logan_pa 0 Denunciar post Postado Novembro 8, 2010 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:43:09, on 08/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Intel\AMT\atchk.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DNA\btdna.exe C:\Users\andre.crins\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\explorer.exe C:\Program Files\WTouch\WTouchUser.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\andre.crins\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\issas.exe C:\Windows\system32\conime.exe C:\Program Files\Panda USB Vaccine\USBVaccine.exe C:\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.101.0.33:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Microsoft Install Manager] C:\Windows\system32\issas.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\andre.crins\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Gerenciamento do Cliente de Firewall da Microsoft.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} (CDFusionActiveXCtl Object) - http://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IASD.ORG O17 - HKLM\Software\..\Telephony: DomainName = IASD.ORG O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IASD.ORG O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IASD.ORG O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\Windows\SYSTEM32\DWRCS.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9fa79b2c71ced) (gupdate1c9fa79b2c71ced) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 15764 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 8, 2010 Olá logan_pa *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] *Clique [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 8, 2010 Olá logan_pa *Baixe o MalwareBytes'>http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html"]MalwareBytes Anti-malware e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] *Clique [Remover Selecionados] *Cole o relatório apresentado Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 5075 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 08/11/2010 18:51:38 mbam-log-2010-11-08 (18-51-38).txt Tipo de Verificação: Verificação Completa (C:\|F:\|) Objetos escaneados: 490311 Tempo decorrido: 3 hora(s), 21 minuto(s), 39 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 2 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 8, 2010 Olá logan_pa *Baixe o Kaspersky Virus Removal Tool e salve-o no desktop *Clique com o botão direito no Kaspersky e selecione "Executar como administrador" e instale o programa *Selecione a opção: [X] Meu Computador *Clique em [start scan]....aguarde. Pode demorar, seja paciente! *Caso encontre algo, clique [skip] ou [ignorar] *Ao finalizar, clique [Report] *Uma janela chamada "Detailed report" será aberta *Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados *Clique com o botão direito do mouse em Autoscan e selecione "Select all" *Clique novamente com o botão direito do mouse e selecione "Copy" *Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt *Feche a janela "Detailed report" do Kasperky *Na tela principal do Kaspersky clique em [Exit] > [No] *Cole o relatório log.txt salvo no desktop Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 9, 2010 Olá logan_pa *Baixe o Kaspersky'>http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/"]Kaspersky Virus Removal Tool e salve-o no desktop *Clique com o botão direito no Kaspersky e selecione "Executar como administrador" e instale o programa *Selecione a opção: [X] Meu Computador *Clique em [start scan]....aguarde. Pode demorar, seja paciente! *Caso encontre algo, clique [skip] ou [ignorar] *Ao finalizar, clique [Report] *Uma janela chamada "Detailed report" será aberta *Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados *Clique com o botão direito do mouse em Autoscan e selecione "Select all" *Clique novamente com o botão direito do mouse e selecione "Copy" *Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt *Feche a janela "Detailed report" do Kasperky *Na tela principal do Kaspersky clique em [Exit] > [No] *Cole o relatório log.txt salvo no desktop Verificação automática: concluído 3 minutos atrás (eventos: 14, objetos: 1072403, hora: 13:18:15) 08/11/2010 19:57:25 Tarefa iniciada Ação padrão selecionada 08/11/2010 21:10:02 Detectados: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Plug-Ins\tladjust.8bf Ação padrão selecionada 08/11/2010 21:10:02 Não neutralizado: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Plug-Ins\tladjust.8bf Adiado 08/11/2010 22:43:51 Detectados: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Topaz Labs\Topaz Adjust\Plugins\tladjust.8bf Ação padrão selecionada 08/11/2010 22:43:51 Não neutralizado: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Topaz Labs\Topaz Adjust\Plugins\tladjust.8bf Adiado 09/11/2010 01:57:48 Detectados: Trojan-PSW.Win32.Agent.rhn C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\tladjust.8bf Ação padrão selecionada 09/11/2010 01:57:48 Não neutralizado: Trojan-PSW.Win32.Agent.rhn C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\tladjust.8bf Adiado 09/11/2010 03:08:20 Detectados: Trojan-PSW.Win32.Agent.rhn C:\Program Files\Topaz Labs\Topaz Adjust\Plugins\tladjust.8bf Ação padrão selecionada 09/11/2010 03:08:20 Não neutralizado: Trojan-PSW.Win32.Agent.rhn C:\Program Files\Topaz Labs\Topaz Adjust\Plugins\tladjust.8bf Adiado 09/11/2010 07:06:03 Detectados: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Plug-Ins\tladjust.8bf Ação padrão selecionada 09/11/2010 09:15:03 Excluído: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Plug-Ins\tladjust.8bf Ação padrão selecionada 09/11/2010 09:15:03 Detectados: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Topaz Labs\Topaz Adjust\Plugins\tladjust.8bf Ação padrão selecionada 09/11/2010 09:15:40 Excluído: Trojan-PSW.Win32.Agent.rhn C:\Arquivos de programas\Topaz Labs\Topaz Adjust\Plugins\tladjust.8bf Ação padrão selecionada 09/11/2010 09:15:41 Tarefa concluída Ação padrão selecionada Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 9, 2010 Por favor... Envie o arquivo abaixo para análise em http://www.virustotal.com.br C:\Windows\system32\issas.exe Cole o link do resultado. Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 9, 2010 Por favor... Envie o arquivo abaixo para análise em http://www.virustotal.com.br C:\Windows\system32\issas.exe Cole o link do resultado. File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: d8aed2326e96526c6456d745f4a74a2b Date first seen: 2010-10-25 12:59:28 (UTC) Date last seen: 2010-10-25 12:59:28 (UTC) Detection ratio: 15/43 --- Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 9, 2010 *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Clique com o botão direito do mouse no Combofix e execute-o como administrador *Aceite o contrato *Aguarde a conclusão de todas as etapas *Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER] *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 10, 2010 *Desative temporariamente seu antivírus *Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop *Clique com o botão direito do mouse no Combofix e execute-o como administrador *Aceite o contrato *Aguarde a conclusão de todas as etapas *Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER] *Cole o relatório C:\combofix.txt ComboFix 10-11-09.01 - andre.crins 10/11/2010 10:23:20.2.4 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.55.1046.18.3316.1739 [GMT -2:00] Executando de: C:\Users\andre.crins\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493} SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Sites possivelmente infectados ----- hxxp://ucb-wsus . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))) . 2010-11-10 12:33:02 . 2010-11-10 12:33:52 -------- d-----w- C:\Users\andre.crins\AppData\Local\temp 2010-11-10 12:33:02 . 2010-11-10 12:33:02 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp 2010-11-10 12:33:02 . 2010-11-10 12:33:02 -------- d-----w- C:\Users\Uniao Central\AppData\Local\temp 2010-11-10 12:33:02 . 2010-11-10 12:33:02 -------- d-----w- C:\Users\rogerio.sorvillo\AppData\Local\temp 2010-11-10 12:33:02 . 2010-11-10 12:33:02 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-11-10 12:33:02 . 2010-11-10 12:33:02 -------- d-----w- C:\Users\ANDRE~1~CRI\AppData\Local\temp 2010-11-10 12:33:02 . 2010-11-10 12:33:02 -------- d-----w- C:\Users\Administrador\AppData\Local\temp 2010-11-09 12:02:20 . 2010-11-09 12:02:20 -------- d-----w- C:\Users\andre.crins\AppData\Local\Electronic Arts 2010-11-09 11:21:41 . 2009-10-22 14:54:18 37392 ----a-w- C:\Windows\system32\drivers\81938722.sys 2010-11-09 11:21:41 . 2009-10-10 00:31:02 311312 ----a-w- C:\Windows\system32\drivers\8193872.sys 2010-11-09 11:21:41 . 2009-09-25 18:59:42 128016 ----a-w- C:\Windows\system32\drivers\81938721.sys 2010-11-08 21:56:49 . 2010-11-09 11:59:06 -------- d-----w- C:\ProgramData\Kaspersky Lab 2010-11-08 21:55:13 . 2009-10-22 14:54:18 37392 ----a-w- C:\Windows\system32\drivers\96159722.sys 2010-11-08 21:55:13 . 2009-10-10 00:31:02 311312 ----a-w- C:\Windows\system32\drivers\9615972.sys 2010-11-08 21:55:13 . 2009-09-25 18:59:42 128016 ----a-w- C:\Windows\system32\drivers\96159721.sys 2010-11-08 16:59:47 . 2010-11-08 16:59:47 -------- d-----w- C:\Users\andre.crins\AppData\Roaming\Malwarebytes 2010-11-08 16:59:17 . 2010-04-29 17:39:38 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-11-08 16:59:16 . 2010-11-08 16:59:16 -------- d-----w- C:\ProgramData\Malwarebytes 2010-11-08 16:59:15 . 2010-11-08 16:59:32 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2010-11-08 16:59:15 . 2010-04-29 17:39:26 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys 2010-11-08 14:38:56 . 2010-11-08 14:43:09 -------- d-----w- C:\HijackThis 2010-11-08 14:36:31 . 2010-11-08 14:36:31 -------- d-----w- C:\ProgramData\Panda Security 2010-11-08 14:36:26 . 2010-11-08 14:36:26 -------- d-----w- C:\Program Files\Panda USB Vaccine 2010-11-08 14:13:16 . 2010-11-08 14:13:16 -------- d--h--w- C:\Windows\System32issas 2010-11-05 14:28:33 . 2010-11-09 12:02:05 -------- d-----w- C:\ProgramData\Electronic Arts 2010-11-05 12:23:08 . 2010-11-05 12:23:08 -------- d-----w- C:\Program Files\Electronic Arts 2010-11-05 12:22:57 . 2010-11-05 12:22:57 -------- d-----w- C:\Users\andre.crins\AppData\Roaming\Leadertech 2010-10-28 18:44:22 . 2010-10-28 18:44:23 -------- d-----w- C:\Program Files\TweetDeck 2010-10-27 13:29:34 . 2010-10-27 13:29:34 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fe463d171cb75da03\DXSETUP.exe 2010-10-27 13:29:34 . 2010-10-27 13:29:34 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fe463d171cb75da03\dsetup32.dll 2010-10-27 13:29:34 . 2010-10-27 13:29:34 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fe8da5a31cb75da04\MeshBetaRemover.exe 2010-10-27 13:29:33 . 2010-10-27 13:29:34 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fe463d171cb75da03\DSETUP.dll 2010-10-27 13:29:32 . 2010-10-27 13:29:32 94040 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fd3481a91cb75da02\DSETUP.dll 2010-10-27 13:29:32 . 2010-10-27 13:29:32 525656 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fd3481a91cb75da02\DXSETUP.exe 2010-10-27 13:29:32 . 2010-10-27 13:29:32 1691480 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\fd3481a91cb75da02\dsetup32.dll 2010-10-19 16:39:37 . 2010-10-19 16:39:37 -------- d-----w- C:\Users\andre.crins\.dvdcss 2010-10-19 16:35:11 . 2010-10-19 16:50:49 -------- d-----w- C:\OutputFolder 2010-10-19 16:35:06 . 2010-10-19 16:35:07 -------- d-----w- C:\Program Files\Alldj_DVD_To_AVI 2010-10-19 15:38:59 . 2010-10-19 15:46:32 -------- d-----w- C:\Program Files\Common Files\Topaz Labs 2010-10-19 13:55:54 . 2010-10-19 13:55:54 -------- d-----w- C:\Program Files\Common Files\Common Share 2010-10-19 13:55:54 . 2008-12-18 15:38:32 719872 ----a-w- C:\Windows\system32\devil.dll 2010-10-19 13:55:54 . 2008-12-18 15:38:30 351744 ----a-w- C:\Windows\system32\avisynth.dll 2010-10-19 13:55:53 . 2010-10-19 13:55:53 -------- d-----w- C:\Program Files\OJOsoft 2010-10-19 13:27:25 . 2010-05-14 18:13:16 61440 ----a-w- C:\Windows\system32\nlssrv32.exe 2010-10-19 13:27:25 . 2010-05-14 18:13:16 227840 ----a-w- C:\Windows\system32\Deco_32.dll 2010-10-19 13:27:18 . 2010-05-14 18:13:16 57344 ----a-w- C:\Windows\system32\ASTSRV.EXE 2010-10-19 13:27:02 . 2010-10-19 13:27:03 -------- d-----w- C:\ProgramData\onOne Software 2010-10-19 13:27:01 . 2010-10-19 13:27:01 -------- d-----w- C:\Program Files\onOne Software 2010-10-18 18:34:29 . 2010-10-18 19:54:24 -------- d-----w- C:\Users\andre.crins\AppData\Roaming\SWiSH Max3 2010-10-18 18:05:13 . 2010-10-18 18:05:13 -------- d-----w- C:\Program Files\LameACM 2010-10-18 18:04:43 . 2010-10-18 18:04:43 -------- d-----w- C:\Program Files\Common Files\SWiSHzone.com 2010-10-18 18:04:42 . 2010-10-18 18:05:31 -------- d-----w- C:\Program Files\SWiSH Max3 2010-10-18 18:03:02 . 2010-10-18 18:03:02 -------- d-----w- C:\Users\andre.crins\AppData\Roaming\3DFA 2010-10-18 18:02:17 . 2010-10-18 20:19:45 -------- d-----w- C:\Program Files\3D Flash Animator 4.9.8.7 2010-10-18 17:41:44 . 2010-10-18 17:46:50 -------- d-----w- C:\Banners Internet Unasp Online 2010-10-18 17:29:50 . 2010-10-18 17:29:57 -------- d-----w- C:\Program Files\FileZilla FTP Client 2010-10-18 14:29:23 . 2007-03-23 07:05:38 29272 ----a-r- C:\Windows\system32\AdobePDF.dll 2010-10-18 14:28:29 . 2010-09-22 21:10:52 103864 ----a-w- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 19:16:21 . 2009-03-17 12:17:44 167936 ----a-w- C:\Windows\system32\drivers\wpshelper.sys 2010-09-23 02:47:28 . 2010-09-23 02:47:28 49016 ----a-w- C:\Windows\system32\sirenacm.dll 2010-09-23 02:32:56 . 2010-09-23 02:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-09-15 07:50:37 . 2010-04-19 17:29:47 472808 ----a-w- C:\Windows\system32\deployJava1.dll 2009-04-15 20:24:54 . 2009-04-15 20:24:54 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24:54 . 2009-04-15 20:24:54 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 02:28:04 1233920] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 02:47:30 4240760] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2009-11-09 12:56:29 323392] "Google Update"="C:\Users\andre.crins\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-03 19:45:46 135664] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-09-02 18:15:04 13351304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-06-12 20:09:14 408344] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-01 03:47:24 142104] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-01 03:47:06 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-01 03:46:48 138008] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2010-05-19 19:31:16 115560] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288] "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 06:44:40 500208] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 17:54:26 91520] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-19 01:16:10 421888] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-07-21 18:53:04 141608] "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 07:57:06 406992] "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 16:37:14 517096] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 21:48:33 479232] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 14:44:46 248552] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 18:02:34 1282048] "fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2010-09-23 02:21:26 884584] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 07:47:04 35760] "DameWare MRC Agent"="C:\Windows\system32\DWRCST.exe" [bU] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Gerenciamento do Cliente de Firewall da Microsoft.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 11:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 16:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^andre.crins^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Users\andre.crins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\Windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2010-09-23 16:36:04 624056 ----a-w- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-05-11 15:12:41 2356088 ----a-w- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 18:51:42 177440 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-01-15 19:14:54 147456 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-20 20:34:50 213936 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 18:53:04 141608 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40:44 155648 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17:50 180224 ----a-w- C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-19 01:16:10 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-08-01 18:02:34 1282048 ----a-w- C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3847540250-2843908209-1792236811-500] "EnableNotificationsRef"=dword:00000001 R2 gupdate1c9fa79b2c71ced;Google Update Service (gupdate1c9fa79b2c71ced);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-01 18:28:07 133104] R2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 14:33:40 136448] R3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 19:20:32 84832] R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-09-02 16:29:29 23888] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 13:25:22 30969208] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 23:37:50 4640000] R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 18:27:00 7408] R3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 16:37:14 517096] R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 17:06:32 16168] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 18:33:04 51040] S0 81938722;81938722 Boot Guard Driver;C:\Windows\system32\DRIVERS\81938722.sys [2009-10-22 14:54:18 37392] S0 96159722;96159722 Boot Guard Driver;C:\Windows\system32\DRIVERS\96159722.sys [2009-10-22 14:54:18 37392] S1 81938721;81938721;C:\Windows\system32\DRIVERS\81938721.sys [2009-09-25 18:59:42 128016] S1 96159721;96159721;C:\Windows\system32\DRIVERS\96159721.sys [2009-09-25 18:59:42 128016] S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\Windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 13:00:00 26624] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 18:26:58 9968] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 18:26:56 74480] S1 setup_9.0.0.722_08.11.2010_22-15drv;setup_9.0.0.722_08.11.2010_22-15drv;C:\Windows\system32\DRIVERS\8193872.sys [2009-10-10 00:31:02 311312] S2 FwcAgent;Agente do Cliente de Firewall;C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 22:08:10 128832] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 18:31:10 1153368] S2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2009-11-23 17:53:56 4497704] S2 UNS;Intel® Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-06-12 20:09:16 2521880] S2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2009-11-23 17:53:58 113448] S3 DwMirror;DwMirror;C:\Windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 13:00:00 3712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-26 13:22:02 102448] S3 WacomVTHid;Virtual Touch Driver;C:\Windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 11:16:24 13480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-11-10 C:\Windows\Tasks\User_Feed_Synchronization-{812DDBED-90F5-4795-B70B-F6D24EAF2FB2}.job - C:\Windows\system32\msfeedssync.exe [2010-08-12 12:56:26 . 2010-06-26 04:24:17] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 10.101.0.33:8080 uInternet Settings,ProxyOverride = <local> IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 LSP: C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe FF - ProfilePath - C:\Users\andre.crins\AppData\Roaming\Mozilla\Firefox\Profiles\jhsbauu2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=2&q= FF - prefs.js: network.proxy.ftp - ucb-isa FF - prefs.js: network.proxy.ftp_port - 9090 FF - prefs.js: network.proxy.gopher - ucb-isa FF - prefs.js: network.proxy.gopher_port - 9090 FF - prefs.js: network.proxy.http - ucb-isa FF - prefs.js: network.proxy.http_port - 9090 FF - prefs.js: network.proxy.socks - ucb-isa FF - prefs.js: network.proxy.socks_port - 9090 FF - prefs.js: network.proxy.ssl - ucb-isa FF - prefs.js: network.proxy.ssl_port - 9090 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Users\andre.crins\AppData\Roaming\Mozilla\Firefox\Profiles\jhsbauu2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npContribute.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\nptidfusionplugin.dll FF - plugin: C:\Program Files\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files\Total Immersion\DFusionWeb\nptidfusionplugin.dll FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\andre.crins\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Users\andre.crins\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\andre.crins\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 10, 2010 *Abra o bloco de notas e cole nele o código abaixo: FileLook::C:\Windows\system32\issas.exe *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 10, 2010 *Abra o bloco de notas e cole nele o código abaixo: FileLook::C:\Windows\system32\issas.exe *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório C:\combofix.txt ComboFix 10-11-09.01 - andre.crins 10/11/2010 11:20:51.3.4 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.55.1046.18.3316.1916 [GMT -2:00] Executando de: c:\users\andre.crins\Desktop\ComboFix.exe Comandos utilizados :: c:\users\andre.crins\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493} SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Execuções precedente ------- . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))) . 2010-11-10 13:31 . 2010-11-10 13:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-11-10 13:31 . 2010-11-10 13:31 -------- d-----w- c:\users\Uniao Central\AppData\Local\temp 2010-11-10 13:31 . 2010-11-10 13:31 -------- d-----w- c:\users\rogerio.sorvillo\AppData\Local\temp 2010-11-10 13:31 . 2010-11-10 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-10 13:31 . 2010-11-10 13:31 -------- d-----w- c:\users\ANDRE~1~CRI\AppData\Local\temp 2010-11-10 13:31 . 2010-11-10 13:31 -------- d-----w- c:\users\Administrador\AppData\Local\temp 2010-11-10 12:33 . 2010-11-10 13:32 -------- d-----w- c:\users\andre.crins\AppData\Local\temp 2010-11-09 12:02 . 2010-11-09 12:02 -------- d-----w- c:\users\andre.crins\AppData\Local\Electronic Arts 2010-11-09 11:21 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\81938722.sys 2010-11-09 11:21 . 2009-10-10 00:31 311312 ----a-w- c:\windows\system32\drivers\8193872.sys 2010-11-09 11:21 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\81938721.sys 2010-11-08 21:56 . 2010-11-09 11:59 -------- d-----w- c:\programdata\Kaspersky Lab 2010-11-08 21:55 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\96159722.sys 2010-11-08 21:55 . 2009-10-10 00:31 311312 ----a-w- c:\windows\system32\drivers\9615972.sys 2010-11-08 21:55 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\96159721.sys 2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\users\andre.crins\AppData\Roaming\Malwarebytes 2010-11-08 16:59 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\programdata\Malwarebytes 2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-08 16:59 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-08 14:38 . 2010-11-08 14:43 -------- d-----w- C:\HijackThis 2010-11-08 14:36 . 2010-11-08 14:36 -------- d-----w- c:\programdata\Panda Security 2010-11-08 14:36 . 2010-11-08 14:36 -------- d-----w- c:\program files\Panda USB Vaccine 2010-11-08 14:13 . 2010-11-08 14:13 -------- d--h--w- c:\windows\System32issas 2010-11-05 14:28 . 2010-11-09 12:02 -------- d-----w- c:\programdata\Electronic Arts 2010-11-05 12:23 . 2010-11-05 12:23 -------- d-----w- c:\program files\Electronic Arts 2010-11-05 12:22 . 2010-11-05 12:22 -------- d-----w- c:\users\andre.crins\AppData\Roaming\Leadertech 2010-10-28 18:44 . 2010-10-28 18:44 -------- d-----w- c:\program files\TweetDeck 2010-10-27 13:29 . 2010-10-27 13:29 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe463d171cb75da03\DXSETUP.exe 2010-10-27 13:29 . 2010-10-27 13:29 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe463d171cb75da03\dsetup32.dll 2010-10-27 13:29 . 2010-10-27 13:29 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe8da5a31cb75da04\MeshBetaRemover.exe 2010-10-27 13:29 . 2010-10-27 13:29 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe463d171cb75da03\DSETUP.dll 2010-10-27 13:29 . 2010-10-27 13:29 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fd3481a91cb75da02\DSETUP.dll 2010-10-27 13:29 . 2010-10-27 13:29 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fd3481a91cb75da02\DXSETUP.exe 2010-10-27 13:29 . 2010-10-27 13:29 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fd3481a91cb75da02\dsetup32.dll 2010-10-19 16:39 . 2010-10-19 16:39 -------- d-----w- c:\users\andre.crins\.dvdcss 2010-10-19 16:35 . 2010-10-19 16:50 -------- d-----w- C:\OutputFolder 2010-10-19 16:35 . 2010-10-19 16:35 -------- d-----w- c:\program files\Alldj_DVD_To_AVI 2010-10-19 15:38 . 2010-10-19 15:46 -------- d-----w- c:\program files\Common Files\Topaz Labs 2010-10-19 13:55 . 2010-10-19 13:55 -------- d-----w- c:\program files\Common Files\Common Share 2010-10-19 13:55 . 2008-12-18 15:38 719872 ----a-w- c:\windows\system32\devil.dll 2010-10-19 13:55 . 2008-12-18 15:38 351744 ----a-w- c:\windows\system32\avisynth.dll 2010-10-19 13:55 . 2010-10-19 13:55 -------- d-----w- c:\program files\OJOsoft 2010-10-19 13:27 . 2010-05-14 18:13 61440 ----a-w- c:\windows\system32\nlssrv32.exe 2010-10-19 13:27 . 2010-05-14 18:13 227840 ----a-w- c:\windows\system32\Deco_32.dll 2010-10-19 13:27 . 2010-05-14 18:13 57344 ----a-w- c:\windows\system32\ASTSRV.EXE 2010-10-19 13:27 . 2010-10-19 13:27 -------- d-----w- c:\programdata\onOne Software 2010-10-19 13:27 . 2010-10-19 13:27 -------- d-----w- c:\program files\onOne Software 2010-10-18 18:34 . 2010-10-18 19:54 -------- d-----w- c:\users\andre.crins\AppData\Roaming\SWiSH Max3 2010-10-18 18:05 . 2010-10-18 18:05 -------- d-----w- c:\program files\LameACM 2010-10-18 18:04 . 2010-10-18 18:04 -------- d-----w- c:\program files\Common Files\SWiSHzone.com 2010-10-18 18:04 . 2010-10-18 18:05 -------- d-----w- c:\program files\SWiSH Max3 2010-10-18 18:03 . 2010-10-18 18:03 -------- d-----w- c:\users\andre.crins\AppData\Roaming\3DFA 2010-10-18 18:02 . 2010-10-18 20:19 -------- d-----w- c:\program files\3D Flash Animator 4.9.8.7 2010-10-18 17:41 . 2010-10-18 17:46 -------- d-----w- C:\Banners Internet Unasp Online 2010-10-18 17:29 . 2010-10-18 17:29 -------- d-----w- c:\program files\FileZilla FTP Client 2010-10-18 14:29 . 2007-03-23 07:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll 2010-10-18 14:28 . 2010-09-22 21:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 19:16 . 2009-03-17 12:17 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2010-09-23 02:47 . 2010-09-23 02:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-23 02:32 . 2010-09-23 02:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-15 07:50 . 2010-04-19 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-09 323392] "Google Update"="c:\users\andre.crins\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-03 135664] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-01 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-01 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-01 138008] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-19 115560] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1282048] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [bU] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Gerenciamento do Cliente de Firewall da Microsoft.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 16:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^andre.crins^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\andre.crins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2010-09-23 16:36 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-05-11 15:12 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 18:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-01-15 19:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-20 20:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 18:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-19 01:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-08-01 18:02 1282048 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3847540250-2843908209-1792236811-500] "EnableNotificationsRef"=dword:00000001 R2 gupdate1c9fa79b2c71ced;Google Update Service (gupdate1c9fa79b2c71ced);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 133104] R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2007-12-12 136448] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-09-02 23888] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 81938722;81938722 Boot Guard Driver;c:\windows\system32\DRIVERS\81938722.sys [2009-10-22 37392] S0 96159722;96159722 Boot Guard Driver;c:\windows\system32\DRIVERS\96159722.sys [2009-10-22 37392] S1 81938721;81938721;c:\windows\system32\DRIVERS\81938721.sys [2009-09-25 128016] S1 96159721;96159721;c:\windows\system32\DRIVERS\96159721.sys [2009-09-25 128016] S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480] S1 setup_9.0.0.722_08.11.2010_22-15drv;setup_9.0.0.722_08.11.2010_22-15drv;c:\windows\system32\DRIVERS\8193872.sys [2009-10-10 311312] S2 FwcAgent;Agente do Cliente de Firewall;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-06-12 2521880] S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448] S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-26 102448] S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{812DDBED-90F5-4795-B70B-F6D24EAF2FB2}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 10.101.0.33:8080 uInternet Settings,ProxyOverride = <local> IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe FF - ProfilePath - c:\users\andre.crins\AppData\Roaming\Mozilla\Firefox\Profiles\jhsbauu2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=2&q= FF - prefs.js: network.proxy.ftp - ucb-isa FF - prefs.js: network.proxy.ftp_port - 9090 FF - prefs.js: network.proxy.gopher - ucb-isa FF - prefs.js: network.proxy.gopher_port - 9090 FF - prefs.js: network.proxy.http - ucb-isa FF - prefs.js: network.proxy.http_port - 9090 FF - prefs.js: network.proxy.socks - ucb-isa FF - prefs.js: network.proxy.socks_port - 9090 FF - prefs.js: network.proxy.ssl - ucb-isa FF - prefs.js: network.proxy.ssl_port - 9090 FF - prefs.js: network.proxy.type - 0 FF - component: c:\users\andre.crins\AppData\Roaming\Mozilla\Firefox\Profiles\jhsbauu2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll FF - plugin: c:\program files\TabletPlugins\npwacom.dll FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\andre.crins\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\andre.crins\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\andre.crins\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-10 11:32 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(760) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll - - - - - - - > 'Explorer.exe'(4116) c:\progra~1\MICROS~1\Office14\GROOVEEX.DLL c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll . Tempo para conclusão: 2010-11-10 11:35:17 ComboFix-quarantined-files.txt 2010-11-10 13:35 ComboFix2.txt 2010-11-09 22:33 Pré-execução: 69.282.410.496 bytes disponíveis Pós execução: 69.341.925.376 bytes disponíveis - - End Of File - - CE8B08299F2A297F8719C056B0A43A6E Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 10, 2010 *Abra o bloco de notas e cole nele o código abaixo: Dirlook::c:\windows\System32issas *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 10, 2010 *Abra o bloco de notas e cole nele o código abaixo: Dirlook::c:\windows\System32issas *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório C:\combofix.txt MEU SYMANTEC foi desativado, é normal isso?????!!! ComboFix 10-11-09.02 - andre.crins 10/11/2010 11:58:45.4.4 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.55.1046.18.3316.1848 [GMT -2:00] Executando de: c:\users\andre.crins\Desktop\ComboFix.exe Comandos utilizados :: c:\users\andre.crins\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493} SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))) . 2010-11-10 14:07 . 2010-11-10 14:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-11-10 14:07 . 2010-11-10 14:07 -------- d-----w- c:\users\Uniao Central\AppData\Local\temp 2010-11-10 14:07 . 2010-11-10 14:07 -------- d-----w- c:\users\rogerio.sorvillo\AppData\Local\temp 2010-11-10 14:07 . 2010-11-10 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-10 14:07 . 2010-11-10 14:07 -------- d-----w- c:\users\ANDRE~1~CRI\AppData\Local\temp 2010-11-10 14:07 . 2010-11-10 14:07 -------- d-----w- c:\users\Administrador\AppData\Local\temp 2010-11-10 12:33 . 2010-11-10 14:07 -------- d-----w- c:\users\andre.crins\AppData\Local\temp 2010-11-09 12:02 . 2010-11-09 12:02 -------- d-----w- c:\users\andre.crins\AppData\Local\Electronic Arts 2010-11-09 11:21 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\81938722.sys 2010-11-09 11:21 . 2009-10-10 00:31 311312 ----a-w- c:\windows\system32\drivers\8193872.sys 2010-11-09 11:21 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\81938721.sys 2010-11-08 21:56 . 2010-11-09 11:59 -------- d-----w- c:\programdata\Kaspersky Lab 2010-11-08 21:55 . 2009-10-22 14:54 37392 ----a-w- c:\windows\system32\drivers\96159722.sys 2010-11-08 21:55 . 2009-10-10 00:31 311312 ----a-w- c:\windows\system32\drivers\9615972.sys 2010-11-08 21:55 . 2009-09-25 18:59 128016 ----a-w- c:\windows\system32\drivers\96159721.sys 2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\users\andre.crins\AppData\Roaming\Malwarebytes 2010-11-08 16:59 . 2010-04-29 17:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\programdata\Malwarebytes 2010-11-08 16:59 . 2010-11-08 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-08 16:59 . 2010-04-29 17:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-08 14:38 . 2010-11-08 14:43 -------- d-----w- C:\HijackThis 2010-11-08 14:36 . 2010-11-08 14:36 -------- d-----w- c:\programdata\Panda Security 2010-11-08 14:36 . 2010-11-08 14:36 -------- d-----w- c:\program files\Panda USB Vaccine 2010-11-08 14:13 . 2010-11-08 14:13 -------- d--h--w- c:\windows\System32issas 2010-11-05 14:28 . 2010-11-09 12:02 -------- d-----w- c:\programdata\Electronic Arts 2010-11-05 12:23 . 2010-11-05 12:23 -------- d-----w- c:\program files\Electronic Arts 2010-11-05 12:22 . 2010-11-05 12:22 -------- d-----w- c:\users\andre.crins\AppData\Roaming\Leadertech 2010-10-28 18:44 . 2010-10-28 18:44 -------- d-----w- c:\program files\TweetDeck 2010-10-27 13:29 . 2010-10-27 13:29 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe463d171cb75da03\DXSETUP.exe 2010-10-27 13:29 . 2010-10-27 13:29 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe463d171cb75da03\dsetup32.dll 2010-10-27 13:29 . 2010-10-27 13:29 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe8da5a31cb75da04\MeshBetaRemover.exe 2010-10-27 13:29 . 2010-10-27 13:29 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fe463d171cb75da03\DSETUP.dll 2010-10-27 13:29 . 2010-10-27 13:29 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fd3481a91cb75da02\DSETUP.dll 2010-10-27 13:29 . 2010-10-27 13:29 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fd3481a91cb75da02\DXSETUP.exe 2010-10-27 13:29 . 2010-10-27 13:29 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fd3481a91cb75da02\dsetup32.dll 2010-10-19 16:39 . 2010-10-19 16:39 -------- d-----w- c:\users\andre.crins\.dvdcss 2010-10-19 16:35 . 2010-10-19 16:50 -------- d-----w- C:\OutputFolder 2010-10-19 16:35 . 2010-10-19 16:35 -------- d-----w- c:\program files\Alldj_DVD_To_AVI 2010-10-19 15:38 . 2010-10-19 15:46 -------- d-----w- c:\program files\Common Files\Topaz Labs 2010-10-19 13:55 . 2010-10-19 13:55 -------- d-----w- c:\program files\Common Files\Common Share 2010-10-19 13:55 . 2008-12-18 15:38 719872 ----a-w- c:\windows\system32\devil.dll 2010-10-19 13:55 . 2008-12-18 15:38 351744 ----a-w- c:\windows\system32\avisynth.dll 2010-10-19 13:55 . 2010-10-19 13:55 -------- d-----w- c:\program files\OJOsoft 2010-10-19 13:27 . 2010-05-14 18:13 61440 ----a-w- c:\windows\system32\nlssrv32.exe 2010-10-19 13:27 . 2010-05-14 18:13 227840 ----a-w- c:\windows\system32\Deco_32.dll 2010-10-19 13:27 . 2010-05-14 18:13 57344 ----a-w- c:\windows\system32\ASTSRV.EXE 2010-10-19 13:27 . 2010-10-19 13:27 -------- d-----w- c:\programdata\onOne Software 2010-10-19 13:27 . 2010-10-19 13:27 -------- d-----w- c:\program files\onOne Software 2010-10-18 18:34 . 2010-10-18 19:54 -------- d-----w- c:\users\andre.crins\AppData\Roaming\SWiSH Max3 2010-10-18 18:05 . 2010-10-18 18:05 -------- d-----w- c:\program files\LameACM 2010-10-18 18:04 . 2010-10-18 18:04 -------- d-----w- c:\program files\Common Files\SWiSHzone.com 2010-10-18 18:04 . 2010-10-18 18:05 -------- d-----w- c:\program files\SWiSH Max3 2010-10-18 18:03 . 2010-10-18 18:03 -------- d-----w- c:\users\andre.crins\AppData\Roaming\3DFA 2010-10-18 18:02 . 2010-10-18 20:19 -------- d-----w- c:\program files\3D Flash Animator 4.9.8.7 2010-10-18 17:41 . 2010-10-18 17:46 -------- d-----w- C:\Banners Internet Unasp Online 2010-10-18 17:29 . 2010-10-18 17:29 -------- d-----w- c:\program files\FileZilla FTP Client 2010-10-18 14:29 . 2007-03-23 07:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll 2010-10-18 14:28 . 2010-09-22 21:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 19:16 . 2009-03-17 12:17 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys 2010-09-23 02:47 . 2010-09-23 02:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-23 02:32 . 2010-09-23 02:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-15 07:50 . 2010-04-19 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\System32issas ---- (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-09 323392] "Google Update"="c:\users\andre.crins\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-03 135664] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-01 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-01 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-01 138008] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-19 115560] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1282048] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [bU] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Gerenciamento do Cliente de Firewall da Microsoft.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 16:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^andre.crins^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\andre.crins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2010-09-23 16:36 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-05-11 15:12 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 18:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-01-15 19:14 147456 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-20 20:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 18:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-19 01:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-08-01 18:02 1282048 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3847540250-2843908209-1792236811-500] "EnableNotificationsRef"=dword:00000001 R2 gupdate1c9fa79b2c71ced;Google Update Service (gupdate1c9fa79b2c71ced);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 133104] R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2007-12-12 136448] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-09-02 23888] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 81938722;81938722 Boot Guard Driver;c:\windows\system32\DRIVERS\81938722.sys [2009-10-22 37392] S0 96159722;96159722 Boot Guard Driver;c:\windows\system32\DRIVERS\96159722.sys [2009-10-22 37392] S1 81938721;81938721;c:\windows\system32\DRIVERS\81938721.sys [2009-09-25 128016] S1 96159721;96159721;c:\windows\system32\DRIVERS\96159721.sys [2009-09-25 128016] S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480] S1 setup_9.0.0.722_08.11.2010_22-15drv;setup_9.0.0.722_08.11.2010_22-15drv;c:\windows\system32\DRIVERS\8193872.sys [2009-10-10 311312] S2 FwcAgent;Agente do Cliente de Firewall;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-06-12 2521880] S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448] S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-26 102448] S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{812DDBED-90F5-4795-B70B-F6D24EAF2FB2}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 10.101.0.33:8080 uInternet Settings,ProxyOverride = <local> IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://www.weareautobots.com/ww/plugin/DFusionWeb.Installer.exe FF - ProfilePath - c:\users\andre.crins\AppData\Roaming\Mozilla\Firefox\Profiles\jhsbauu2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=2&q= FF - prefs.js: network.proxy.ftp - ucb-isa FF - prefs.js: network.proxy.ftp_port - 9090 FF - prefs.js: network.proxy.gopher - ucb-isa FF - prefs.js: network.proxy.gopher_port - 9090 FF - prefs.js: network.proxy.http - ucb-isa FF - prefs.js: network.proxy.http_port - 9090 FF - prefs.js: network.proxy.socks - ucb-isa FF - prefs.js: network.proxy.socks_port - 9090 FF - prefs.js: network.proxy.ssl - ucb-isa FF - prefs.js: network.proxy.ssl_port - 9090 FF - prefs.js: network.proxy.type - 0 FF - component: c:\users\andre.crins\AppData\Roaming\Mozilla\Firefox\Profiles\jhsbauu2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll FF - plugin: c:\program files\TabletPlugins\npwacom.dll FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\andre.crins\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\andre.crins\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\andre.crins\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-10 12:07 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(760) c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll - - - - - - - > 'Explorer.exe'(4816) c:\progra~1\MICROS~1\Office14\GROOVEEX.DLL c:\program files\Scpad\scpLIB.dll c:\program files\Scpad\scpMIB.dll c:\program files\Scpad\sshib.dll . Tempo para conclusão: 2010-11-10 12:10:24 ComboFix-quarantined-files.txt 2010-11-10 14:10 ComboFix2.txt 2010-11-10 13:35 ComboFix3.txt 2010-11-09 22:33 Pré-execução: 69.371.371.520 bytes disponíveis Pós execução: 69.339.418.624 bytes disponíveis - - End Of File - - EC0CC107767D022927CAE6B59A3567B8 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 10, 2010 OK...o PC está limpo. 1. *Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall *Clique [OK] > [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. *Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start *Clique em [Exit] > [Yes] > [sim] > [sim] *O PC será reiniciado *Delete os arquivos setup do Kaspersky e log.txt salvos no desktop Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 10, 2010 OK...o PC está limpo. 1. *Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall *Clique [OK] > [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. *Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start *Clique em [Exit] > [Yes] > [sim] > [sim] *O PC será reiniciado *Delete os arquivos setup do Kaspersky e log.txt salvos no desktop Um abraço. ok, obrigado mas meu symantec continua desativado e todas as pastas do c: não aparece o ícone, apenas o nome das pastas.. e toda vez que reinicio o pc aparece uma tela do MSDOS escrito.. "Não é possivel encontrar o arquivo em lote..." aguardo uma resposta. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 10, 2010 *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
logan_pa 0 Denunciar post Postado Novembro 10, 2010 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=7fc77431335a184aa39c89d6905016eb # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-11-10 05:20:59 # local_time=2010-11-10 03:20:59 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776638 100 100 4072346 126007757 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=309672 # found=2 # cleaned=2 # scan_time=9403 C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\andre.crins\Downloads\adrmpro2.exe probably a variant of Win32/Adware.Agent.NGFHRJG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 10, 2010 OK... Caso o problema persista, é possível que seu Windows esteja corrompido. Faça uma reparação nele. Não é reinstalar!! *Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Crie um tópico na sala Microsoft Windows Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 2, 2010 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
