2010-08-01 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2010-08-01 19:21 . 2010-08-01 19:21 -------- d-----w- c:\arquivos de programas\Peer2Mail

2010-08-01 19:10 . 2010-08-01 19:10 -------- d-----w- c:\arquivos de programas\AnyDVD Registration

2010-08-01 19:10 . 2010-08-01 16:34 -------- d-----w- c:\arquivos de programas\SlySoft

2010-08-01 18:38 . 2010-08-01 18:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-08-01 18:38 . 2010-08-01 18:38 47360 ----a-w- c:\documents and settings\xp\Dados de aplicativos\pcouffin.sys

2010-08-01 18:38 . 2010-08-01 18:38 47360 ----a-w- c:\documents and settings\xp\Dados de aplicativos\pcouffin.sys

2010-08-01 18:37 . 2010-08-01 18:37 -------- d-----w- c:\arquivos de programas\VSO

2010-08-01 18:31 . 2010-08-01 18:31 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\AnvSoft

2010-08-01 18:31 . 2010-08-01 18:31 -------- d-----w- c:\arquivos de programas\AnvSoft

2010-08-01 17:52 . 2010-08-01 17:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SlySoft

2010-08-01 16:48 . 2010-08-01 16:48 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2010-08-01 16:19 . 2010-08-01 16:19 -------- d-----w- c:\arquivos de programas\Alcohol Soft

2010-08-01 16:11 . 2010-08-01 16:11 -------- d-----w- c:\arquivos de programas\7-Zip

2010-08-01 15:58 . 2010-08-01 15:56 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter 9.0

2010-08-01 15:50 . 2010-08-01 15:50 -------- d-----w- c:\arquivos de programas\WinAVI MP4 Converter

2010-08-01 03:53 . 2010-08-01 03:53 0 ----a-w- c:\windows\nsreg.dat

2010-08-01 02:42 . 2010-08-01 02:42 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\ViGlance

2010-07-31 03:31 . 2010-07-31 03:30 -------- d-----w- c:\arquivos de programas\Google

2010-07-31 03:00 . 2010-07-31 02:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IM

2010-07-31 02:59 . 2010-07-31 02:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PhotoMail

2010-07-31 02:59 . 2010-07-31 02:59 -------- d-----w- c:\arquivos de programas\PhotoMail Maker

2010-07-31 02:58 . 2010-07-31 02:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IncrediMail

2010-07-31 02:58 . 2010-07-31 02:58 -------- d-----w- c:\arquivos de programas\IncrediMail

2010-07-30 21:15 . 2010-07-29 14:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-30 19:25 . 2010-07-29 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2010-07-29 20:17 . 2010-07-29 20:17 -------- d-----w- c:\arquivos de programas\PokerStars.NET

2010-07-29 19:52 . 2010-07-29 19:52 2605008 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-07-29 19:44 . 2010-07-29 19:44 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Ahead

2010-07-29 19:31 . 2010-07-29 19:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-07-29 19:29 . 2010-07-29 17:45 -------- d-----w- c:\arquivos de programas\Java

2010-07-29 19:29 . 2010-07-29 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2010-07-29 19:29 . 2010-07-29 19:29 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\Corel

2010-07-29 19:29 . 2010-07-29 19:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Protexis

2010-07-29 19:24 . 2010-07-29 19:24 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll

2010-07-29 19:23 . 2010-07-29 19:23 348256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll

2010-07-29 19:23 . 2010-07-29 19:23 416 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2010-07-29 19:21 . 2010-07-29 19:21 -------- d-----w- c:\arquivos de programas\Microsoft Visual Studio 9.0

2010-07-29 19:21 . 2010-07-29 19:21 -------- d-----w- c:\arquivos de programas\Microsoft SDKs

2010-07-29 19:21 . 2010-07-29 19:21 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-07-29 19:20 . 2010-07-29 19:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel

2010-07-29 19:20 . 2010-07-29 19:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis

2010-07-29 19:20 . 2010-07-29 19:20 503808 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ea6b506-n\msvcp71.dll

2010-07-29 19:20 . 2010-07-29 19:20 499712 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ea6b506-n\jmc.dll

2010-07-29 19:20 . 2010-07-29 19:20 348160 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ea6b506-n\msvcr71.dll

2010-07-29 19:16 . 2010-07-29 19:16 -------- d-----w- c:\arquivos de programas\Corel

2010-07-29 19:04 . 2010-07-29 19:04 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-29 18:36 . 2010-07-29 18:36 -------- d-----w- c:\arquivos de programas\Analog Devices

2010-07-29 18:30 . 2010-07-29 18:30 -------- d-----w- c:\documents and settings\xp\Dados de aplicativos\DeviceDoctorSoftware

2010-07-29 18:26 . 2010-07-29 17:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-07-29 18:21 . 2010-07-29 18:21 2605008 ----a-w- c:\documents and settings\xp\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\arquivos de programas\MSBuild

2010-07-29 17:59 . 2010-07-29 17:57 -------- d-----w- c:\arquivos de programas\Windows Live

2010-07-29 17:59 . 2010-07-29 17:59 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2010-07-29 17:58 . 2010-07-29 17:58 -------- d-----w- c:\arquivos de programas\Microsoft

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\arquivos de programas\danny_kay1710 ----

 

2006-11-15 01:40 . 2006-11-15 01:40 4673 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\readme.txt

2006-11-15 01:36 . 2006-11-15 01:36 40448 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\psp iso compressor.exe

2006-11-14 01:08 . 2006-11-14 01:08 142054 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\files\jiso.exe

2006-08-07 20:24 . 2006-08-07 20:24 75264 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\files\zlib1.dll

2006-08-07 20:24 . 2006-08-07 20:24 76002 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\files\ciso.exe

2006-08-07 20:24 . 2006-08-07 20:24 45056 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\files\daxcr.exe

2006-08-07 20:24 . 2006-08-07 20:24 140096 ----a-w- c:\arquivos de programas\danny_kay1710\PSP ISO Compressor\comdlg32.ocx

 

---- Directory of c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe ----

 

2010-08-13 00:00 . 2010-08-15 21:22 1717 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe\regid.1986-12.com.adobe_Photoshop-CS5-Win-GM-MUL.swidtag

 

 

((((((((((((((((((((((((((((( SnapShot@2010-09-12_17.59.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-12 18:09 . 2010-09-12 18:09 16384 c:\windows\Temp\Perflib_Perfdata_184.dat

+ 2009-02-06 03:33 . 2009-02-06 03:33 54544 c:\windows\system32\PCLEGetGuid.dll

+ 2002-01-05 06:38 . 2002-01-05 06:38 54784 c:\windows\system32\msvci70.dll

+ 2009-02-06 03:35 . 2009-02-06 03:35 38160 c:\windows\system32\MLPagAx.dll

+ 2007-01-26 04:04 . 2007-01-26 04:04 27648 c:\windows\system32\ma32.dll

+ 2002-01-05 05:18 . 2002-01-05 05:18 84992 c:\windows\system32\atl70.dll

+ 2010-09-12 19:33 . 2010-09-12 19:33 69632 c:\windows\Installer\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}\VideoSpin.exe

+ 2010-09-12 19:33 . 2010-09-12 19:33 65536 c:\windows\Installer\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}\SC_ReadMe.exe

+ 2010-09-12 19:33 . 2010-09-12 19:33 97527 c:\windows\Installer\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}\SC_HelpTopic_20C7EA5E50C045AE852E20F89C45899E.exe

+ 2009-02-06 03:35 . 2009-02-06 03:35 189712 c:\windows\system32\RALMain.dll

+ 2007-06-22 00:55 . 2007-06-22 00:55 401408 c:\windows\system32\pvmjpg30.dll

+ 2002-01-05 06:40 . 2002-01-05 06:40 487424 c:\windows\system32\msvcp70.dll

+ 2002-01-05 07:36 . 2002-01-05 07:36 964608 c:\windows\system32\mfc70u.dll

+ 2002-01-05 07:48 . 2002-01-05 07:48 974848 c:\windows\system32\mfc70.dll

+ 2007-01-26 04:04 . 2007-01-26 04:04 138752 c:\windows\system32\mase32.dll

+ 2010-09-12 19:33 . 2010-09-12 19:33 21257728 c:\windows\Installer\4c70ec.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"nwiz"="nwiz.exe" [2008-05-03 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NBAgent"="c:\arquivos de programas\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-03 1234216]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\IncrediMail\\Bin\\IncMail.exe"=

"c:\\Arquivos de programas\\IncrediMail\\Bin\\ImApp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\Bin\\ImpCnt.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 13:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 18:39 19472]

S1 setup_9.0.0.722_16.08.2010_06-49(2)drv;setup_9.0.0.722_16.08.2010_06-49(2)drv;c:\windows\system32\DRIVERS\9571266.sys --> c:\windows\system32\DRIVERS\9571266.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [31/7/2010 00:31 136176]

S3 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [25/3/2010 14:39 490280]

S3 slnt;Kaiomy KM8139D 10/100Mbps PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [29/7/2010 15:46 17972]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/8/2010 13:16 697328]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-12 c:\windows\Tasks\User_Feed_Synchronization-{F0A55585-978D-4420-BF7C-89B55AF091B0}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

IE: &Add animation to IncrediMail Style Box - c:\arquivos de programas\IncrediMail\bin\resources\WebMenuImg.htm

IE: Adicionar ao Antifaixas - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\qs6e31vm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.brturbo.com.br/

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\documents and settings\xp\Dados de aplicativos\Mozilla\Firefox\Profiles\qs6e31vm.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\components\GbMzhCef.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-UniDANFe 2.x - c:\unimake\uninfe\uninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-12 23:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2010-09-12 23:51:33

ComboFix-quarantined-files.txt 2010-09-13 02:51

 

Pré-execução: 14 pasta(s) 410.731.646.976 bytes disponíveis

Pós execução: 14 pasta(s) 410.714.009.600 bytes disponíveis

 

- - End Of File - - 1593A7F349D5738A74EC62EC6153BF7D

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

1.

 

:veja: Clique no botão Iniciar

:veja: Clique em Executar

:veja: Digite combofix /uninstall e dê Enter

 

92674490.jpg

 

2.

 

:veja: Faça o download do USBFix'>http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe"]USBFix

:veja: Desative temporariamente seu Antivírus...

:veja: Conecte todos os seus Pendrives ou Disco Removíveis na porta USB do seu PC e não remova-os até que eu solicite.

:veja: Duplo clique em USBFix

:veja: Clique no botão "PESQUISA"

:veja: Copie e Cole o resultado criado em C:\UsbFix.txt...

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Boa noite,

 

1)combofix desinstalado.

 

2)

############################## | UsbFix 7.024 | [Pesquisa]

 

Usuário: xp (Administrador) # PC-LIA [ ]

Atualizado em 09/09/10 por El Desaparecido / C_XX

Começou em 23:16:39 | 13/09/2010

Site: http://www.teamxscript.org

Contato: FindyKill.Contact@gmail.com

 

CPU: Intel® Pentium® 4 CPU 3.00GHz

CPU 2: Intel® Pentium® 4 CPU 3.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: Kaspersky Internet Security 9.0.0.736 [(!) Disabled | Updated]

Firewall: Kaspersky Internet Security 9.0.0.736 [(!) Disabled]

RAM -> 1023 Mb

C:\ (%systemdrive%) -> Disco fixo # 466 Gb (398 Mb livre - 86%) [] # NTFS

D:\ -> CD-ROM

E:\ -> Disco removível # 4 Gb (4 Mb livre - 100%) [] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

 

################## | Registro |

 

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

 

Obrigada pela atenção.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá lilobaby

 

1.

 

:veja: Duplo clique em USBFix

:veja: Clique no botão "Supressão"

:veja: Copie e Cole o resultado criado em C:\UsbFix.txt...

 

2.

 

Informa como está o sistema.

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Boa noite, Diogo.

 

1)

 

############################## | UsbFix 7.024 | [supressão]

 

Usuário: xp (Administrador) # PC-LIA [ ]

Atualizado em 09/09/10 por El Desaparecido / C_XX

Começou em 21:55:53 | 14/09/2010

Site: http://www.teamxscript.org

Contato: FindyKill.Contact@gmail.com

 

CPU: Intel® Pentium® 4 CPU 3.00GHz

CPU 2: Intel® Pentium® 4 CPU 3.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: Kaspersky Internet Security 9.0.0.736 [(!) Disabled | Updated]

Firewall: Kaspersky Internet Security 9.0.0.736 [(!) Disabled]

RAM -> 1023 Mb

C:\ (%systemdrive%) -> Disco fixo # 466 Gb (398 Mb livre - 85%) [] # NTFS

D:\ -> CD-ROM

E:\ -> Disco removível # 4 Gb (4 Mb livre - 97%) [] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

 

################## | Registro |

 

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[29/07/2010 - 16:04:35 | D ] C:\604c1d6de0007caf6b

[13/09/2010 - 00:00:31 | RD ] C:\Arquivos de programas

[29/07/2010 - 11:34:08 | A | 0] C:\AUTOEXEC.BAT

[16/08/2010 - 22:33:05 | D ] C:\b7068edae52977a0bcdb95b4e03d9df1

[29/07/2010 - 11:26:54 | A | 211] C:\Boot.bak

[12/09/2010 - 14:52:42 | RASH | 327] C:\boot.ini

[14/04/2008 - 09:00:00 | RASH | 4952] C:\Bootfont.bin

[12/09/2010 - 14:52:41 | RASHD ] C:\cmdcons

[03/08/2004 - 23:00:16 | RASH | 261856] C:\cmldr

[12/09/2010 - 23:51:35 | A | 32451] C:\ComboFix.txt

[13/09/2010 - 00:04:02 | D ] C:\Config.Msi

[29/07/2010 - 11:34:08 | A | 0] C:\CONFIG.SYS

[15/08/2010 - 18:01:39 | D ] C:\database

[29/07/2010 - 11:40:09 | D ] C:\Documents and Settings

[15/08/2010 - 18:01:39 | D ] C:\DPEC

[03/08/2010 - 17:20:16 | D ] C:\DRIVERS

[29/07/2010 - 11:34:08 | RASH | 0] C:\IO.SYS

[11/09/2010 - 00:33:50 | A | 49962] C:\MP4debug.log

[29/07/2010 - 11:34:08 | RASH | 0] C:\MSDOS.SYS

[29/07/2010 - 15:08:42 | RD ] C:\MSOCache

[14/04/2008 - 09:00:00 | RASH | 47564] C:\NTDETECT.COM

[14/04/2008 - 09:00:00 | RASH | 251696] C:\ntldr

[29/07/2010 - 15:26:18 | D ] C:\NVIDIA

[14/09/2010 - 20:18:43 | ASH | 1610612736] C:\pagefile.sys

[01/08/2010 - 16:33:08 | D ] C:\Program Files

[14/09/2010 - 21:58:08 | SHD ] C:\RECYCLER

[13/09/2010 - 23:13:22 | SHD ] C:\System Volume Information

[13/09/2010 - 13:06:08 | A | 369] C:\testFindSector.log

[14/09/2010 - 21:58:08 | D ] C:\UsbFix

[14/09/2010 - 21:58:14 | A | 1165] C:\UsbFix.txt

[13/09/2010 - 23:12:19 | AD ] C:\WINDOWS

[18/06/2010 - 06:57:07 | RD ] D:\VIDEO_TS

[18/06/2010 - 06:57:07 | RD ] D:\VIDEO_RM

[1009/63/ 0 - 62816:141:63392 | RH | 0] E:\MEMSTICK.IND

[1008/63/ 0 - 62816:141:63392 | RH | 0] E:\MSTK_PRO.IND

[13/09/2010 - 22:04:36 | D ] E:\DCIM

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

E:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | E.O.F |

 

 

2) O sistema deu uma melhorada, mas continua travando um pouco (bem menos), hoje antes de seguir sua orientação, estava vendo umas fotos e na 3ª foto já travou e tive que esperar +- 3 min. para continuar, tenho que ir meio devagar, pois se eu abrir algumas pastas ou programas seguidos ele dá uma travadinha e depois volta, é a mesma coisa na net.. O que está acontecendo, eu sou leiga no assunto, será que peguei algum virus difícil de achar? E o meu anti virus KIS não está me protegendo? Eu optei por este antivirus pago pois achei que me daria uma proteção maior. E o estranho é que os meus problemas começaram, não sei se por coincidência, após ter mudado de empresa telefônica passeio da Oi para a GVT, para ter uma internet mais rápida.

Mais uma vez, agradeço sua atenção em me ajudar.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado

Olá

 

:veja: Duplo clique em USBFix

:veja: Clique no botão "Uninstall"

:veja: Aguarde a desinstalação.

 

Não vejo mais infecção. O problema pode originar do seu hardware.

 

 

Faça o download das seguintes ferramentas abaixo, logo após utilize-as:

 

:veja: Ccleaner'>http://www.baixaki.com.br/site/dwnld53027.htm"]Ccleaner : Faz uma limpeza geral em arquivos desnecessários...

:veja: MV'>http://superdownloads.uol.com.br/download/147/mv-regclean/"]MV RegClean : Rastreia e elimina registros inúteis e totalmente desnecessários do seu sistema

:veja: Spyware'>http://www.baixaki.com.br/site/dwnld28963.htm"]Spyware Blaster : Ele não remove nenhum tipo de malware...mas é um excelente complemento para segurança de seu Anti-Vírus, Anti-Spyware e Firewall, pois ele previne e imuniza instalação de pragas através de controles ActiveX maliciosos, adwares, discadores, hijackers e todo o tipo de conteúdo potencialmente perigoso em páginas da internet. Basta apenas atualizar o programa e imunizar seu sistema sempre...

 

:veja: Iobit'>http://www.baixaki.com.br/site/dwnld47990.htm"]Iobit SmartDefrag: Ótimo desfragmentador gratuito de arquivos, muito útil, leve e eficaz...

 

Veja se os travamentos melhoraram.

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites

lilobaby    0

lilobaby
Postado

Boa noite, agradeço sua ajuda, após ter seguido suas orientações deu uma boa melhorada. Os programas Ccleaner e MVRegClean eu já usava, agora os outros dois baixei mas fiquei com uma dúvida:

 

1) Spyware Blaster: não consegui fazer a atualização do banco de dados, dá erro.

 

2) Iobit SmartDefrag: ele tem outras ferramentas além de desfragmentar, tem algum problema utiliza-las é confiável, por exemplo: Diagnóstico do sistema (Otimização, Imunização, Itens de segurança) , Consertar Windows e Utilitários (ajustes do sistema, segurança e ferramentas administrativas).

 

Obrigada.

 

Eu novamente, descobri o que aconteceu ao clicar para fazer o download do IobitSmartDefrag, ele me redirecionou para outra página e acabei baixando o Advanced SystemCare Free3.7.0, por isso que tem outras opções. Mas mesmo assim, é perigoso utilizá-lo, ou seria melhor eu usar o que você me recomendou? Pois como não havia percebido a diferença cliquei em diagnóstico do sistema e ele acusou 83 erros de otimização, 46 erros de imunização, 941 fragmentos e 0 erros de segurança, eu não cliquei para reparar pois fiquei com medo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Diogo R    0

Diogo R
Postado
2) Iobit SmartDefrag: ele tem outras ferramentas além de desfragmentar, tem algum problema utiliza-las é confiável, por exemplo: Diagnóstico do sistema (Otimização, Imunização, Itens de segurança) , Consertar Windows e Utilitários (ajustes do sistema, segurança e ferramentas administrativas).

O iObit é apenas um desfragmentador.

 

Eu novamente, descobri o que aconteceu ao clicar para fazer o download do IobitSmartDefrag, ele me redirecionou para outra página e acabei baixando o Advanced SystemCare Free3.7.0, por isso que tem outras opções. Mas mesmo assim, é perigoso utilizá-lo, ou seria melhor eu usar o que você me recomendou? Pois como não havia percebido a diferença cliquei em diagnóstico do sistema e ele acusou 83 erros de otimização, 46 erros de imunização, 941 fragmentos e 0 erros de segurança, eu não cliquei para reparar pois fiquei com medo.

 

Ele é um ótimo aplicativo, caso queira corrigir, não tenha medo, mas não vejo necessidade.

 

1

 

Vá em "iniciar > meu computador > botão direito do seu disco > propriedades > ferramentas > verificar agora > marque as duas caixas > inicar > clica em "sim". Quando você ligar seu pc novamente ele fazerá uma verificação no disco, aguarde o termino.

 

 

Depois faça a desfragmentação com o iobit.

 

Conte depois, como o sistema de encontra.

 

 

T+

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito