Nilson N 0 Denunciar post Postado Outubro 7, 2010 Boa tarde! Meu notebook está com um comportamento estranho, enviando pacotes de origem desconhecida para a Internet, o que está consumindo boa parte da minha largura de banda. Vocês poderiam analisar meu log? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:46:27, on 7/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RegSrvc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\LiveZilla\LiveZilla.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/'>http://www.google.com.br/"]http://www.google.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.1:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cep;172.16.*;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LiveZilla] "C:\Arquivos de programas\LiveZilla\LiveZilla.exe" -minimize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Arquivos de programas\WinPcap\rpcapd.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7433 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Outubro 8, 2010 Olá, Nilson N! *Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop *Execute o RSIT e clique em [Continue] *Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Outubro 8, 2010 Olá Felipe_88 Logfile of random's system information tool 1.08 (written by random/random) Run by Dell Latitude at 2010-10-08 17:45:52 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (64%) free of 38 GB Total RAM: 511 MB (35% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\OGALogon.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-02 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-12 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2010-03-31 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-03-31 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-31 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "LiveZilla"=C:\Arquivos de programas\LiveZilla\LiveZilla.exe [2010-09-06 6574080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2009-06-02 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring] C:\WINDOWS\system32\LgNotify.dll [2005-07-05 188482] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= :\WINDOW scecli [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "E:\cold\hott\raidhost.exe"="E:\cold\hott\raidhost.exe:*:Enabled:Windows Messanger" "C:\WINDOWS\raidhost.exe"="C:\WINDOWS\raidhost.exe:*:Enabled:Windows Messanger" "F:\cold\hott\raidhost.exe"="F:\cold\hott\raidhost.exe:*:Enabled:Windows Messanger" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Documents and Settings\Dell Latitude\Configurações locais\Temp\RarSFX0\hl.exe"="C:\Documents and Settings\Dell Latitude\Configurações locais\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher" "C:\Documents and Settings\Dell Latitude\Configurações locais\Temp\RarSFX1\hl.exe"="C:\Documents and Settings\Dell Latitude\Configurações locais\Temp\RarSFX1\hl.exe:*:Enabled:Half-Life Launcher" "C:\Documents and Settings\Dell Latitude\Configurações locais\Temp\RarSFX2\hl.exe"="C:\Documents and Settings\Dell Latitude\Configurações locais\Temp\RarSFX2\hl.exe:*:Enabled:Half-Life Launcher" "C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-10-08 17:45:54 ----D---- C:\Arquivos de programas\trend micro 2010-10-08 17:45:52 ----D---- C:\rsit 2010-10-07 17:48:55 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2010-10-07 17:45:56 ----D---- C:\HijackThis 2010-10-06 19:37:46 ----D---- C:\Arquivos de programas\CACE Technologies 2010-10-06 19:14:00 ----D---- C:\Arquivos de programas\LiveZilla 2010-10-06 18:18:37 ----D---- C:\Documents and Settings\Dell Latitude\Dados de aplicativos\Yahoo! 2010-10-06 18:18:24 ----D---- C:\Arquivos de programas\Yahoo! 2010-10-06 18:17:55 ----D---- C:\Arquivos de programas\CCleaner 2010-10-06 18:12:48 ----D---- C:\Documents and Settings\Dell Latitude\Dados de aplicativos\Avira 2010-10-06 18:10:02 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-10-06 18:10:00 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-10-06 18:10:00 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-10-06 18:10:00 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-10-06 18:10:00 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-10-06 18:09:58 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira 2010-10-06 18:09:58 ----D---- C:\Arquivos de programas\Avira 2010-09-27 10:29:53 ----D---- C:\Arquivos de programas\CD Reader 2010-09-10 15:24:41 ----A---- C:\WINDOWS\system32\ptpusb.dll 2010-09-10 15:24:39 ----A---- C:\WINDOWS\system32\ptpusd.dll 2010-09-10 15:24:37 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys ======List of files/folders modified in the last 1 months====== 2010-10-08 17:45:54 ----RD---- C:\Arquivos de programas 2010-10-08 17:42:14 ----D---- C:\WINDOWS\Prefetch 2010-10-08 17:27:59 ----D---- C:\Documents and Settings\Dell Latitude\Dados de aplicativos\Skype 2010-10-08 16:05:39 ----D---- C:\Documents and Settings\Dell Latitude\Dados de aplicativos\skypePM 2010-10-08 09:14:14 ----D---- C:\WINDOWS\Temp 2010-10-08 09:14:01 ----D---- C:\WINDOWS\system32\CatRoot2 2010-10-08 09:13:59 ----D---- C:\WINDOWS 2010-10-07 18:12:06 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-10-07 17:48:55 ----D---- C:\Arquivos de programas\Arquivos comuns 2010-10-07 14:23:38 ----HD---- C:\WINDOWS\inf 2010-10-06 19:52:12 ----SHD---- C:\WINDOWS\Installer 2010-10-06 19:52:12 ----HD---- C:\Config.Msi 2010-10-06 19:52:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help 2010-10-06 19:43:57 ----SH---- C:\boot.ini 2010-10-06 19:43:53 ----A---- C:\WINDOWS\win.ini 2010-10-06 19:43:53 ----A---- C:\WINDOWS\system.ini 2010-10-06 19:42:26 ----D---- C:\WINDOWS\system32 2010-10-06 19:38:49 ----D---- C:\Arquivos de programas\WinPcap 2010-10-06 19:38:13 ----D---- C:\WINDOWS\system32\NtmsData 2010-10-06 19:37:53 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-10-06 19:35:43 ----SHD---- C:\System Volume Information 2010-10-06 19:21:42 ----D---- C:\Arquivos de programas\Ask.com 2010-10-06 19:21:41 ----SD---- C:\WINDOWS\Tasks 2010-10-06 19:16:35 ----D---- C:\found.002 2010-10-06 19:16:35 ----D---- C:\found.001 2010-10-06 19:16:35 ----D---- C:\found.000 2010-10-06 19:01:42 ----DC---- C:\WINDOWS\system32\dllcache 2010-10-06 19:01:33 ----D---- C:\WINDOWS\system32\CatRoot 2010-10-06 18:27:53 ----D---- C:\WINDOWS\Debug 2010-10-06 18:27:51 ----D---- C:\WINDOWS\Minidump 2010-10-06 18:19:53 ----D---- C:\WINDOWS\repair 2010-10-06 18:19:40 ----D---- C:\WINDOWS\Registration 2010-10-06 18:10:02 ----D---- C:\WINDOWS\system32\drivers 2010-09-27 10:43:07 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-20 11:30:04 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.92 Modem.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Filtro de barramento Intel AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2003-01-23 17217] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-03 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704] R2 s24trans;Transporte por WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-06-17 10970] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-08-21 156160] R3 BCM43XX;Controlador da Placa WLAN sem Fios Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-03 604928] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550] R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-07-22 102400] S3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w70n51;Driver do Adaptador Intel® PRO/Wireless 7100 para Windows XP; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2005-07-26 662400] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2010-10-06 267432] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-03-31 153376] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2005-07-05 122880] R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2005-07-05 421955] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NetSvc;Intel NCS NetService; C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264] S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Arquivos de programas\WinPcap\rpcapd.exe [2009-10-20 117264] S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2010-10-08 17:46:01 ======Uninstall list====== -->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 9 Plugin-->MsiExec.exe /X{008F31A9-4B8E-4411-AA19-2CB3C8DD7507} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AirPcap software 4.1.1-->C:\Arquivos de programas\CACE Technologies\AirPcap\uninstall.exe ALPS Touch Pad Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48} ATI - Utilitário de desinstalação de software-->C:\Arquivos de programas\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Atualização de Segurança para Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Atualização para Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Atualização para Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Atualização para Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Atualização para Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Atualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe" C-Major Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x416 -remove -removeonly Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant D480 MDC V.92 Modem-->C:\Arquivos de programas\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf DCS-900 Series Setup Wizard-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{DEA1117C-9712-4FB7-88B5-C575259E4827}\Setup.exe" -l0x9 Dell Wireless WLAN Card-->"C:\Arquivos de programas\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Arquivos de programas\Dell\Dell Wireless WLAN Card" Desafio Sebrae 2010-->MsiExec.exe /I{2D390AC0-2AC5-4DDB-89A9-7D069C0C2A75} Discador Oi-->"C:\Arquivos de programas\OI\Oi3G\unins000.exe" Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\fmcodec.inf Foxit Reader-->C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe Free PS Convert driver 8.15-->"C:\Arquivos de programas\psconvert\unins000.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix para Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix para Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" Intel® PROSet-->MsiExec.exe /I{b697396d-4bff-430d-9578-8aa5a549777a} Java 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} LiveZilla_3.2.0.2_Client-->MsiExec.exe /I{7042B1D7-9B18-433A-B21B-D7958B014E6D} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E} Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE} Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE} Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE} Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE} Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE} Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 7 Demo-->MsiExec.exe /I{3BC21F9D-8857-4282-3421-A1A07C451046} O2Micro Smartcard Driver-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033 OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Painel de Controle da ATI-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-0416-0000-0000000FF1CE} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E} VLC media player 0.9.8a-->C:\Arquivos de programas\VideoLAN\VLC\uninstall.exe Windows Live Call-->MsiExec.exe /I{590035D9-BFA0-406A-A7F0-479C72C0DDB2} Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1} Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2} Windows Live Messenger-->MsiExec.exe /X{9ADC3E4F-34DA-48CD-8727-BB26D90257BD} Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPcap 4.1.1-->C:\Arquivos de programas\WinPcap\uninstall.exe Word to PDF Converter 3.00-->"C:\Arquivos de programas\PDF-Convert\doc2pdf\unins000.exe" XP Royale Theme-->C:\WINDOWS\Resources\Themes\Uninstall_Royale_Theme.exe ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: DIEGO Event Code: 7036 Message: O serviço avast! Web Scanner entrou no estado executando. Record Number: 21642 Source Name: Service Control Manager Time Written: 20100812092250.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 7036 Message: O serviço Telefonia entrou no estado executando. Record Number: 21641 Source Name: Service Control Manager Time Written: 20100812092250.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 7035 Message: O serviço Serviço de descoberta SSDP recebeu com êxito um controle Iniciar. Record Number: 21640 Source Name: Service Control Manager Time Written: 20100812092250.000000-180 Event Type: Informações User: AUTORIDADE NT\SYSTEM Computer Name: DIEGO Event Code: 7036 Message: O serviço Reconhecimento de local da rede (NLA) entrou no estado executando. Record Number: 21639 Source Name: Service Control Manager Time Written: 20100812092250.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 7035 Message: O serviço Reconhecimento de local da rede (NLA) recebeu com êxito um controle Iniciar. Record Number: 21638 Source Name: Service Control Manager Time Written: 20100812092250.000000-180 Event Type: Informações User: AUTORIDADE NT\SYSTEM =====Application event log===== Computer Name: DIEGO Event Code: 2002 Message: Record Number: 7410 Source Name: EAPOL Time Written: 20100728151139.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 2003 Message: Record Number: 7409 Source Name: EAPOL Time Written: 20100728151139.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 1004 Message: O usuário aceitou o Eula. Record Number: 7408 Source Name: WgaSetup Time Written: 20100728151133.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 1002 Message: Starting interactive setup. Record Number: 7407 Source Name: WgaSetup Time Written: 20100728151133.000000-180 Event Type: Informações User: Computer Name: DIEGO Event Code: 1006 Message: O Eula foi aceito anteriormente. Record Number: 7406 Source Name: WgaSetup Time Written: 20100728151133.000000-180 Event Type: Informações User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\ATI Technologies\ATI Control Panel;C:\Arquivos de programas\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0d06 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Outubro 18, 2010 Bom dia Nilson N! 1º *Abra o Windows explorer *Conecte o pendrive no PC e mantenha a tecla [shift] apertada até que o pen drive seja reconhecido. 2. *Desative temporariamente seu antivírus Clique com o botão direito do mouse no ícone do Avira ao lado do relógio Clique na opção "Antivir Guard enable". *Baixe o USBFix'>http://chiquitine.changelog.fr/UsbFix.exe"]USBFix e salve-o no desktop *Execute o UsbFix *Clique em [Pesquisa] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Outubro 20, 2010 Boa tarde, Felipe_88! ############################## | UsbFix 7.032 | [Pesquisa] Usuário: Dell Latitude (Administrador) # DIEGO [ ] Atualizado em 17/10/10 por El Desaparecido / C_XX Começou em 14:05:50 | 20/10/2010 Site: http://www.teamxscript.org'>http://www.teamxscript.org"]http://www.teamxscript.org Contato: eldesaparecido@arx-services.com CPU: Intel® Pentium® M processor 1.60GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 7.0.5730.11 Windows Firewall: Habilitado Antivirus: AntiVir Desktop 10.0.1.44 [(!) Disabled | Updated] RAM -> 511 Mb C:\ (%systemdrive%) -> Disco fixo # 37 Gb (23 Mb livre - 62%) [] # NTFS D:\ -> CD-ROM E:\ -> Disco removível # 2 Gb (2 Mb livre - 99%) [ÁLVARO] # FAT ################## | Ficheiros # pastas infeciosos | Presente ! E:\woaurud.exe Presente ! E:\woaurud.scr Presente ! E:\siuon.exe Presente ! C:\DOCUME~1\DELLLA~1\CONFIG~1\Temp\VWL41.tmp Presente ! E:\Autorun.inf Presente ! E:\siuon.exe Presente ! E:\cold ################## | Registro | Presente ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{048b0ac0-6e28-11de-905c-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{0c58b501-4d63-11de-9043-000b7d0c4747} Shell\AutoRun\Command = mb9x.exe Shell\open\Command = mb9x.exe HKCU\.\.\.\.\Explorer\MountPoints2\{0cef84b1-dfa5-11de-90b4-0015c51f1514} Shell\AutoRun\Command = E:\cold\hott\raidhost.exe Shell\Explore\Command = E:\cold\hott\raidhost.exe Shell\open\Command = E:\cold\hott\raidhost.exe HKCU\.\.\.\.\Explorer\MountPoints2\{10aa2e42-4355-11df-914e-000b7d0c2243} Shell\AutoRun\Command = E:\kmj.exe Shell\open\Command = E:\kmj.exe HKCU\.\.\.\.\Explorer\MountPoints2\{21d0f060-635f-11de-9058-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{30e1be40-ea5a-11dd-8fe5-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{30e87f4a-1583-11de-9018-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{326159a0-cec3-11dd-8fc0-000b7d0c4747} Shell\AutoRun\Command = RavMon.exe Shell\explore\Command = RavMon.exe -e Shell\open\Command = RavMon.exe HKCU\.\.\.\.\Explorer\MountPoints2\{45035bf0-b31f-11dd-8f94-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{46e5a240-118a-11df-9101-000b7d0c2243} Shell\AutoRun\Command = E:\cold\hott\raidhost.exe Shell\Explore\Command = E:\cold\hott\raidhost.exe Shell\open\Command = E:\cold\hott\raidhost.exe HKCU\.\.\.\.\Explorer\MountPoints2\{4c4c38e0-a548-11df-91dd-000b7d0c2243} Shell\AutoRun\Command = wscript.exe VirusCleaner.vbe Shell\open\Command = wscript.exe VirusCleaner.vbe HKCU\.\.\.\.\Explorer\MountPoints2\{4ed7fd70-ddcf-11de-90b2-0015c51f1514} Shell\AutoRun\Command = E:\b.exe Shell\explore\Command = E:\b.exe Shell\open\Command = E:\b.exe HKCU\.\.\.\.\Explorer\MountPoints2\{51CF8924-37F9-43CE-80EB-901C2E22FC63} Shell\AutoRun\Command = EXPLORER.EXE Shell\explore\Command = EXPLORER.EXE Shell\open\Command = EXPLORER.EXE HKCU\.\.\.\.\Explorer\MountPoints2\{55307f10-ea12-11dd-8fe0-000b7d0c4747} Shell\AutoRun\Command = E:\6qaiu.com Shell\explore\Command = E:\6qaiu.com Shell\open\Command = E:\6qaiu.com HKCU\.\.\.\.\Explorer\MountPoints2\{5b3e1057-0c07-11df-90fa-000b7d0c2243} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{5b3e105a-0c07-11df-90fa-000b7d0c2243} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{5b3e105b-0c07-11df-90fa-000b7d0c2243} Shell\AutoRun\Command = cold\hott\raidhost.exe Shell\Explore\Command = cold\hott\raidhost.exe Shell\open\Command = cold\hott\raidhost.exe HKCU\.\.\.\.\Explorer\MountPoints2\{663797C9-71DD-4448-87AB-D23A8489CEE2} Shell\AutoRun\Command = EXPLORER.EXE Shell\explore\Command = EXPLORER.EXE Shell\open\Command = EXPLORER.EXE HKCU\.\.\.\.\Explorer\MountPoints2\{75948051-52cc-11de-904b-000b7d0c4747} Shell\AutoRun\Command = F:\2u.com Shell\explore\Command = F:\2u.com Shell\open\Command = F:\2u.com HKCU\.\.\.\.\Explorer\MountPoints2\{79bd5160-05c0-11de-9006-000b7d0c4747} Shell\AutoRun\Command = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe Shell\open\Command = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe HKCU\.\.\.\.\Explorer\MountPoints2\{7deb7640-73df-11de-9064-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{865fa4b9-ff73-11de-90e7-000b7d0c2243} Shell\AutoRun\Command = E:\Launcher.exe HKCU\.\.\.\.\Explorer\MountPoints2\{8820dc70-56d8-11de-904c-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{8e5800a0-4713-11de-903c-000b7d0c4747} Shell\AutoRun\Command = E:\b.exe Shell\explore\Command = E:\b.exe Shell\open\Command = E:\b.exe HKCU\.\.\.\.\Explorer\MountPoints2\{9F7723D1-C4C2-4B21-914A-FC57D0A539B4} Shell\AutoRun\Command = DUPLI//blizanko.exe Shell\open\Command = DUPLI//blizanko.exe HKCU\.\.\.\.\Explorer\MountPoints2\{aab52770-f6f5-11dd-8ff3-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{acee3631-050c-11de-9003-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{acee3632-050c-11de-9003-000b7d0c4747} Shell\AuToPlay\Command = D:\owyvl.exe Shell\AutoRun\Command = D:\owyvl.exe Shell\ExplOre\Command = D:\owyvl.exe Shell\OPen\Command = D:\owyvl.exe HKCU\.\.\.\.\Explorer\MountPoints2\{aff2d1b3-3350-11df-912f-000b7d0c2243} Shell\AutoRun\Command = F:\cold\hott\raidhost.exe Shell\Explore\Command = F:\cold\hott\raidhost.exe Shell\open\Command = F:\cold\hott\raidhost.exe HKCU\.\.\.\.\Explorer\MountPoints2\{b014c8f2-ee67-11de-90d2-000b7d0c2243} Shell\AutoRun\Command = kgXhaZ.exe Shell\opEN\Command = KGxhAZ.ExE HKCU\.\.\.\.\Explorer\MountPoints2\{d49aa960-f290-11de-90d5-000b7d0c2243} Shell\AutoRun\Command = E:\kiCmRB.EXe Shell\opEN\Command = E:\KiCMRB.EXe HKCU\.\.\.\.\Explorer\MountPoints2\{DC623F24-2E16-468C-8BC5-73AB7AF8B96C} Shell\AutoRun\Command = DUPLI//blizanko.exe Shell\open\Command = DUPLI//blizanko.exe HKCU\.\.\.\.\Explorer\MountPoints2\{f48fd050-b7c8-11dd-8f97-000b7d0c4747} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ################## | Vaccin | (!) Este computador não é vacinada! ################## | E.O.F | Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Outubro 21, 2010 Nilson N, 1º *Conecte novamente o Pendrive no PC *Execute o UsbFix *Clique em [supressão] e aguarde o término *Remova o Pendrive *Cole o relatório criado em C:\UsbFix.txt No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Outubro 21, 2010 Boa tarde, Felipe_88. ############################## | UsbFix 7.032 | [supressão] Usuário: Dell Latitude (Administrador) # DIEGO [ ] Atualizado em 17/10/10 por El Desaparecido / C_XX Começou em 13:56:58 | 21/10/2010 Site: http://www.teamxscript.org'>http://www.teamxscript.org"]http://www.teamxscript.org Contato: eldesaparecido@arx-services.com CPU: Intel® Pentium® M processor 1.60GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 7.0.5730.11 Windows Firewall: Habilitado Antivirus: AntiVir Desktop 10.0.1.44 [(!) Disabled | Updated] RAM -> 511 Mb C:\ (%systemdrive%) -> Disco fixo # 37 Gb (23 Mb livre - 62%) [] # NTFS D:\ -> CD-ROM E:\ -> Disco removível # 2 Gb (2 Mb livre - 99%) [ÁLVARO] # FAT ################## | Ficheiros # pastas infeciosos | Supprimido ! C:\DOCUME~1\DELLLA~1\CONFIG~1\Temp\VWL41.tmp Supprimido ! C:\Recycler\S-1-5-21-1844237615-764733703-1060284298-1003 ################## | Registro | Supprimido ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman ################## | Mountpoints2 | Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{048b0ac0-6e28-11de-905c-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0c58b501-4d63-11de-9043-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0cef84b1-dfa5-11de-90b4-0015c51f1514} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{10aa2e42-4355-11df-914e-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{21d0f060-635f-11de-9058-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{30e1be40-ea5a-11dd-8fe5-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{326159a0-cec3-11dd-8fc0-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{45035bf0-b31f-11dd-8f94-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{4c4c38e0-a548-11df-91dd-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{51CF8924-37F9-43CE-80EB-901C2E22FC63} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{55307f10-ea12-11dd-8fe0-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{5b3e1057-0c07-11df-90fa-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{5b3e105b-0c07-11df-90fa-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{663797C9-71DD-4448-87AB-D23A8489CEE2} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{75948051-52cc-11de-904b-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{79bd5160-05c0-11de-9006-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{7deb7640-73df-11de-9064-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{865fa4b9-ff73-11de-90e7-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{8820dc70-56d8-11de-904c-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{8e5800a0-4713-11de-903c-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{9F7723D1-C4C2-4B21-914A-FC57D0A539B4} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{aab52770-f6f5-11dd-8ff3-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{acee3632-050c-11de-9003-000b7d0c4747} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{aff2d1b3-3350-11df-912f-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{d49aa960-f290-11de-90d5-000b7d0c2243} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{DC623F24-2E16-468C-8BC5-73AB7AF8B96C} Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{f48fd050-b7c8-11dd-8f97-000b7d0c4747} ################## | Listing | [07/04/2010 - 11:47:39 | D ] C:\1945dfd64df17c091e3a [27/05/2010 - 09:39:44 | D ] C:\Ares Tube [08/10/2010 - 17:45:54 | D ] C:\Arquivos de programas [05/07/2005 - 22:13:16 | N | 279] C:\Atalho para Disco local ©.lnk [29/09/2008 - 10:49:24 | N | 0] C:\AUTOEXEC.BAT [29/09/2008 - 14:50:32 | N | 192] C:\BcBtRmv.log [06/10/2010 - 19:43:57 | N | 211] C:\boot.ini [04/08/2004 - 09:00:00 | N | 4952] C:\Bootfont.bin [20/10/2010 - 10:30:52 | D ] C:\Config.Msi [29/09/2008 - 10:49:24 | N | 0] C:\CONFIG.SYS [29/09/2008 - 11:59:38 | D ] C:\dell [24/06/2010 - 14:16:36 | D ] C:\Documents and Settings [03/10/2008 - 14:49:44 | D ] C:\drivers [16/05/2009 - 16:39:56 | N | 31784] C:\drwtsn32.log [06/10/2010 - 19:16:35 | D ] C:\found.000 [06/10/2010 - 19:16:35 | D ] C:\found.001 [06/10/2010 - 19:16:35 | D ] C:\found.002 [07/10/2010 - 17:46:26 | D ] C:\HijackThis [29/09/2008 - 10:49:24 | N | 0] C:\IO.SYS [29/09/2008 - 10:49:24 | N | 0] C:\MSDOS.SYS [08/04/2010 - 15:04:19 | RHD ] C:\MSOCache [04/08/2004 - 09:00:00 | N | 47564] C:\NTDETECT.COM [06/10/2008 - 08:34:10 | N | 251696] C:\ntldr [21/10/2010 - 09:19:27 | ASH | 805306368] C:\pagefile.sys [25/02/2010 - 11:46:50 | D ] C:\peanut [21/10/2010 - 13:57:58 | SHD ] C:\RECYCLER [08/10/2010 - 17:46:01 | D ] C:\rsit [06/10/2010 - 19:35:43 | SHD ] C:\System Volume Information [21/10/2010 - 13:57:58 | D ] C:\UsbFix [21/10/2010 - 13:58:03 | A | 999] C:\UsbFix.txt [21/10/2010 - 09:20:42 | D ] C:\WINDOWS [31/08/2009 - 21:49:34 | N | 805888] E:\Administração do Tempo.ppt [19/08/2010 - 16:50:46 | N | 12493142] E:\Reportagem TV Bandeirantes.asf [14/10/2010 - 08:47:50 | N | 519168] E:\2009 - apresentação CEAP - resumo.ppt [14/10/2010 - 14:59:50 | N | 854528] E:\2010 - apresentação CEAP - resumo.ppt ################## | Vaccin | C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) E:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) ################## | Upload | Favor enviar o arquivo: C:\UsbFix_Upload_Me_DIEGO.zip http://chiquitine.changelog.fr/Sample/Upload.php'>http://chiquitine.changelog.fr/Sample/Upload.php"]http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição. ################## | E.O.F | Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Outubro 22, 2010 Nilson N, 1º Favor enviar o arquivo: C:\UsbFix_Upload_Me_DIEGO.zip http://chiquitine.changelog.fr/Sample/Upload.php'>http://chiquitine.changelog.fr/Sample/Upload.php"]http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição. 2º *Execute o UsbFix *Clique [uninstall] 3º *Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e siga o tutorial ComboFix'>http://infolipeinformatica.blogspot.com/2010/10/combofix-parte-i-instalacao.html"]ComboFix Parte I : Instalação No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Outubro 27, 2010 Boa tarde, Felipe_88! ComboFix 10-10-26.04 - Dell Latitude 27/10/2010 12:38:09.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.254 [GMT -3:00] Executando de: c:\documents and settings\Dell Latitude\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\Arquivos comuns\Real\WeatherBug\MiniBugTransporter.dll c:\documents and settings\All Users\Dados de aplicativos\1pdfdec.dll c:\windows\inf\asynceql.inf c:\windows\system32\vbzlib1.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))) . 2010-10-27 15:26 . 2010-10-27 15:26 -------- d-----w- c:\windows\LastGood.Tmp 2010-10-27 15:22 . 2010-10-27 15:37 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Temp 2010-10-27 15:22 . 2010-10-27 15:24 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Google 2010-10-20 17:05 . 2010-10-22 19:02 -------- d-----w- C:\UsbFix 2010-10-08 20:45 . 2010-10-08 20:45 -------- d-----w- c:\arquivos de programas\trend micro 2010-10-08 20:45 . 2010-10-08 20:46 -------- d-----w- C:\rsit 2010-10-07 20:48 . 2010-10-07 20:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2010-10-07 20:45 . 2010-10-07 20:46 -------- d-----w- C:\HijackThis 2010-10-06 22:37 . 2010-10-06 22:37 -------- d-----w- c:\arquivos de programas\CACE Technologies 2010-10-06 22:14 . 2010-10-06 22:14 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\{D0081B32-0EC9-408F-B9D4-3C79FBA1F977} 2010-10-06 22:14 . 2010-10-06 22:14 -------- d-----w- c:\arquivos de programas\LiveZilla 2010-10-06 21:18 . 2010-10-06 21:18 -------- d-----w- c:\documents and settings\Dell Latitude\Dados de aplicativos\Yahoo! 2010-10-06 21:18 . 2010-10-06 22:42 -------- d-----w- c:\arquivos de programas\Yahoo! 2010-10-06 21:17 . 2010-10-06 21:18 -------- d-----w- c:\arquivos de programas\CCleaner 2010-10-06 21:12 . 2010-10-06 21:12 -------- d-----w- c:\documents and settings\Dell Latitude\Dados de aplicativos\Avira 2010-10-06 21:10 . 2010-03-01 12:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-06 21:10 . 2010-02-16 16:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-06 21:10 . 2009-05-11 14:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-06 21:10 . 2009-05-11 14:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-06 21:09 . 2010-10-06 21:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-10-06 21:09 . 2010-10-06 21:09 -------- d-----w- c:\arquivos de programas\Avira . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-21 16:58 . 2010-10-21 16:58 26955 ----a-w- C:\UsbFix_Upload_Me_DIEGO.zip . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-06-02 24264488] "Google Update"="c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-10-27 136176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "LiveZilla"="c:\arquivos de programas\LiveZilla\LiveZilla.exe" [2010-09-06 6574080] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2005-07-05 04:33 188482 ------w- c:\windows\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6258:TCP"= 6258:TCP:figiyg R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [6/10/2010 18:10 135336] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 15:19 50704] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [29/9/2008 12:04 92550] S2 rggpuompv;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 09:00 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rggpuompv . Conteúdo da pasta 'Tarefas Agendadas' 2010-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-10-27 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-10-27 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-06-08 01:18] . . ------- Scan Suplementar ------- . uInternet Settings,ProxyServer = 172.16.0.1:8080 uInternet Settings,ProxyOverride = *.cep;172.16.*;<local> IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORFÃOS REMOVIDOS - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-27 11:51 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rggpuompv] "ServiceDll"="c:\windows\system32\kjizll.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1844237615-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FF21054-2C8F-8F2B-AD20-F282BC8A5F0A}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\LgNotify.dll - - - - - - - > 'explorer.exe'(3764) c:\windows\system32\WININET.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\S24EvMon.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\System32\SCardSvr.exe c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\RegSrvc.exe c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Tempo para conclusão: 2010-10-27 11:56:52 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-10-27 14:56 Pré-execução: 16 pasta(s) 24.353.460.224 bytes disponíveis Pós execução: 19 pasta(s) 24.728.117.248 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - C286F4027FE3E087F63EFE0B68AD7BF2 Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Outubro 29, 2010 Nilson N, *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: Killall::File:: c:\windows\system32\kjizll.dll Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6258:TCP"=- NetSvcs:: rggpuompv figiyg *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório *Cole o relatório criado em C:\combofix.txt No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Outubro 30, 2010 Olá Felipe_88, ComboFix 10-10-29.03 - Dell Latitude 30/10/2010 8:14.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.174 [GMT -3:00] Executando de: c:\documents and settings\Dell Latitude\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Dell Latitude\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\kjizll.dll" . (((((((((((((((( Arquivos/Ficheiros criados de 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))) . 2010-10-27 15:22 . 2010-10-27 15:37 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Temp 2010-10-27 15:22 . 2010-10-27 15:24 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Google 2010-10-27 15:19 . 2010-10-27 15:19 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\{D0081B32-0EC9-408F-B9D4-3C79FBA1F977} 2010-10-20 17:05 . 2010-10-22 19:02 -------- d-----w- C:\UsbFix 2010-10-08 20:45 . 2010-10-08 20:45 -------- d-----w- c:\arquivos de programas\trend micro 2010-10-08 20:45 . 2010-10-08 20:46 -------- d-----w- C:\rsit 2010-10-07 20:48 . 2010-10-07 20:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard 2010-10-07 20:45 . 2010-10-07 20:46 -------- d-----w- C:\HijackThis 2010-10-06 22:37 . 2010-10-06 22:37 -------- d-----w- c:\arquivos de programas\CACE Technologies 2010-10-06 22:14 . 2010-10-27 15:19 -------- d-----w- c:\arquivos de programas\LiveZilla 2010-10-06 21:18 . 2010-10-06 21:18 -------- d-----w- c:\documents and settings\Dell Latitude\Dados de aplicativos\Yahoo! 2010-10-06 21:18 . 2010-10-06 22:42 -------- d-----w- c:\arquivos de programas\Yahoo! 2010-10-06 21:17 . 2010-10-06 21:18 -------- d-----w- c:\arquivos de programas\CCleaner 2010-10-06 21:12 . 2010-10-06 21:12 -------- d-----w- c:\documents and settings\Dell Latitude\Dados de aplicativos\Avira 2010-10-06 21:10 . 2010-03-01 12:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-06 21:10 . 2010-02-16 16:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-10-06 21:10 . 2009-05-11 14:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-10-06 21:10 . 2009-05-11 14:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-10-06 21:09 . 2010-10-06 21:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-10-06 21:09 . 2010-10-06 21:09 -------- d-----w- c:\arquivos de programas\Avira . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-21 16:58 . 2010-10-21 16:58 26955 ----a-w- C:\UsbFix_Upload_Me_DIEGO.zip 2010-09-18 15:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 12:00 974848 ------w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 12:00 954368 ------w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 12:00 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-09 13:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:34 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:34 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll 2010-09-09 13:34 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-09-08 15:58 . 2004-08-04 12:00 389120 ------w- c:\windows\system32\html.iec 2010-09-01 11:52 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2008-09-29 16:58 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2004-08-04 12:00 119808 ------w- c:\windows\system32\t2embed.dll 2010-08-27 05:53 . 2008-09-29 16:58 99840 ------w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 10:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2008-09-29 16:58 357248 ------w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2008-09-29 16:58 617472 ------w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:44 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-06-02 24264488] "Google Update"="c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-10-27 136176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696] "LiveZilla"="c:\arquivos de programas\LiveZilla\LiveZilla.exe" [2010-09-06 6574080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2005-07-05 04:33 188482 ------w- c:\windows\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [6/10/2010 18:10 135336] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 15:19 50704] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [29/9/2008 12:04 92550] S2 rggpuompv;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 09:00 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rggpuompv . Conteúdo da pasta 'Tarefas Agendadas' 2010-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-10-30 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-10-30 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-06-08 01:18] . . ------- Scan Suplementar ------- . uInternet Settings,ProxyServer = 172.16.0.1:8080 uInternet Settings,ProxyOverride = *.cep;172.16.*;<local> IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-30 08:23 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rggpuompv] "ServiceDll"="c:\windows\system32\kjizll.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1844237615-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FF21054-2C8F-8F2B-AD20-F282BC8A5F0A}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\LgNotify.dll - - - - - - - > 'explorer.exe'(2716) c:\windows\system32\WININET.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\S24EvMon.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\system32\Ati2evxx.exe c:\windows\System32\bcmwltry.exe c:\windows\System32\SCardSvr.exe c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\RegSrvc.exe c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Tempo para conclusão: 2010-10-30 08:29:52 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-10-30 11:29 ComboFix2.txt 2010-10-27 14:56 Pré-execução: 18 pasta(s) 23.093.288.960 bytes disponíveis Pós execução: 19 pasta(s) 23.119.835.136 bytes disponíveis - - End Of File - - 059ED10CAD4066F81D40EAB26EFF8D3F Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Novembro 5, 2010 Nilson N, Caro colega, por gentileza desculpe a demora... Continudiade... *Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo: Killall::Registry:: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rggpuompv] "ServiceDll"=- *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório *Cole o relatório criado em C:\combofix.txt No aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Novembro 10, 2010 Olá Felipe_88, Também peço desculpas pelo atraso. ComboFix 10-11-09.03 - Dell Latitude 10/11/2010 16:51:26.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.166 [GMT -3:00] Executando de: c:\documents and settings\Dell Latitude\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Dell Latitude\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))) . 2010-11-03 11:33 . 2010-11-03 11:33 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar 2010-10-27 15:22 . 2010-11-05 19:20 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Temp 2010-10-27 15:22 . 2010-10-27 15:24 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Google 2010-10-27 15:19 . 2010-10-27 15:19 -------- d-----w- c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\{D0081B32-0EC9-408F-B9D4-3C79FBA1F977} 2010-10-20 17:05 . 2010-10-22 19:02 -------- d-----w- C:\UsbFix . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 11:32 . 2010-10-06 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-03 11:32 . 2010-10-06 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-21 16:58 . 2010-10-21 16:58 26955 ----a-w- C:\UsbFix_Upload_Me_DIEGO.zip 2010-09-18 15:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 12:00 974848 ------w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 12:00 954368 ------w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 12:00 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-09 13:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:34 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:34 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll 2010-09-09 13:34 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-09-08 15:58 . 2004-08-04 12:00 389120 ------w- c:\windows\system32\html.iec 2010-09-01 11:52 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2008-09-29 16:58 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2004-08-04 12:00 119808 ------w- c:\windows\system32\t2embed.dll 2010-08-27 05:53 . 2008-09-29 16:58 99840 ------w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 10:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2008-09-29 16:58 357248 ------w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2008-09-29 16:58 617472 ------w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:44 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2009-06-02 24264488] "Google Update"="c:\documents and settings\Dell Latitude\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-10-27 136176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696] "LiveZilla"="c:\arquivos de programas\LiveZilla\LiveZilla.exe" [2010-09-06 6574080] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-02-12 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2005-07-05 04:33 188482 ------w- c:\windows\system32\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [6/10/2010 18:10 135336] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 15:19 50704] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [29/9/2008 12:04 92550] S2 rggpuompv;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 09:00 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rggpuompv . Conteúdo da pasta 'Tarefas Agendadas' 2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-11-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07] 2010-11-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-06-08 01:18] . . ------- Scan Suplementar ------- . uInternet Settings,ProxyOverride = <local> IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-10 17:00 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rggpuompv] "ServiceDll"="c:\windows\system32\kjizll.dll" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1844237615-764733703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FF21054-2C8F-8F2B-AD20-F282BC8A5F0A}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\LgNotify.dll - - - - - - - > 'explorer.exe'(1724) c:\windows\system32\WININET.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\S24EvMon.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\System32\SCardSvr.exe c:\arquivos de programas\Real\RealPlayer\RealPlay.exe c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\RegSrvc.exe c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Tempo para conclusão: 2010-11-10 17:07:45 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-11-10 20:07 ComboFix2.txt 2010-10-30 11:29 ComboFix3.txt 2010-10-27 14:56 Pré-execução: 18 pasta(s) 22.840.999.936 bytes disponíveis Pós execução: 19 pasta(s) 22.822.662.144 bytes disponíveis - - End Of File - - 55B57713177BE7C00345F6B3D1B76C72 Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Novembro 11, 2010 Nilson N, 1º *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2º *Faça um scan online com o NOD32'>http://eset.com/onlinescan"]NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
Nilson N 0 Denunciar post Postado Novembro 17, 2010 Olá Felipe_88, ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=b991fce0b91e404b94d0a73d0ab6c76b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-11-17 08:23:06 # local_time=2010-11-17 05:23:06 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 2529927 2529927 0 0 # compatibility_mode=768 16777215 100 0 16201334 16201334 0 0 # compatibility_mode=1797 16775141 100 93 0 48179374 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=42584 # found=0 # cleaned=0 # scan_time=3137 Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 9, 2010 Nilson N, Desculpe a demora... 1º *Baixe o ATF Cleaner e salve-o no desktop *Duplo clique em ATF-Cleaner *Selecione: [] Select All *Clique em [Empty Selected] =>Caso use Firefox ou Opera: *Clique na aba "Firefox" ou em "Opera" *Selecione: [] Select All *Clique em [sim] > [Empty Selected] > [sim] *Clique em [Exit] ou no [X] para sair do programa ->OK 2º *Baixe e instale o CCleaner *Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos" *Clique em [Executar Limpeza] *Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados] ->Teve muitos erros mais corrigiu todos * Por gentileza, use regularmente o ATFCleaner e o CCleaner para manter o PC em ordem. Nos informa como está o PC após esses procedimentos. No aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Janeiro 8, 2011 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
